SecWiki周刊(第171期)
2017/06/05-2017/06/11
安全资讯
[新闻]  中国公布必须接受安全审查的首批网络设备名单
http://www.solidot.org/story?sid=52703
[新闻]  Top-Secret NSA Report Details Russian Hacking Effort Days Before 2016 Election
https://theintercept.com/2017/06/05/top-secret-nsa-report-details-russian-hacking-effort-days-before-2016-election/
[人物]  WannaCry凶在一时,可他却誓与暗黑斗争一世——MJ0011
http://weibo.com/ttarticle/p/show?id=2309404115696446492253
安全技术
[运维安全]  基线检查表&安全加固规范(V1.1)|技术讨论
https://xianzhi.aliyun.com/forum/read.php?tid=1702&displayMode=1&page=1&toread=1#tpc
[漏洞分析]  bincat: Binary code static analyser, with IDA integration
https://github.com/airbus-seclab/bincat
[法规]  白帽子相关法规
http://mp.weixin.qq.com/s/ZQj6tu37OMYu_rc9mvR92Q
[设备安全]  工业物联网安全态势分析报告 I DTU 数据中心态势感知报告
http://plcscan.org/blog/wp-content/uploads/2017/06/data-transfer-unit-dtu-risk-awareness-report.pdf
[Web安全]  kernel exploit - Windows/Linux 的各种提权 exp
https://github.com/SecWiki/windows-kernel-exploits
[视频]  Security Fest 2017 安全会议视频
https://www.youtube.com/channel/UCByLDp7r7gHGoO7yYMYFeWQ
[比赛]  TCTF 2017 FINAL WEB PARTIAL WRITEUP
http://www.melodia.pw/?p=902
[编程技术]  AZSpider: 高性能分布式爬虫,基于Flask 数据库采用MongoDB 分布式采用Redis
https://github.com/az0ne/AZSpider/blob/master/AZSpider_.rar
[数据挖掘]  基于大数据和机器学习的Web异常参数检测系统Demo实现
http://www.freebuf.com/articles/web/134334.html
[比赛]  胖哈勃杯第十三届CUIT校赛官方Writeup
http://blog.sycsec.com/?p=1095
[文档]  Association for the Advancement of Artificial Intelligence AAAI 2017录用会议
http://dblp.uni-trier.de/db/conf/aaai/aaai2017.html
[取证分析]  黑客入侵应急分析手工排查|技术讨论
https://xianzhi.aliyun.com/forum/read/1655.html
[取证分析]  NSA如何定位泄密女临时工?还原追踪溯源分析!
https://www.easyaq.com/news/1041386125.shtml
[恶意分析]  暗云Ⅲ BootKit 木马分析
http://www.freebuf.com/articles/system/134017.html
[工具]  CVE-2017-0213 Windows COM 特权提升漏洞组件|漏洞研究
https://xianzhi.aliyun.com/forum/read/1692.html
[移动安全]  MSF外网持久控制Android手机并渗透测试局域网
http://www.freebuf.com/sectool/136574.html
[Web安全]  PHP代码审计学习
http://phantom0301.cc/2017/06/06/codeaudit/
[Web安全]  MOTS攻击技术分析
http://www.freebuf.com/articles/network/135960.html
[恶意分析]  一份通过IPC和lpkdll感染方式的病毒分析报告|漏洞研究
https://xianzhi.aliyun.com/forum/read/1682.html
[取证分析]  基于bro的计算机入侵取证实战分析
http://www.freebuf.com/articles/system/135843.html
[其它]  一篇文章走进Mac逆向的世界 | AloneMonkey
http://www.alonemonkey.com/2017/05/31/get-start-with-mac-reverse/
[数据挖掘]  0605陈雷:移动互联网大数据助力金融风控 #密码 wvbu
https://pan.baidu.com/share/link?shareid=3334267692&uk=2371711970
[比赛]  CTF比赛中关于zip的总结
http://bobao.360.cn/ctf/detail/203.html
[Web安全]  浅谈互联网挂马与检测技术
http://aq.163.com/module/pedia/article-00058.html
[无线安全]  自己手工搭建也能打造伪基站监控系统
http://www.4hou.com/info/news/5251.html
[恶意分析]  浅谈僵尸网络利器:Fast-flux技术
http://www.freebuf.com/articles/network/136423.html
[Web安全]  深入理解JAVA反序列化漏洞.pdf
https://pan.baidu.com/s/1i50y7q9
[运维安全]  网站物理路径搜索工具
https://github.com/tengzhangchao/SearchWebPath
[取证分析]  威胁情报简介及市场浅析
http://www.freebuf.com/column/136763.html
[Web安全]  两种钓鱼方法分析
https://xianzhi.aliyun.com/forum/read/1680.html
[取证分析]  sigma: Generic Signature Format for SIEM Systems
https://github.com/Neo23x0/sigma
[设备安全]  针对西门子PLC蠕虫的实现|漏洞研究
https://xianzhi.aliyun.com/forum/read/1693.html
[设备安全]  如何用HERCULES绕过杀软
http://www.freebuf.com/articles/system/135938.html
[Web安全]  记一次ThinkPHP源码审计
http://ecma.io/724.html
[Web安全]  DeathStar:一键自动化域渗透工具(含演示视频)
http://www.freebuf.com/sectool/136224.html
