SecWiki周刊（第167期)

SecWiki周刊（第167期）

2017/05/08-2017/05/14

安全资讯

[设备安全] 思科修复 CIA 零日漏洞：曾允许黑客远程执行恶意代码 | HackerNews
http://hackernews.cc/archives/9879

[其它] 【安全预警】惠普笔记本音频驱动竟内置键盘记录器后门！
http://m.bobao.360.cn/news/appdetail/4159.html

[新闻] 安天紧急应对新型“蠕虫”式勒索软件“wannacry”全球爆发
https://mp.weixin.qq.com/s?__biz=MjM5MTA3Nzk4MQ==&mid=2650170534&idx=1&sn=dedc3ff25c3594b49bc4e6c53c9fd123&scene=0#wechat_redirect

[新闻] Macron 竞选团队利用蜜罐账号欺骗俄罗斯黑客
http://www.solidot.org/story?sid=52365

[新闻] 2017 CCF—绿盟“鲲鹏”科研基金项目正式启动
http://www.ccf.org.cn/c/2017-05-10/593700.shtml

安全技术

[Web安全] Web安全资料和资源列表
https://github.com/qazbnm456/awesome-web-security#introductions-xss

[Web安全] MS17-010漏洞的蠕虫勒索病毒样本
http://hack-0.lofter.com/post/1e5974f4_fa1d602#

[Web安全] Breaking XSS mitigations via Script Gadgets
http://sebastian-lekies.de/slides/appsec2017.pdf

[设备安全] CVE-2017-0290
https://technet.microsoft.com/en-us/library/security/4022344

[Web安全] 网易52G邮箱帐号数据泄露追踪与还原
https://bbs.ichunqiu.com/thread-22557-1-1.html?from=9

[恶意分析] 内网大杀器！Metasploit移植MS17-010漏洞代码模块利用
http://www.4hou.com/technology/4577.html

[Web安全] 搭建本地乌云漏洞库
https://zhuanlan.zhihu.com/p/26759783

[漏洞分析] WannaCry蠕虫详细分析
http://www.freebuf.com/articles/system/134578.html

[Web安全] 从404到默认页面，通过.cshtml拿到webshell
http://www.4hou.com/technology/4678.html

[Web安全] 针对勒索病毒的简单防御，关闭危险端口及进暗网
http://hack-0.lofter.com/post/1e5974f4_fa11459#

[Web安全] Redhat2017_ctf_WEB部分writeup
https://www.ohlinge.cn/ctf/redhat2017.html

[恶意分析] WannaCry部分信息汇总
https://gist.github.com/pcostesi/87a04a3bbbdbc4aeb8b787f45eb21197

[数据挖掘] 【干货】Kaggle 数据挖掘比赛经验分享
https://mp.weixin.qq.com/s/BE1mfmKJTsDSwWi16mllNA

[Web安全] 漫谈同源策略攻防
https://eth.space/same-origin-policy-101/

[漏洞分析] Pwn2Own 2017 再现上帝之手
http://weibo.com/ttarticle/p/show?id=2309404105928097034074

[编程技术] 爬虫技能树-总览图
https://github.com/SecWiki/sec-chart/blob/master/%E5%AE%89%E5%85%A8%E5%BC%80%E5%8F%91/%E7%88%AC%E8%99%AB%E6%8A%80%E8%83%BD%E6%A0%9

[恶意分析] MalSploitBase: 恶意样本的利用方式汇总，取证分析好帮手
https://www.pwnmalw.re/

[数据挖掘] 中国网络安全技术对抗赛「钓鱼与黑页」检测代码
https://github.com/LoRexxar/check_py

[漏洞分析] DEF CON 2017 quals faggin writeup
http://ww9210.cn/2017/05/08/def-con-ctf-2017-quals-faggin-write-up/

[运维安全] MS17-010: MS17-010 Windows SMB RCE -- exploits, payloads, and scanners
https://github.com/RiskSense-Ops/MS17-010

[移动安全] 0ctf 2015 simple apk 深入分析:partA-learn-smali
http://www.ikey4u.com/blog/0ctf-2015-simpleapk/partA-learn-smali/

[Web安全] exploiting-the-unexploitable-with-lesser-known-browser-tricks
https://speakerdeck.com/filedescriptor/exploiting-the-unexploitable-with-lesser-known-browser-tricks

[漏洞分析] SSCTF pwn450 Windows Kernel Exploitation Writeup
http://whereisk0shl.top/ssctf_pwn450_windows_kernel_exploitation_writeup.html

[移动安全] [原创]乐固加固（17年1月）逆向分析
http://bbs.pediy.com/thread-217556.htm

[漏洞分析] OpenXMolar: An MS OpenXML Format Fuzzing Framework
https://github.com/debasishm89/OpenXMolar

[恶意分析] The worm that spreads WanaCrypt0r 勒索软件逆向分析
https://blog.malwarebytes.com/threat-analysis/2017/05/the-worm-that-spreads-wanacrypt0r/

