SecWiki周刊(第167期)
2017/05/08-2017/05/14
安全资讯
[设备安全]  思科修复 CIA 零日漏洞:曾允许黑客远程执行恶意代码 | HackerNews
http://hackernews.cc/archives/9879
[其它]  【安全预警】惠普笔记本音频驱动竟内置键盘记录器后门!
http://m.bobao.360.cn/news/appdetail/4159.html
[新闻]  安天紧急应对新型“蠕虫”式勒索软件“wannacry”全球爆发
https://mp.weixin.qq.com/s?__biz=MjM5MTA3Nzk4MQ==&mid=2650170534&idx=1&sn=dedc3ff25c3594b49bc4e6c53c9fd123&scene=0#wechat_redirect
[新闻]  Macron 竞选团队利用蜜罐账号欺骗俄罗斯黑客
http://www.solidot.org/story?sid=52365
[新闻]  2017 CCF—绿盟“鲲鹏”科研基金项目正式启动
http://www.ccf.org.cn/c/2017-05-10/593700.shtml
安全技术
[Web安全]  Web安全资料和资源列表
https://github.com/qazbnm456/awesome-web-security#introductions-xss
[Web安全]  MS17-010漏洞的蠕虫勒索病毒样本
http://hack-0.lofter.com/post/1e5974f4_fa1d602#
[Web安全]  Breaking XSS mitigations via Script Gadgets
http://sebastian-lekies.de/slides/appsec2017.pdf
[Web安全]  网易52G邮箱帐号数据泄露追踪与还原
https://bbs.ichunqiu.com/thread-22557-1-1.html?from=9
[恶意分析]  内网大杀器!Metasploit移植MS17-010漏洞代码模块利用
http://www.4hou.com/technology/4577.html
[漏洞分析]  WannaCry蠕虫详细分析
http://www.freebuf.com/articles/system/134578.html
[Web安全]  搭建本地乌云漏洞库
https://zhuanlan.zhihu.com/p/26759783
[Web安全]  从404到默认页面,通过.cshtml拿到webshel​​l
http://www.4hou.com/technology/4678.html
[Web安全]   针对勒索病毒的简单防御,关闭危险端口及进暗网
http://hack-0.lofter.com/post/1e5974f4_fa11459#
[Web安全]  Redhat2017_ctf_WEB部分writeup
https://www.ohlinge.cn/ctf/redhat2017.html
[恶意分析]  WannaCry部分信息汇总
https://gist.github.com/pcostesi/87a04a3bbbdbc4aeb8b787f45eb21197
[数据挖掘]  【干货】Kaggle 数据挖掘比赛经验分享
https://mp.weixin.qq.com/s/BE1mfmKJTsDSwWi16mllNA
[Web安全]  漫谈同源策略攻防
https://eth.space/same-origin-policy-101/
[数据挖掘]  中国网络安全技术对抗赛「钓鱼与黑页」检测代码
https://github.com/LoRexxar/check_py
[漏洞分析]  Pwn2Own 2017 再现上帝之手
http://weibo.com/ttarticle/p/show?id=2309404105928097034074
[恶意分析]  MalSploitBase: 恶意样本的利用方式汇总,取证分析好帮手
https://www.pwnmalw.re/
[运维安全]  MS17-010: MS17-010 Windows SMB RCE -- exploits, payloads, and scanners
https://github.com/RiskSense-Ops/MS17-010
[漏洞分析]  DEF CON 2017 quals faggin writeup
http://ww9210.cn/2017/05/08/def-con-ctf-2017-quals-faggin-write-up/
[Web安全]  exploiting-the-unexploitable-with-lesser-known-browser-tricks
https://speakerdeck.com/filedescriptor/exploiting-the-unexploitable-with-lesser-known-browser-tricks
[移动安全]  [原创]乐固加固(17年1月)逆向分析
http://bbs.pediy.com/thread-217556.htm
[漏洞分析]  OpenXMolar: An MS OpenXML Format Fuzzing Framework
https://github.com/debasishm89/OpenXMolar
[恶意分析]  The worm that spreads WanaCrypt0r 勒索软件逆向分析
https://blog.malwarebytes.com/threat-analysis/2017/05/the-worm-that-spreads-wanacrypt0r/
[漏洞分析]  SSCTF pwn450 Windows Kernel Exploitation Writeup
http://whereisk0shl.top/ssctf_pwn450_windows_kernel_exploitation_writeup.html
[运维安全]  【报告解读】如何使用威胁情报量化风险(Recored Future安全白皮书)
https://mp.weixin.qq.com/s?__biz=MzIxMzQ3MzkwMQ==&mid=2247488632&idx=1&sn=afb06d278e32fc215e97a815e58cacdb&scene=0#wechat_redirect
[比赛]  广东省红帽杯网络安全攻防大赛 CTF - Write Up
https://imlonghao.com/48.html
[恶意分析]  RootKits-List-Download: list of all rootkit found on github and othersite
https://github.com/d30sa1/RootKits-List-Download
[移动安全]  0ctf 2015 simple apk 深入分析:partA-learn-smali
http://www.ikey4u.com/blog/0ctf-2015-simpleapk/partA-learn-smali/
[运维安全]  windows关闭445端口
http://thief.one/2017/05/13/2/
[Web安全]  Xsl Exec Webshell (aspx)
https://evi1cg.me/archives/XSL_Exec_Webshell.html
[运维安全]  方程式0day ETERNALBLUE复现之Empire & Msfconsole下的shell获取
http://www.freebuf.com/articles/system/133853.html
[运维安全]  Snorter: Snort + Barnyard2 + Pulledpork → The easy way!
