SecWiki周刊(第183期)
2017/08/28-2017/09/03
安全资讯
[新闻]  FBI 如何识别中国黑客身份
http://www.solidot.org/story?sid=53613
[法规]  NIAC发布报告《保护基础设施,应对网络攻击》
http://mp.weixin.qq.com/s/r0RKAfxnct1PFmjMAu3qUA
[会议]  2017腾讯安全国际技术峰会首日议题全记录
http://www.freebuf.com/fevents/146073.html
[新闻]  维基解密CIA泄露盘点:骇人听闻的攻击部门和全方位黑客工具
http://www.freebuf.com/special/145818.html
安全技术
[Web安全]  信息安全知识库全站资源打包 下载
http://pan.baidu.com/s/1gf4Brb1
[文档]   ISS 2017网络生态峰会PPT
http://pan.baidu.com/s/1pL7cDbt
[文档]  台灣駭客年會 HITCON CMT 2017 部分PPT
https://hitcon.org/2017/CMT/agenda
[其它]  物联网防护新思路:软件定义访问控制
http://blog.nsfocus.net/iot-techworld2017/
[Web安全]  先知XSS挑战赛 - Writeup
https://mp.weixin.qq.com/s/d_UCJusUdWCRTo3Vutsk_A
[Web安全]  阿里XSS挑战赛思路及PoC
http://phantom0301.cc/2017/08/30/alixss/
[数据挖掘]  weibospider: 新浪微博爬虫(分布式)
https://github.com/ResolveWang/weibospider
[文档]  安全学习工具和研究途径分享
https://bbs.ichunqiu.com/thread-26618-1-1.html?from=sec
[Web安全]  Web-Security-Learning: Web安全的一些资料
https://github.com/CHYbeta/Web-Security-Learning
[数据挖掘]  知识图谱的应用
https://zhuanlan.zhihu.com/p/28609177?from=timeline
[Web安全]  Pentest: 一些实用的渗透脚本和代码
https://github.com/Ridter/Pentest
[数据挖掘]  构建基于社交图谱关系的反欺诈产品应用
https://www.youtube.com/watch?v=ruTO4BOh5qQ
[其它]  Inside the Massive 711 Million Record Onliner Spambot Dump
https://nosec.org/my/threats/1538
[Web安全]  如何在Linux下管理webshell
https://bbs.ichunqiu.com/thread-26447-1-1.html?from=sec
[Web安全]  白帽黑客:如何用总裁的座机给你打的电话!
https://bbs.ichunqiu.com/thread-26530-1-1.html?from=sec
[编程技术]  看我如何用57行代码实现8600万美元的项目
https://medium.freecodecamp.org/how-i-replicated-an-86-million-project-in-57-lines-of-code-277031330ee9
[比赛]  X-NUCA '17第一期靶场渗透赛最佳团队Writeup
https://mp.weixin.qq.com/s/92RfSObhnzITzZ_HzaKvgQ
[运维安全]  china_ip_list: 中国 IP 地址列表( IPIP&APNIC )
https://github.com/LisonFan/china_ip_list
[编程技术]  基于ASM的java字符串混淆工具实现
http://mp.weixin.qq.com/s/8pIcsRbVPj1EBgSC961gDA
[漏洞分析]  Software-Security-Learning: 软件安全的一些资料
https://github.com/CHYbeta/Software-Security-Learning
[恶意分析]  卡巴斯基实验室对 WhiteBear APT 的分析与介绍
https://securelist.com/introducing-whitebear/81638/
[Web安全]  Pocms&&finecms注册会员越权getshell
https://bbs.ichunqiu.com/article-894-1.html?from=sec
[无线安全]  无线渗透(中)--WPS破解
https://mp.weixin.qq.com/s/8lVoUfyHu_jllRoYZmKF8Q
[Web安全]  TLS握手协议分析与理解——某HTTPS请求流量包分析
http://mp.weixin.qq.com/s/hor6DLFrEQw582DyAffoZA
[漏洞分析]  挖掘分布式系统——Hadoop的漏洞
https://mp.weixin.qq.com/s/JTZfaG6iG2XAmiCeBiKxwA
[Web安全]  Oracle Advanced Support系统SQL注入漏洞挖掘经验分享
http://bobao.360.cn/learning/detail/4340.html
[Web安全]  日志分析与splunk浅谈
https://bbs.ichunqiu.com/thread-26434-1-1.html?from=sec
[数据挖掘]  [我的KDD之行] 实体提取+TensorFlow+频繁模式(演讲PDF下载)
https://tianchi.aliyun.com/competition/new_articleDetail.html?&postsId=2464
[漏洞分析]  HITB CTF 2017 Pwn题研究
http://0x48.pw/2017/08/29/0x49/
[恶意分析]  COM Object hijacking后门的实现思路——劫持explorer.exe
http://www.4hou.com/technology/7402.html
[数据挖掘]  文档扫描:深度神经网络在移动端的实践
http://techblog.youdao.com/?p=1237
[漏洞分析]  CTF-pwn-tips: Here records some tips about pwn that I have learned
https://github.com/Naetw/CTF-pwn-tips
[设备安全]  Mac下的破解软件真的安全吗?
