SecWiki周刊(第173期)
2017/06/19-2017/06/25
安全资讯
[移动安全]  控制域名忘记续费,三星数百万台手机陷入“任人宰割”境地
http://www.4hou.com/info/news/5548.html
[爆库]  The RNC Files: Inside the Largest US Voter Data Leak
https://www.upguard.com/breaches/the-rnc-files
[新闻]  首届中国数据安全峰会上阿里和华为都讲了啥
http://www.aqniu.com/industry/26134.html
[新闻]  中国网络安全企业50强(2017年上半年)
https://www.easyaq.com/news/897276489.shtml
[新闻]  32TB of Windows 10 internal builds, core source code leak online
http://www.theregister.co.uk/2017/06/23/windows_10_leak/
[人物]  腾讯云鼎实验室掌门人killer专访:安全路上,杀手没有假期
http://www.freebuf.com/articles/people/137348.html
安全技术
[Web安全]  druid/wallfilter:基于SQL语义分析来实现防御SQL注入攻击
https://github.com/alibaba/druid/wiki/%E9%85%8D%E7%BD%AE-wallfilter
[工具]  强大的内网域渗透提权分析工具——BloodHound
http://www.4hou.com/penetration/5554.html
[漏洞分析]  Windows Server中的 WINS 服务器远程内存损坏漏洞分析
http://www.4hou.com/vulnerable/5635.html
[数据挖掘]  scikit-learn随机森林调参小结
http://www.cnblogs.com/pinard/p/6160412.html
[恶意分析]  基于USB armory 制作一个USB恶意软件分析器
http://www.4hou.com/technology/5525.html
[Web安全]  CloudFail: 查找CloudFlare CDN 背后的真实 IP 地址
https://github.com/m0rtem/CloudFail
[Web安全]  Rasp 技术介绍与实现
http://paper.seebug.org/330/
[无线安全]  waidps: Wireless Auditing, Intrusion Detection & Prevention System
https://github.com/SYWorks/waidps
[数据挖掘]  Kaggle初探--房价预测案例之数据分析
http://www.jianshu.com/p/62716b33e7be
[比赛]  2017 GCTF(全球华人网络安全技能大赛)线上赛writeup
http://www.freebuf.com/articles/others-articles/137491.html
[比赛]  CTF比赛中SQL注入的一些经验总结
http://www.freebuf.com/articles/web/137094.html
[Web安全]  域渗透提权分析工具 BloodHound 1.3 中的ACL攻击路径介绍
http://www.4hou.com/penetration/5752.html
[无线安全]  不止Kali 和 Aircrack-ng | 无线渗透工具合集
http://www.4hou.com/tools/5584.html
[编程技术]  轻松组建分布式 pyspider 集群
https://imlonghao.com/10.html
[Web安全]  子域名发掘神器:AQUATONE
http://www.freebuf.com/sectool/137806.html
[恶意分析]  从无效的DNS流量中检测基于DGA的恶意程序
http://paper.kakapo.ml/?p=135
[恶意分析]  FIN7 APT组织攻击木马分析报告
http://www.freebuf.com/articles/network/137612.html
[其它]  vlany:Linux LD_PRELOAD rootkit (x86 and x86_64 architectures)
https://github.com/mempodippy/vlany
[运维安全]  没有钱的安全部之资产安全
http://www.jianshu.com/p/572431447613?from=timeline
[设备安全]  路由器固件安全分析技术(一)
https://www.vulbox.com/knowledge/detail/?id=35
[Web安全]  Java反序列化漏洞分析|漏洞研究
https://xianzhi.aliyun.com/forum/read/1757.html
[Web安全]  菜鸟学代码审计-PIMS三个漏洞+里程密最新版V2.3 SQL注入漏洞
https://xianzhi.aliyun.com/forum/read/1761.html
[工具]  Kali Linux中优秀Wifi渗透工具TOP 10
http://www.freebuf.com/sectool/137163.html
[Web安全]  Web 前端安全:从MVVM 框架说起
https://speakerdeck.com/oritz/mvvm-framework-security
[漏洞分析]  Share with care: Exploiting a Firefox UAF with shared array buffers
https://phoenhex.re/2017-06-21/firefox-structuredclone-refleak
[恶意分析]  Wannacry深度解析:第一阶段tasksche
http://www.freebuf.com/vuls/135822.html
[其它]  我当初是怎么管理技术团队的
http://www.cnblogs.com/zhengyun_ustc/p/7047366.html
[Web安全]  跨站的艺术-XSS入门与介绍
http://www.fooying.com/the-art-of-xss-1-introduction/