https://github.com/joanbono/Snorter
[新闻]  【国际资讯】新型物联网僵尸网络Persirai现身
http://bobao.360.cn/news/detail/4154.html
[设备安全]  国内物联网资产的暴露情况分析
http://blog.nsfocus.net/exposure-analysis-domestic-internet/
[漏洞分析]  Bypassing OTR Signature Verification to Steal iCloud Keychain Secrets
https://medium.com/@longtermsec/bypassing-otr-signature-verification-to-steal-icloud-keychain-secrets-9e92ab55b605
[论文]  系统顶会之一Usenix ATC 2017录用文章列表
https://www.usenix.org/conference/atc17/technical-sessions
[Web安全]  浅谈DDos攻击与防御
http://thief.one/2017/05/10/1/
[Web安全]  【技术分享】XXE漏洞攻防之我见
http://bobao.360.cn/learning/detail/3841.html
[运维安全]  Active Directory域渗透之白银票证后门
http://www.4hou.com/technology/4622.html
[取证分析]  NSA泄密事件之SMB系列远程命令执行漏洞及Doublepulsar后门全球数据分析
https://mp.weixin.qq.com/s?__biz=MjM5NzA3Nzg2MA==&mid=2649838966&idx=1&sn=4e930ef8637c38c33b0da9a2d0b1b706&scene=0#wechat_redirect
[设备安全]  icstools: ics security tools 工控技术安全资料
https://github.com/tanjiti/icstools
[工具]  Hacking Tools搜罗大集合
http://www.freebuf.com/sectool/133949.html
[编程技术]  关于反爬虫,看这一篇就够了
http://geek.csdn.net/news/detail/85333
[其它]  [翻译]安全意识培训如何保护小企业
http://bbs.pediy.com/thread-217440.htm
[移动安全]  如何在iOS应用程序中用Frida来绕过“越狱检测”?
http://www.freebuf.com/articles/terminal/134111.html
[设备安全]  如何编写高质量的Windows Shellcode
http://www.freebuf.com/articles/system/133990.html
[取证分析]  威胁情报怎么用
http://www.jianshu.com/p/854d49c8378b
[Web安全]  YSRC挖洞纪实-洞是靠"细心"挖的
https://bbs.ichunqiu.com/thread-22698-1-1.html?from=14
[恶意分析]  Hajime样本技术分析报告
http://blog.nsfocus.net/hajime-sample-technical-analysis-report/
[设备安全]  一步一步学ROP
https://github.com/zhengmin1989/ROP_STEP_BY_STEP
[设备安全]  解读国内物联网资产的暴露情况分析
http://blog.nsfocus.net/interpreting-exposure-domestic-internet/
[工具]  OWASP开源工具antisamy的使用详解
http://www.freebuf.com/sectool/134015.html
[编程技术]  利用Mongo数据库的oplog机制实现准实时数据操作监控
http://phantom0301.cc/2017/05/08/MongoOplog/
[其它]  MsMpEng: Remotely Exploitable Type Confusion in Windows 8, 8.1, 10, Windows Serv
https://bugs.chromium.org/p/project-zero/issues/detail?id=1252&desc=5
[设备安全]  创建Powershell持久隐蔽后门
http://www.freebuf.com/articles/system/133640.html
[数据挖掘]  Email Spam Filtering: An Implementation with Python and Scikit-learn
http://www.kdnuggets.com/2017/03/email-spam-filtering-an-implementation-with-python-and-scikit-learn.html
[恶意分析]  Amnesia:首个检测沙箱的物联网僵尸网络
http://paper.seebug.org/302/#0-tsina-1-13218-397232819ff9a47a7b7e80a40613cfe1
[工具]  Powershell scripts useful for Windows enterprise administration
https://github.com/a118n/poweradmin
[数据挖掘]  利用朴素贝叶斯算法进行文档分类
http://www.jianshu.com/p/364887de2039
[Web安全]  详解全站 HTTPS 访问优化
http://www.4hou.com/info/news/4714.html
[运维安全]  浅析UEBA
http://www.jianshu.com/p/a8b5e1c31f59
[漏洞分析]  linux-kernel-exploitation: Linux kernel fuzzing and exploitation
https://github.com/xairy/linux-kernel-exploitation
[Web安全]  SOP bypass / UXSS – Stealing Credentials Pretty Fast (Edge)
https://www.brokenbrowser.com/sop-bypass-uxss-stealing-credentials-pretty-fast/
[工具]  deceptiveidn(Internationalized Domain Names )
https://github.com/trailofbits/deceptiveidn
[文档]  SecWiki周刊(第166期)
https://www.sec-wiki.com/weekly/166
[移动安全]  Android应用程序漏洞防护措施打开的正确方式!
http://yaq.qq.com/blog/22
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第167期)