SecWiki周刊(第168期)
2017/05/15-2017/05/21
安全资讯
[新闻]  Kotlin成为Android的官配编程语言
http://www.androidchina.net/6932.html
[法规]  国家情报法(草案)全文公开征求意见
https://mp.weixin.qq.com/s?src=3&timestamp=1495087007&ver=1&signature=PmX6LhCb7BoTZb05GYkQuoT9*d0RCHNz0XR7*YFEjbq7gbOh8ZFm5rXGf-ucQjil93mCH5KOsZvVkE0OEos62gQCzwYcK7zoKD8bV8DIPnBE*AaO3GCH5LU4f5yyiaxVZBrL4U0CTJAVHOnq8xlxCMYrh7MPBCGhegwERycccuQ=
[新闻]  CrowdStrike D轮融资1亿美元 意欲取代赛门、迈克菲
http://www.aqniu.com/industry/25122.html
[观点]  你的深度包检测有多深:DPI技术评估提案
http://www.aqniu.com/learn/25147.html
[新闻]  崛起中的英国网络安全:这13家初创企业或成未来“独角兽”
http://weibo.com/ttarticle/p/show?id=2309404109942981286475
安全技术
[Web安全]  Acunetix Web Vulnerability Scanner 11.x KeyGen By Hmily[LCG]
http://www.52pojie.cn/thread-609275-1-1.html
[Web安全]  PHPCMS V9.6.2 SQL注入漏洞分析
http://bobao.360.cn/learning/detail/3884.html
[Web安全]  Advanced Social Engineering for Red Teams.
https://github.com/t3ntman/Conference-Talks/blob/master/Advanced%20Social%20Engineering%20for%20Red%20Teams.pdf
[Web安全]  脆弱的内网安全之Xerosploit的使用
https://bbs.ichunqiu.com/thread-18440-1-1.html?from=18
[Web安全]  【渗透神器系列】搜索引擎
http://thief.one/2017/05/19/1/
[设备安全]  Intel的漏洞,怎么利用(CVE-2017-5689)
http://mp.weixin.qq.com/s/EbMggASqM3r051okFX7e2Q
[工具]  Hacking Tools搜罗大集合(下)
http://mp.weixin.qq.com/s/rdp01Zi-ebnmMpUTNRe3lw
[Web安全]  WannaCryptor 勒索蠕虫样本深度技术分析
http://blog.topsec.com.cn/ad_lab/wannacryptor-%E5%8B%92%E7%B4%A2%E8%A0%95%E8%99%AB%E6%A0%B7%E6%9C%AC%E6%B7%B1%E5%BA%A6%E6%8A%80%E6
[Web安全]  Oracle PeopleSoft Remote Code Execution: Blind XXE to SYSTEM Shell.
https://www.ambionics.io/blog/oracle-peoplesoft-xxe-to-rce
[Web安全]  javascript表单劫持用户密码(后门免杀)
https://bbs.ichunqiu.com/thread-22942-1-1.html?from=18
[Web安全]  Maccms8.x 命令执行分析
https://bbs.ichunqiu.com/forum.php?mod=viewthread&tid=23026
[法规]  读读法律——《网络安全法》、《情报法》
http://phantom0301.cc/2017/05/19/security-law/
[工具]  Hacking Tools搜罗大集合(上)
http://mp.weixin.qq.com/s/YP-qb2xs2Pd9FAoD2ZxyKA
[Web安全]  调用Acunetix11 API接口实现扫描
http://0cx.cc/about_awvs11_api.jspx
[移动安全]  浅谈 FlexiSpy For Android 远程控制后门——源码分析与另类利用
http://www.freebuf.com/column/135156.html
[Web安全]  NagaScan: 一个简单的分布式WEB扫描器的设计与实践
https://github.com/brianwrf/NagaScan
[取证分析]  如何使用WhatsApp收集大量数据(附脚本)
http://www.freebuf.com/sectool/134347.html
[移动安全]  看一看这款Proton.B恶意软件会在你的Mac OS上干些什么坏事
http://www.freebuf.com/articles/system/134647.html
[Web安全]  使用Tesseract-OCR编程识别验证码
https://bbs.ichunqiu.com/thread-17496-1-2.html?from=18
[编程技术]  微软MS漏洞对应的KB号
https://github.com/tengzhangchao/microsoftSpider
[漏洞分析]  微信(WeChat)电脑端多开研究+源码
https://anhkgg.github.io/wechat-multi-pc/
[取证分析]  T-Pot多蜜罐平台:让蜜罐实现更简单
http://www.freebuf.com/sectool/134504.html
[恶意分析]  WCry/WanaCry Ransomware Technical Analysis
https://www.endgame.com/blog/wcrywanacry-ransomware-technical-analysis
[Web安全]  Joomla! 3.7 Core SQL 注入 (CVE-2017-8917)漏洞分析
http://paper.seebug.org/305/?from=singlemessage&isappinstalled=0
[恶意分析]  vipas: Vipasyin Webshell detector Go 语言编写的Webshell检测工具
https://github.com/samgha/vipas
[漏洞分析]  WannaCry深度详细分析报告(很细很深)
http://www.freebuf.com/column/135104.html
[取证分析]  WannaCry: views from the DNS frontline 从 DNS 数据看勒索软件传播
http://www.nominum.com/tech-blog/wannacry-views-dns-frontline/
[Web安全]  在线免费的前端黑工具 XSS'OR
http://paper.seebug.org/303/
[观点]  爱因斯坦计划最新进展(201705)
http://yepeng.blog.51cto.com/3101105/1926189
[Web安全]  Windows渗透测试工具:RedSnarf
http://www.freebuf.com/sectool/134226.html
[Web安全]  Java框架安全
http://blog.csdn.net/u011721501/article/details/72464665
[编程技术]  利用globalAPIhooks在Win7系统下隐藏进程
