SecWiki周刊(第176期)
2017/07/10-2017/07/16
安全资讯
恶性病毒Pengex通过系统盘疯狂传播,攻击所有主流杀软却唯独放过腾讯
http://www.freebuf.com/news/139381.html
http://www.freebuf.com/news/139381.html
[译]如何让你的雇员关心网络安全:10个建议
https://www.520waf.com/2017/07/11/10tips/
https://www.520waf.com/2017/07/11/10tips/
[译]Cisco宣布有意收购安全云新星Observable Networks
https://www.520waf.com/2017/07/14/cisco_observable_networks/
https://www.520waf.com/2017/07/14/cisco_observable_networks/
[译]Sabre称因被窃的账户凭证导致其信息安全事件
https://www.520waf.com/2017/07/07/sabre_breach/
https://www.520waf.com/2017/07/07/sabre_breach/
国内研究人员发现GMR-2漏洞,可实时解密卫星电话通讯
http://www.4hou.com/info/news/6192.html
http://www.4hou.com/info/news/6192.html
国家互联网信息办公室关于《关键信息基础设施安全保护条例(征求意见稿)》
http://www.cac.gov.cn/2017-07/11/c_1121294220.htm
http://www.cac.gov.cn/2017-07/11/c_1121294220.htm
一个失败的合作!导致超过1.4亿的Verizon用户数据泄露
http://www.4hou.com/info/news/6327.html
http://www.4hou.com/info/news/6327.html
专访腾讯科恩实验室创始人成员陈良
http://www.freebuf.com/video/139303.html
http://www.freebuf.com/video/139303.html
安全技术
基于MHN开源项目的树莓派蜜罐节点部署实战
https://sosly.me/index.php/2017/07/11/mhndionaea/
https://sosly.me/index.php/2017/07/11/mhndionaea/
一款在线文件爆破工具
http://decrypt.junantech.com
http://decrypt.junantech.com
WiFi攻击进阶版——Deauth攻击
http://toutiao.com/item/6441693492027589134/
http://toutiao.com/item/6441693492027589134/
CVE-2016-10277在MOTO X手机上的漏洞利用实践
http://www.ms509.com/?p=684
http://www.ms509.com/?p=684
遇见钓鱼欺诈站点,我选择“举报”
https://sosly.me/index.php/2017/07/11/jubaodiaoyuqizha/
https://sosly.me/index.php/2017/07/11/jubaodiaoyuqizha/
使用深度学习检测DGA(域名生成算法)
http://www.freebuf.com/articles/network/139697.html
http://www.freebuf.com/articles/network/139697.html
如何防御恶意bot流量
https://www.520waf.com/2017/07/05/bot/
https://www.520waf.com/2017/07/05/bot/
如何使用OpenBSM对macOS进行实时审计?
http://www.4hou.com/system/6104.html
http://www.4hou.com/system/6104.html
绕过AppLocker系列之MSBuild的利用
http://www.4hou.com/system/5739.html
http://www.4hou.com/system/5739.html
Piwik代码执行漏洞安全分析(附验证过程Getshell)
https://xianzhi.aliyun.com/forum/read/1847.html
https://xianzhi.aliyun.com/forum/read/1847.html
OWASP 2017亚洲峰会 PPT
http://www.owasp.org.cn/OWASP_Conference/owasp-2017yzfh/fhyc
http://www.owasp.org.cn/OWASP_Conference/owasp-2017yzfh/fhyc
整合了一个wvs11的扫描
http://0cx.cc/wvs_console_scan.jspx
http://0cx.cc/wvs_console_scan.jspx
Z3sec: Penetration testing framework for ZigBee security research
https://github.com/IoTsec/Z3sec
https://github.com/IoTsec/Z3sec
2017 C3安全峰会 视频&PPT
http://www.chinac3.com/
http://www.chinac3.com/
二进制补丁比较神器——BinDiff 4.3免费下载
https://www.zynamics.com/software.html
https://www.zynamics.com/software.html
[译] 黑夜的猎杀-盲打XXE
https://xianzhi.aliyun.com/forum/read/1837.html
https://xianzhi.aliyun.com/forum/read/1837.html
Spring MVC Autobinding漏洞实例初窥
https://xianzhi.aliyun.com/forum/read/1843.html
https://xianzhi.aliyun.com/forum/read/1843.html
ExecScent:在真实网络下使用自适应控制协议模板挖掘新的C&C域名
http://paper.kakapo.ml/?p=177
http://paper.kakapo.ml/?p=177
SubDomainSniper1.0: 企业资产查询工具(子域名搜集)
http://www.7kb.org/1021.html
http://www.7kb.org/1021.html
第十届全国大学生信息安全竞赛 web writeup
http://www.math1as.com/index.php/archives/493/
http://www.math1as.com/index.php/archives/493/
Tracking The Spring Dragon Advanced Persistent Threat
http://www.techarp.com/articles/tracking-spring-dragon-apt/
http://www.techarp.com/articles/tracking-spring-dragon-apt/
面对黑客攻击,看我如何反击加提权
https://bbs.ichunqiu.com/thread-24648-1-1.html
https://bbs.ichunqiu.com/thread-24648-1-1.html
Pentester Lab渗透测试
https://mp.weixin.qq.com/s/r2-2hxZs6J9r9RTtsEDGAg
https://mp.weixin.qq.com/s/r2-2hxZs6J9r9RTtsEDGAg
部署1433蜜罐,成功抓取两例木马
http://4hou.win/wordpress/?p=4741
http://4hou.win/wordpress/?p=4741
