SecWiki周刊(第182期)
2017/08/21-2017/08/27
安全资讯
[新闻]  美军网络司令部升级&美国情报体系大起底
http://www.arkteam.net/?p=2663
[观点]  2017年网络犯罪现状分析报告
http://www.4hou.com/info/news/7268.html
[新闻]  概念研究:新型攻击可以修改已发送的电子邮件内容
http://www.4hou.com/info/news/7379.html
安全技术
[设备安全]  Exploitee.rs Wiki:IOT Exploits Lists
https://www.exploitee.rs/index.php/Main_Page
[漏洞分析]  Java RMI 反序列化漏洞检测工具的编写
https://bbs.ichunqiu.com/thread-20414-1-1.html?from=sec
[其它]  一些牛逼的博客推荐
http://mp.weixin.qq.com/s/cxBbymkYBdvWMeyFxps3YA
[Web安全]  小密圈备份-json版本
https://github.com/AndreaOm/xiaomiquan_bak
[运维安全]  mimikatz 用法小记 [ 非交互抓取本地密码明文及hash ]
https://klionsec.github.io/2016/07/23/mimikatz-one/
[无线安全]  aircrack & hashcat 非字典高速破解目标无线密码
https://klionsec.github.io/2015/04/14/aircrack-hascat/
[Web安全]  很多时候你需要的只是一个shell
https://klionsec.github.io/2016/09/27/revese-shell/
[Web安全]  如何利用 socat 更方便地穿透目标内网
https://klionsec.github.io/2017/07/31/socat-meterpreter/
[Web安全]  ThinkPHP缓存函数设计缺陷导致GetShell漏洞复现
https://drops.org.cn/index.php/archives/262/
[Web安全]  携程安全自动化测试之路
http://techshow.ctrip.com/archives/2315.html
[编程技术]  Rendertron: Docker 版本的 Chrome headless
https://github.com/GoogleChrome/rendertron
[漏洞分析]  ScrumWorks Pro Remote Code Execution
https://blogs.securiteam.com/index.php/archives/3387
[漏洞分析]  Triggering a DNS lookup using Java Deserialization
https://blog.paranoidsoftware.com/triggering-a-dns-lookup-using-java-deserialization/
[漏洞分析]  geetest_break: 极验验证码破解-源码+手册
https://github.com/FanhuaandLuomu/geetest_break
[漏洞分析]  CVE-2017-6327: Symantec Messaging Gateway <= 10.6.3-2 unauthenticated root RCE
http://seclists.org/fulldisclosure/2017/Aug/28
[Web安全]  浅谈分布式渗透框架的架构与设计
https://zhuanlan.zhihu.com/p/28781870
[Web安全]  利用 PhantomJS + Python 完成动态检测XSS
http://blog.fr1day.me/2016/09/05/XSS_dynamic_detection_using_PhantomJs/
[Web安全]  QQ邮箱反射型xss漏洞
http://pirogue.org/2017/08/25/qqmailxss/
[Web安全]  windows提权系列中篇
http://mp.weixin.qq.com/s/ERXOLhWo0-lJbMV143I8hA
[Web安全]  渗透测试学习笔记之案例三
http://avfisher.win/archives/766
[Web安全]  菜比的php一句话木马学习之路
https://bbs.ichunqiu.com/thread-26365-1-1.html?from=sec
[漏洞分析]  D-Link-Dir-850L-远程命令执行漏洞
https://xianzhi.aliyun.com/forum/read/2010.html
[运维安全]  Autosonda:自动化检测防火墙规则工具
http://www.solidot.org/story?sid=53559
[漏洞分析]  ZzCMS前台任意脚本上传漏洞复现
https://bbs.ichunqiu.com/thread-25803-1-1.html?from=sec
[Web安全]  蜜罐与内网安全从0到1(一)
https://sosly.me/index.php/2017/08/23/goldenspark1/
[运维安全]  db_security:数据库安全审计工具
https://github.com/aWeiMiaoMiao/db_security