[运维安全]  NTP/SNMP amplification attacks Carnal0wnage
http://carnal0wnage.attackresearch.com/2017/06/ntpsnmp-amplification-attacks.html
[无线安全]  逆向分析华为E5573 4G Modem
http://www.4hou.com/technology/5744.html
[Web安全]  使用Python检测并绕过Web应用程序防火墙
http://www.4hou.com/penetration/5698.html
[Web安全]  VIPROY - VoIP Pen-Test Kit for Metasploit Framework
https://github.com/fozavci/viproy-voipkit
[漏洞分析]  【技术分享】针对巴基斯坦的某APT活动事件分析
http://bobao.360.cn/learning/detail/4020.html
[数据挖掘]  Findsploit: Find exploits in local and online databases
https://github.com/1N3/Findsploit
[设备安全]  针对工业控制系统的新型攻击武器 Industroyer 深度剖析
http://paper.seebug.org/328/
[编程技术]  NSA OSS Technologies 美国国家安全局开源技术
https://nationalsecurityagency.github.io/
[数据挖掘]  一文读懂特征工程
https://mp.weixin.qq.com/s/CkDzLZCXOF6zzrn6_dd6Jw
[恶意分析]  malwaresearch: A command line tool to find malwares
https://github.com/MalwareReverseBrasil/malwaresearch
[移动安全]  trollface: AirDrop trollfaces to everyone.
https://github.com/neonichu/trolldrop
[设备安全]  SCADA Penetration Testing: Do I need to be prepared
http://research.aurainfosec.io/scada-penetration-testing/
[Web安全]  Django两则CVE-2017-7233和CVE-2017-7234url跳转漏洞分析
https://xianzhi.aliyun.com/forum/read/1746.html
[数据挖掘]  angel: 高性能分布式机器学习平台
https://github.com/Tencent/angel
[设备安全]  An easy way to pwn most of the vivotek network cameras
https://blog.cal1.cn/post/An%20easy%20way%20to%20pwn%20most%20of%20the%20vivotek%20network%20cameras
[编程技术]  The PHP module rootkit [CODE]
https://github.com/Paradoxis/PHP-Rootkit
[Web安全]  Pcap_tools: 基于网络流量包的漏洞自动化分析
https://github.com/pythonran/Pcap_tools
[设备安全]  A PoC that the USB port is an attack surface for a Mazda car's
https://github.com/shipcod3/mazda_getInfo
[文档]  2017年上半年网络诈骗趋势研究报告
http://zt.360.cn/1101061855.php?dtid=1101062366&did=490534325
[Web安全]  我是如何拿下破冰项目的|技术讨论
https://xianzhi.aliyun.com/forum/read/1769.html
[Web安全]  Authentication bypass on Airbnb via OAuth tokens theft
https://www.arneswinnen.net/2017/06/authentication-bypass-on-airbnb-via-oauth-tokens-theft/
[其它]  snodew:PHP root (suid) reverse shell
https://github.com/mempodippy/snodew
[数据挖掘]  RussiaDNSLeak: Summary and archives of leaked Russian TLD DNS data
https://github.com/mandatoryprogrammer/RussiaDNSLeak
[观点]  走近黑客雇佣市场:刀尖上“跳舞”,悬崖边狂欢
http://www.freebuf.com/news/137646.html
[运维安全]  Deployment checklist for securely deploying Docker
https://github.com/GDSSecurity/Docker-Secure-Deployment-Guidelines
[编程技术]  Your interpreter isn’t safe anymore — The PHP module rootkit
https://blog.paradoxis.nl/your-interpreter-isnt-safe-anymore-the-php-module-rootkit-c7ca6a1a9af5
[Web安全]  SecWiki周刊(第172期)
https://www.sec-wiki.com/weekly/172
[设备安全]  Rethinking a Secure Internet of Things
http://iot.stanford.edu/doc/SITP-summary-2016-project.pdf
[Web安全]  大数据、机器学习推动下的验证码技术发展:网易易盾验证码评测与解读
http://www.freebuf.com/articles/network/133358.html
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第173期)