[恶意分析] RootKits-List-Download: list of all rootkit found on github and othersite
https://github.com/d30sa1/RootKits-List-Download

[比赛] 广东省红帽杯网络安全攻防大赛 CTF - Write Up
https://imlonghao.com/48.html

[运维安全] 【报告解读】如何使用威胁情报量化风险（Recored Future安全白皮书）
https://mp.weixin.qq.com/s?__biz=MzIxMzQ3MzkwMQ==&mid=2247488632&idx=1&sn=afb06d278e32fc215e97a815e58cacdb&scene=0#wechat_redirect

[Web安全] Browser's XSS Filter Bypass Cheat Sheet
https://github.com/masatokinugawa/filterbypass/wiki/Browser's-XSS-Filter-Bypass-Cheat-Sheet

[Web安全] Xsl Exec Webshell (aspx)
https://evi1cg.me/archives/XSL_Exec_Webshell.html

[运维安全] windows关闭445端口
http://thief.one/2017/05/13/2/

[比赛] bsidescbr-2017-ctf-write-up-derpchat
http://paulsec.github.io/blog/2017/05/07/bsidescbr-2017-ctf-write-up-derpchat/

[比赛] bsidescbr-2017-ctf-write-up-needleinahaystack
https://paulsec.github.io/blog/2017/05/06/bsidescbr-2017-ctf-write-up-needleinahaystack/

[运维安全] 方程式0day ETERNALBLUE复现之Empire & Msfconsole下的shell获取
http://www.freebuf.com/articles/system/133853.html

[新闻] 【国际资讯】新型物联网僵尸网络Persirai现身
http://bobao.360.cn/news/detail/4154.html

[运维安全] Snorter: Snort + Barnyard2 + Pulledpork → The easy way!
https://github.com/joanbono/Snorter

[设备安全] 国内物联网资产的暴露情况分析
http://blog.nsfocus.net/exposure-analysis-domestic-internet/

[漏洞分析] Bypassing OTR Signature Verification to Steal iCloud Keychain Secrets
https://medium.com/@longtermsec/bypassing-otr-signature-verification-to-steal-icloud-keychain-secrets-9e92ab55b605

[设备安全] 如何编写高质量的Windows Shellcode
http://www.freebuf.com/articles/system/133990.html

[论文] 系统顶会之一Usenix ATC 2017录用文章列表
https://www.usenix.org/conference/atc17/technical-sessions

[Web安全] 浅谈DDos攻击与防御
http://thief.one/2017/05/10/1/

[Web安全] 【技术分享】XXE漏洞攻防之我见
http://bobao.360.cn/learning/detail/3841.html

[运维安全] Active Directory域渗透之白银票证后门
http://www.4hou.com/technology/4622.html

[取证分析] NSA泄密事件之SMB系列远程命令执行漏洞及Doublepulsar后门全球数据分析
https://mp.weixin.qq.com/s?__biz=MjM5NzA3Nzg2MA==&mid=2649838966&idx=1&sn=4e930ef8637c38c33b0da9a2d0b1b706&scene=0#wechat_redirect

[设备安全] icstools: ics security tools 工控技术安全资料
https://github.com/tanjiti/icstools

[取证分析] Attacked Over Tor
http://www.hackerfactor.com/blog/index.php?/archives/762-Attacked-Over-Tor.html

[工具] Hacking Tools搜罗大集合
http://www.freebuf.com/sectool/133949.html

[编程技术] 关于反爬虫，看这一篇就够了
http://geek.csdn.net/news/detail/85333

[移动安全] 如何在iOS应用程序中用Frida来绕过“越狱检测”?
http://www.freebuf.com/articles/terminal/134111.html

[其它] [翻译]安全意识培训如何保护小企业
http://bbs.pediy.com/thread-217440.htm

[恶意分析] Hajime样本技术分析报告
http://blog.nsfocus.net/hajime-sample-technical-analysis-report/

[取证分析] 威胁情报怎么用
http://www.jianshu.com/p/854d49c8378b

[运维安全] 威胁追踪（hunting）之四：sqrrl介绍
https://mp.weixin.qq.com/s?__biz=MzI4NzU2NjU4NQ==&mid=2247484612&idx=1&sn=d7b2218bf89a4cdccb52b2fffd0bfb64&scene=0#wechat_redirect

[Web安全] YSRC挖洞纪实-洞是靠"细心"挖的
https://bbs.ichunqiu.com/thread-22698-1-1.html?from=14

[观点] 当一名黑客应该学什么？
https://mp.weixin.qq.com/s?__biz=MjM5OTk4MDE2MA==&mid=2655114799&idx=3&sn=3d558619e0e89152bac583d2ee68a746&chksm=bc864bc08bf1c2d665bd61ab81aefbe698c50501566350b141c1a513d80beda5ac175e4c5371#rd