[其它]  互联网广告作弊十八般武艺(下)
https://mp.weixin.qq.com/s/Ut0_yj2YoPMwEAokNDPv5g
[Web安全]  Http-Proxy-Scan: 利用censys.io快速爬取http代理
https://github.com/t4mo/Http-Proxy-Scan
[数据挖掘]  机器学习在安全攻防的实践
http://blog.nsfocus.net/machine-learning-techworld2017/
[编程技术]  3个步骤实现简单语言解释器(自制简易编程语言)
http://www.4hou.com/technology/7328.html
[Web安全]  XSS Challenges闯关笔记
http://www.cnblogs.com/r00tuser/p/7413526.html
[其它]  远控木马上演白利用偷天神技:揭秘假破解工具背后的盗刷暗流
http://www.freebuf.com/articles/terminal/144590.html
[恶意分析]  Spam and phishing in 2017 Q2 卡巴垃圾邮件与网络钓鱼分析报告
https://securelist.com/spam-and-phishing-in-q2-2017/81537/
[Web安全]  HITB-2017-write-ups
https://rawsec.ml/en/HITB-2017-write-ups/
[工具]  信息收集——僵尸扫描
http://mp.weixin.qq.com/s/1i8BbkGsVcXPIQ9_TK30zw
[其它]  OSS-Fuzz Google's continuous fuzzing service for open source software
https://www.usenix.org/sites/default/files/conference/protected-files/usenixsecurity17_slides_serebryany.pdf
[运维安全]  vulscan: Advanced vulnerability scanning with Nmap NSE
https://github.com/scipag/vulscan
[移动安全]  专栏:IDA反汇编/反编译静态分析iOS模拟器程序
http://blog.csdn.net/column/details/ios-ida.html
[其它]  SecWiki周刊(第181期)
https://www.sec-wiki.com/weekly/181
[运维安全]  DockerScan:Docker安全分析&测试工具
http://www.freebuf.com/column/145215.html
[运维安全]  公有云厂商自建威胁情报系统
http://www.4hou.com/technology/7355.html
[其它]  一次针对人肉者的反社工
https://bbs.ichunqiu.com/thread-26353-1-1.html?from=sec
[Web安全]  重新理解 http 协议
https://klionsec.github.io/2017/06/18/http-basic/
[论文]  在内网中自动化寻找管理员的技术
http://www.4hou.com/penetration/7332.html
[Web安全]  深入理解 https 加密过程
https://klionsec.github.io/2017/07/31/https-learn/
[Web安全]  浅谈Session机制及CSRF攻防
http://mp.weixin.qq.com/s/aID_N9bgq91EM26qVSVBXw
[移动安全]  360加固保关键技术浅析
http://www.freebuf.com/articles/terminal/145102.html
[Web安全]  黑客的探路狗-ReconDog-信息收集工具
https://bbs.ichunqiu.com/thread-26242-1-1.html?from=sec
[漏洞分析]  Tunnel Manager - From RCE to Docker Escape
https://xianzhi.aliyun.com/forum/read/2009.html
[恶意分析]  通过Shellcode聚类识别定向攻击相关的恶意代码
https://mp.weixin.qq.com/s/5RYOMEyOa5kR-yQ9So07sA
[观点]  不是修改数据的攻击就叫数据攻击
http://blog.sina.com.cn/s/blog_85e506df0102x9fa.html
[Web安全]  基于Censys API 的命令行搜索脚本
https://github.com/gelim/censys
[Web安全]  模糊测试之实例讲解
https://bbs.ichunqiu.com/thread-26336-1-1.html?from=sec
[工具]  SpiderFoot and SHODAN
https://asciinema.org/a/127601
[工具]  用msf生成常用payload
http://mp.weixin.qq.com/s/fnpwTblrEYWxGVyETIFu8A
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第182期)