http://www.freebuf.com/articles/terminal/145327.html
[运维安全]  OpenStack:建立虚拟的渗透测试实验环境 – 网络篇
http://www.freebuf.com/articles/network/145947.html
[运维安全]  卡巴斯基事件响应指南读后感
https://mp.weixin.qq.com/s/ciaEeH0jxoStHiTeWB51tg
[观点]  Gartner: 2017年11大信息安全技术(解读版)
http://yepeng.blog.51cto.com/3101105/1962301
[其它]  Wireshark如何捕获网络流量数据包
http://www.4hou.com/web/7465.html
[文档]  SecWiki周刊(第182期)
https://www.sec-wiki.com/weekly/182
[恶意分析]  MaliciousMacroBot: classify and cluster Microsoft office document
https://github.com/egaus/MaliciousMacroBot
[漏洞分析]  Command Injection/Shell Injection[PDF]
https://www.exploit-db.com/docs/42593.pdf
[观点]  为什么“纵深防御”雷声大雨点小?
https://mp.weixin.qq.com/s/B5n8wpLDy1rGchrySpBNUQ
[Web安全]  Manual SQL injection discovery tips
https://gerbenjavado.com/manual-sql-injection-discovery-tips/
[观点]  MQ带来的国际化启示
https://mp.weixin.qq.com/s/zJubeSuXRZRUBhulaRvHYg
[无线安全]  无线渗透(下)—企业级WPA破解
http://mp.weixin.qq.com/s/88c4q6gNpy6LsM11T4rkYg
[编程技术]  实现 macOS 内核监控的几种方法
http://weibo.com/ttarticle/p/show?id=2309404147420605875697
[漏洞分析]  An iOS kernel exploit designated to work on all iOS devices <= 10.3.1
https://github.com/doadam/ziVA
[Web安全]  Wordpresscan: WPScan rewritten in Python + some WPSeku ideas
https://github.com/swisskyrepo/Wordpresscan
[取证分析]  基于Paramiko的高交互SSH蜜罐
http://www.freebuf.com/sectool/145527.html
[设备安全]  知道工具之硬件路由相关
https://mp.weixin.qq.com/s/QdiI66ZDsHj7MaMB6c88Ug
[Web安全]  ThinkPHP3.2.3框架实现安全数据库操作分析
http://mp.weixin.qq.com/s/q6RuLi7dQSMc8vwOIQ0JeA
[取证分析]  CyberThreatHunting: A collection of resources for Threat Hunters
https://github.com/A3sal0n/CyberThreatHunting
[Web安全]  使用request merging bypass referer(jsonp) 检测
https://threathunter.org/topic/59a9329cec721b1f1966ea2e
[取证分析]  ERNW 对朝鲜的大规模监视技术的剖析
https://www.ernw.de/download/exploring_north_koreas_survelliance_technology_troopers17.pdf
[漏洞分析]  Installing a crafted gem package may create or overwrite files
https://hackerone.com/reports/243156
[运维安全]  Deploy a global, private CDN on your lunch break 部署全球私有CDN
https://blog.edgemesh.com/deploy-a-global-private-cdn-on-your-lunch-break-7550e9a9ad7e
[恶意分析]  Cheat Sheet for Analyzing Malicious Software
https://zeltser.com/malware-analysis-cheat-sheet/
[漏洞分析]  pharos: Automated static analysis tools for binary programs
https://github.com/cmu-sei/pharos
-----微信ID:SecWiki-----
SecWiki,5年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第183期)