[工具]  Best DOS Attacks and Free DOS Attacking Tools [Updated for 2017]
http://resources.infosecinstitute.com/dos-attacks-free-dos-attacking-tools/
[Web安全]  【翻译】一套可用于强化红队基础设施的补充资源|漏洞研究
https://xianzhi.aliyun.com/forum/read/1686.html
[漏洞分析]  MS-17-010: EternalBlue’s Large Non-Paged Pool Overflow in SRV Driver
http://blog.trendmicro.com/trendlabs-security-intelligence/ms17-010-eternalblue/
[无线安全]  Bluetooth that bites -SmartLock-Hacking 蓝牙开锁技术研究
https://github.com/kevin2600/BTLE-SmartLock-Hacking/blob/master/Ozlockcon-2017-Bluetooth%20that%20bites.pdf
[编程技术]  python正则学习上篇
http://mp.weixin.qq.com/s/qQz5TBuiAySRWd3pHgZyiQ
[编程技术]  docker私有仓库搭建
http://kekefund.com/2017/06/07/doker-registry/
[漏洞分析]  Exploiting an integer overflow with array spreading (WebKit)
https://phoenhex.re/2017-06-02/arrayspread
[工具]  穿越边界的姿势
https://mp.weixin.qq.com/s/l-0sWU4ijMOQWqRgsWcNFA
[运维安全]  HTTrack Website Copier 网站镜像克隆工具
http://www.httrack.com/
[设备安全]  构建内核级防火墙
http://aq.163.com/module/pedia/article-00041.html
[设备安全]  破解了十款路由器之后,我们有话要说
https://zhuanlan.zhihu.com/p/27312102
[漏洞分析]  An Inside Look at CVE-2017-0199 – HTA and Scriptlet File Handler Vulnerability
http://blog.fortinet.com/2017/06/04/an-inside-look-at-cve-2017-0199-hta-and-scriptlet-file-handler-vulnerability
[工具]  论二级域名收集的姿势
http://mp.weixin.qq.com/s/ardCYdZzaSjvSIZiFraWGA
[漏洞分析]  会找漏洞的时光机: Pinpointing Vulnerabilities
https://www.inforsec.org/wp/?p=1993
[Web安全]  getsploit: 命令行的漏洞搜索及下载工具
https://github.com/vulnersCom/getsploit
[数据挖掘]  db.py: 数据库中数据分析助手 (结合 ipython 使用)
https://github.com/yhat/db.py
[Web安全]  如何在macOS上监听单个应用HTTPS流量
http://www.freebuf.com/articles/network/136186.html
[Web安全]  Email My PC: 通过邮件远程监控你的电脑
http://jackeriss.github.io/email_my_pc/
[Web安全]  服务端注入之Flask框架中服务端模板注入问题
http://www.freebuf.com/articles/web/135953.html
[设备安全]  How a harmless-looking insider can compromise your network
https://securelist.com/78588/50-hashes-per-hour/
[其它]  Cheat Sheet of Machine Learning and Python (and Math) Cheat Sheets
https://unsupervisedmethods.com/cheat-sheet-of-machine-learning-and-python-and-math-cheat-sheets-a4afe4e791b6
[文档]  History of symbolic execution
https://github.com/enzet/symbolic-execution
[Web安全]  "安全线"大型目标渗透-01信息搜集
https://xianzhi.aliyun.com/forum/read/1675.html
[恶意分析]  利用开源工具分析新型PowerPoint恶意文档
http://www.4hou.com/tools/5242.html
[漏洞分析]  Cyber Grand Challenge corpus
http://www.lungetech.com/2017/04/24/cgc-corpus/
[漏洞分析]  Pwn2Own: Safari sandbox part 1 – Mount yourself a root shell
https://phoenhex.re/2017-06-09/pwn2own-diskarbitrationd-privesc
[论文]  14th Detection of Intrusions and Malware & Vulnerability Assessment 论文列表
https://itsec.cs.uni-bonn.de/dimva2017/Program.html
[文档]  借助DynELF实现无libc的漏洞利用小结
http://mp.weixin.qq.com/s/KV3Z40gZAOZ4-SUjTvT6NA
[Web安全]  Vulnerability box 漏洞修复方案book
https://book.thief.one/
[Web安全]  Exploiting a V8 OOB write
https://halbecaf.com/2017/05/24/exploiting-a-v8-oob-write/
[恶意分析]  秒抢红包锁屏样本手动查杀操作|漏洞研究
https://xianzhi.aliyun.com/forum/read/1683.html
[设备安全]  Wired Mobile Charging – Is it Safe?
https://securelist.com/74804/wired-mobile-charging-is-it-safe/
[恶意分析]  FROM CRASH TO EXPLOIT: CVE-2015-6086
http://payatu.com/from-crash-to-exploit/
[杂志]  SecWiki周刊(第170期)
https://www.sec-wiki.com/weekly/170
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第171期)