https://3gstudent.github.io/%E5%88%A9%E7%94%A8globalAPIhooks%E5%9C%A8Win7%E7%B3%BB%E7%BB%9F%E4%B8%8B%E9%9A%90%E8%97%8F%E8%BF%9B%E7%A8%8B/
[恶意分析]  The Hours of WannaCry
https://umbrella.cisco.com/blog/2017/05/16/the-hours-of-wannacry/
[运维安全]  没有钱的安全部之系统日志安全
http://www.freebuf.com/articles/system/134807.html
[编程技术]  fiery: APM for PHP 基于PHP的分布式跟踪系统
https://github.com/weiboad/fiery
[漏洞分析]  awesome-compilers: 编译器技术资料汇总
https://github.com/aalhour/awesome-compilers
[Web安全]  Joomla!3.7.0 Core SQL注入漏洞详细分析(含PoC、漏洞环境)
http://m.bobao.360.cn/learning/detail/3870.html
[Web安全]  AD ACL Scanner:一款扫描活动目录权限并自动生成报告的小工具
http://www.freebuf.com/sectool/134623.html
[文档]  2017补天沙龙成都站 papers
https://github.com/SycloverSecurity/papers/tree/master/2017%E8%A1%A5%E5%A4%A9%E6%B2%99%E9%BE%99%E6%88%90%E9%83%BD%E7%AB%99
[运维安全]  云安全系列(三)Forrester报告:云Workload安全管理解决方案市场概述
https://www.sec-un.org/%e4%ba%91%e5%ae%89%e5%85%a8%e7%b3%bb%e5%88%97%ef%bc%88%e4%b8%89%ef%bc%89forrester%e6%8a%a5%e5%91%8a%ef%bc%9a%e4%ba%91workload%e5%ae%89%e5%85%a8%e7%ae%a1%e7%90%86%e8%a7%a3%e5%86%b3%e6%96%b9%e6%a1%88/
[数据挖掘]  sec-ml: security machine learning 机器学习&网络安全资料
https://github.com/secdr/sec-ml
[恶意分析]  Terror Evolved: Exploit Kit Matures
http://blog.talosintelligence.com/2017/05/terror-evolved-exploit-kit-matures.html
[运维安全]  windows系统打MS17-010补丁
http://thief.one/2017/05/15/1/
[取证分析]  ID Ransomware 勒索软件解密平台(包含多款勒索软件解密)
https://id-ransomware.malwarehunterteam.com/
[恶意分析]  Hidden Alternative Data Streams的进阶利用技巧
http://www.4hou.com/technology/4783.html
[漏洞分析]  YSRC众测之我的漏洞挖掘姿势
https://bbs.ichunqiu.com/thread-22924-1-1.html?from=18
[恶意分析]  Malware Packers Use Tricks to Avoid Analysis, Detection
https://securingtomorrow.mcafee.com/technical-how-to/malware-packers-use-tricks-avoid-analysis-detection/
[数据挖掘]  Python 获取 网易云音乐热门评论
http://www.cnblogs.com/lyrichu/p/6635798.html
[Web安全]  Joomla!3.7.0 Core SQL注入漏洞
http://bobao.360.cn/learning/detail/3868.html
[取证分析]  某云用户网站入侵应急响应
http://www.freebuf.com/articles/network/134372.html
[编程技术]  The Detail of Extracting & Curating Articles 网页正文自动化提取
http://midday.me/article/757120437f9b42e28d4030ec251a013d
[Web安全]  catphish: 钓鱼域名自动生成与有效性检测
https://github.com/ring0lab/catphish
[Web安全]  FirefoxCookie:一键式注射工具
http://ecma.io/710.html
[编程技术]  使用Python写一个转存纯真IP数据库的脚本
http://www.92ez.com/?action=show&id=23442
[其它]  9 best practices to improve security in industrial loT
http://ow.ly/ouHO30bHloy
[数据挖掘]  大数据分析解决安全之道
https://mp.weixin.qq.com/s?__biz=MjM5NzA3Nzg2MA==&mid=2649838998&idx=1&sn=68e792dfb0e7cbde704b33df00d37f8f&scene=0#wechat_redirect
[Web安全]  常见的多行查询bypass总结
http://www.math1as.com/index.php/archives/471/
[工具]   Pybelt - The Hackers Tool Belt
http://www.kitploit.com/2017/05/pybelt-hackers-tool-belt.html
[Web安全]  Acesss数据库手工绕过通用代码防注入系统
http://simeon.blog.51cto.com/18680/1927496
[杂志]  《安天365安全研究》-2017-04
https://pan.baidu.com/s/1eSxfPUM
[设备安全]  Leaked Linux.Mirai Source Code for Research/IoC Development Purposes
https://github.com/0x27/linux.mirai
[杂志]  SecWiki周刊(第167期)
https://www.sec-wiki.com/weekly/167
[观点]  国际知名“青少年黑客”盘点
http://www.freebuf.com/articles/others-articles/134845.html
[运维安全]  云安全系列(二)SANS关于云数据中心安全和职责的调研
https://www.sec-un.org/%e4%ba%91%e5%ae%89%e5%85%a8%e7%b3%bb%e5%88%97%ef%bc%88%e4%ba%8c%ef%bc%89sans%e5%85%b3%e4%ba%8e%e4%ba%91%e6%95%b0%e6%8d%ae%e4%b8%ad%e5%bf%83%e5%ae%89%e5%85%a8%e5%92%8c%e8%81%8c%e8%b4%a3%e7%9a%84/
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第168期)