阿里云:游戏行业DDoS态势报告(2017年上半年)
https://mp.weixin.qq.com/s/DyLkQiMuEP3v-AHt9P81vg?spm=5176.100239.blogcont127833.17.Fswjg8
https://mp.weixin.qq.com/s/DyLkQiMuEP3v-AHt9P81vg?spm=5176.100239.blogcont127833.17.Fswjg8
Python3代码规范之最少必要风格
https://sosly.me/index.php/2017/07/13/python3example/
https://sosly.me/index.php/2017/07/13/python3example/
PSattack:一个渗透测试中使用的万能框架
http://www.4hou.com/info/news/6149.html
http://www.4hou.com/info/news/6149.html
一款Docker攻击工具dockerscan
http://blackwolfsec.cc/2017/05/27/docker-security/
http://blackwolfsec.cc/2017/05/27/docker-security/
netdata: 跨平台机器监视工具
https://github.com/firehol/netdata
https://github.com/firehol/netdata
NiuTrans: 开源的统计机器翻译系统
http://www.niutrans.com/niutrans/NiuTrans.ch.html
http://www.niutrans.com/niutrans/NiuTrans.ch.html
S2-048 漏洞调试及分析
https://xianzhi.aliyun.com/forum/read/1844.html
https://xianzhi.aliyun.com/forum/read/1844.html
revsh is a tool for establishing reverse shells with terminal support
https://github.com/emptymonkey/revsh
https://github.com/emptymonkey/revsh
低漏报检测java反序列化漏洞方法
http://www.polaris-lab.com/index.php/archives/331/
http://www.polaris-lab.com/index.php/archives/331/
如何在 Kaggle 首战中进入前 10%
https://dnc1994.com/2016/04/rank-10-percent-in-first-kaggle-competition/
https://dnc1994.com/2016/04/rank-10-percent-in-first-kaggle-competition/
网络安全老兵座谈:云安全审计(评估)应该怎么做?
http://www.4hou.com/info/news/6161.html
http://www.4hou.com/info/news/6161.html
使用机器学习识别出拍卖场中作弊的机器人用户(二)
https://segmentfault.com/a/1190000009101577
https://segmentfault.com/a/1190000009101577
Joomla 3.70 com_fields组件sql注入及joomla3.x拿后台shell
https://www.70sec.com/t/179
https://www.70sec.com/t/179
使用机器学习识别出拍卖场中作弊的机器人用户(一)
https://segmentfault.com/a/1190000009101175
https://segmentfault.com/a/1190000009101175
一款更快的 libFuzzer:libFuzzer-gv
http://www.4hou.com/tools/6190.html
http://www.4hou.com/tools/6190.html
Seashells lets you pipe output from command-line programs to the web in real-tim
https://seashells.io/
https://seashells.io/
基于递归神经网络的监督序列标记(2)
http://phantom0301.cc/2017/06/26/rnntolabel2/
http://phantom0301.cc/2017/06/26/rnntolabel2/
Python实现逻辑回归(Logistic Regression in Python)
http://www.powerxing.com/logistic-regression-in-python/
http://www.powerxing.com/logistic-regression-in-python/
如何利用msxsl绕过AppLocker?
http://www.4hou.com/system/6203.html
http://www.4hou.com/system/6203.html
YAHOO MAIL BOX STORED XSS (write up)Bounty Rewarded $10,000 USD
https://m.facebook.com/notes/mrityunjoy-emu/yahoo-mail-box-stored-xss-write-upbounty-rewarded-10000-usd/677948372401448/
https://m.facebook.com/notes/mrityunjoy-emu/yahoo-mail-box-stored-xss-write-upbounty-rewarded-10000-usd/677948372401448/
CDN校验漏洞催生海量网络投毒
http://www.freebuf.com/news/139358.html
http://www.freebuf.com/news/139358.html
Apache Guacamole: a clientless remote desktop gateway
https://guacamole.incubator.apache.org/
https://guacamole.incubator.apache.org/
Who Controls The Internet?
http://dyn.com/blog/who-controls-the-internet/
http://dyn.com/blog/who-controls-the-internet/
基于SDN和安全情报的自动响应技术
http://www.edu.cn/xxh/spkt/aq/201705/t20170527_1520005.shtml
http://www.edu.cn/xxh/spkt/aq/201705/t20170527_1520005.shtml
Resources for Learning Reverse Engineering
http://jackson.thuraisamy.me/re-resources.html
http://jackson.thuraisamy.me/re-resources.html
databank: 区块链技术相关的论文、文档
https://github.com/blockchain-university/databank
https://github.com/blockchain-university/databank
mixed packet injector tool
https://github.com/fredericopissarra/t50
https://github.com/fredericopissarra/t50
SecWiki周刊(第175期)
https://www.sec-wiki.com/weekly/175
https://www.sec-wiki.com/weekly/175
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第176期)