[设备安全] 解读国内物联网资产的暴露情况分析
http://blog.nsfocus.net/interpreting-exposure-domestic-internet/

[设备安全] 一步一步学ROP
https://github.com/zhengmin1989/ROP_STEP_BY_STEP

[工具] OWASP开源工具antisamy的使用详解
http://www.freebuf.com/sectool/134015.html

[编程技术] 利用Mongo数据库的oplog机制实现准实时数据操作监控
http://phantom0301.cc/2017/05/08/MongoOplog/

[其它] DDOS attacks in Q1 2017
https://securelist.com/analysis/quarterly-malware-reports/78285/ddos-attacks-in-q1-2017/

[设备安全] CrimeBreak系列@保卫ATM君
https://mp.weixin.qq.com/s?__biz=MzIzMzE2OTQyNA==&mid=2648946552&idx=1&sn=695a168741aa97c0d53331655b0d5096&scene=0#wechat_redirect

[无线安全] 私家车跟踪器自检手册
https://mp.weixin.qq.com/s?__biz=MzIzMzE2OTQyNA==&mid=2648946547&idx=1&sn=d8507f80b5bbbe1d02fbd6540cee1440&scene=0#wechat_redirect

[其它] MsMpEng: Remotely Exploitable Type Confusion in Windows 8, 8.1, 10, Windows Serv
https://bugs.chromium.org/p/project-zero/issues/detail?id=1252&desc=5

[运维安全] 看见到洞见之楔子（一）:Vectra知其然
https://mp.weixin.qq.com/s?__biz=MzIyODYzNTU2OA==&mid=2247483654&idx=2&sn=f04f6a1d5bbfed42baa616b24d1dd06f&scene=0#wechat_redirect

[数据挖掘] Email Spam Filtering: An Implementation with Python and Scikit-learn
http://www.kdnuggets.com/2017/03/email-spam-filtering-an-implementation-with-python-and-scikit-learn.html

[设备安全] 创建Powershell持久隐蔽后门
http://www.freebuf.com/articles/system/133640.html

[数据挖掘] 利用朴素贝叶斯算法进行文档分类
http://www.jianshu.com/p/364887de2039

[恶意分析] Amnesia：首个检测沙箱的物联网僵尸网络
http://paper.seebug.org/302/#0-tsina-1-13218-397232819ff9a47a7b7e80a40613cfe1

[其它] McAfee Labs Threats Report
https://www.mcafee.com/us/resources/reports/rp-quarterly-threats-mar-2017.pdf

[工具] Powershell scripts useful for Windows enterprise administration
https://github.com/a118n/poweradmin

[比赛] SSCTF2017 WriteUp
https://www.secpulse.com/archives/57956.html

[编程技术] 基于ElasticSearch的实时日志系统实践
https://mp.weixin.qq.com/s?__biz=MzIyMDAzMzA5Mg==&mid=2650766899&idx=1&sn=4902b4eb8e6988e132d18dff36c95893&scene=0#wechat_redirect

[Web安全] 详解全站 HTTPS 访问优化
http://www.4hou.com/info/news/4714.html

[运维安全] 看见到洞见之楔子二（Vectra知其所以然）
https://mp.weixin.qq.com/s?__biz=MzIyODYzNTU2OA==&mid=2247483654&idx=1&sn=84ae654edf563a73008da0571bf20b32&scene=0#wechat_redirect

[运维安全] 浅析UEBA
http://www.jianshu.com/p/a8b5e1c31f59

[漏洞分析] linux-kernel-exploitation: Linux kernel fuzzing and exploitation
https://github.com/xairy/linux-kernel-exploitation

[工具] deceptiveidn(Internationalized Domain Names )
https://github.com/trailofbits/deceptiveidn

[Web安全] SOP bypass / UXSS – Stealing Credentials Pretty Fast (Edge)
https://www.brokenbrowser.com/sop-bypass-uxss-stealing-credentials-pretty-fast/

[运维安全] 云安全监控：云安全系列（一）
https://mp.weixin.qq.com/s?__biz=MzI4NzU2NjU4NQ==&mid=2247484637&idx=1&sn=1661c11a6cce82e381c678a0f82299d6&scene=0#wechat_redirect

[观点] RSA2017全面解读-安全厂家之威胁情报
https://mp.weixin.qq.com/s?__biz=MzU3ODAyMjg4OQ==&mid=2247483719&idx=1&sn=b857495f658a5351f78d32f4c3bdb97f&scene=0#wechat_redirect

[文档] SecWiki周刊（第166期)
https://www.sec-wiki.com/weekly/166

[移动安全] Android应用程序漏洞防护措施打开的正确方式！
http://yaq.qq.com/blog/22

-----微信ID：SecWiki-----
SecWiki，12年来一直专注安全技术资讯分析！
SecWiki：https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第167期)

SecWiki周刊（第167期）

最新公告

友情链接

SecWiki公众号

安全学术圈