SecWiki周刊(第196期)
2017/11/27-2017/12/03
安全资讯
Milipol Paris 2017,总有些技术超出想象
https://paper.seebug.org/466/
https://paper.seebug.org/466/
《推进互联网协议第六版(IPv6)规模部署行动计划》
http://www.gov.cn/zhengce/2017-11/26/content_5242389.htm?from=groupmessage&isappinstalled=0
http://www.gov.cn/zhengce/2017-11/26/content_5242389.htm?from=groupmessage&isappinstalled=0
安全技术
DC0571杭州安全沙龙PPT
https://www.anquanke.com/post/id/87335
https://www.anquanke.com/post/id/87335
Huge Dirty COW 漏洞分析 (CVE-2017–1000405)
http://ne2der.com/2017/HugeDirtyCOW-CVE-2017%E2%80%931000405/
http://ne2der.com/2017/HugeDirtyCOW-CVE-2017%E2%80%931000405/
Shodan在渗透测试及漏洞挖掘中的一些用法
http://www.cnblogs.com/miaodaren/p/7904484.html
http://www.cnblogs.com/miaodaren/p/7904484.html
使用社区发现算法从企业内部无效域名中挖掘DGA
http://114.215.116.57/posts/使用社区发现算法从企业内部无效域名中挖掘DGA/
http://114.215.116.57/posts/使用社区发现算法从企业内部无效域名中挖掘DGA/
Botconf 2017 Schedule 议题列表
https://botconf2017.sched.com/
https://botconf2017.sched.com/
DoraBox: 多拉盒教学培训靶场
https://github.com/gh0stkey/DoraBox
https://github.com/gh0stkey/DoraBox
2017湖湘杯复赛writeup
https://www.40huo.cn/blog/hxb-2017.html
https://www.40huo.cn/blog/hxb-2017.html
Powershell攻击指南——黑客后渗透之道系列之基础篇
https://www.anquanke.com/post/id/87976?from=timeline&isappinstalled=0
https://www.anquanke.com/post/id/87976?from=timeline&isappinstalled=0
2017 IEEE International Conference on Information Reuse and Integration (IRI)
http://ieeexplore.ieee.org/xpl/mostRecentIssue.jsp?punumber=8100855
http://ieeexplore.ieee.org/xpl/mostRecentIssue.jsp?punumber=8100855
Kaggle网页流量时序预测比赛第一名方案
https://github.com/Arturus/kaggle-web-traffic
https://github.com/Arturus/kaggle-web-traffic
BurpUnlimited: EXTENDS BurpLoader's license
https://github.com/mxcxvn/BurpUnlimited
https://github.com/mxcxvn/BurpUnlimited
OpenATS续篇:搭建自己的卫星地球站
http://www.freebuf.com/articles/wireless/153793.html
http://www.freebuf.com/articles/wireless/153793.html
Web攻防之暴力破解(何足道版)
https://mp.weixin.qq.com/s/_zzHPAeWvSp4ckDz0_PltQ
https://mp.weixin.qq.com/s/_zzHPAeWvSp4ckDz0_PltQ
如何利用Shodan API和Python自动扫描高危设备
http://www.4hou.com/web/8803.html
http://www.4hou.com/web/8803.html
SonarQube:开源的代码质量管理系统
https://www.sonarqube.org/
https://www.sonarqube.org/
cookiecutter-data-science: 机器学习标准化模板生成工具
https://github.com/drivendata/cookiecutter-data-science
https://github.com/drivendata/cookiecutter-data-science
物联网硬件安全分析基础-固件提取
https://paper.seebug.org/468/
https://paper.seebug.org/468/
SCADA-Rules: 工控网络通信协议中基于Snort构建报警规则
https://github.com/Z-0ne/SCADA-Rules
https://github.com/Z-0ne/SCADA-Rules
机器学习在Web攻击检测中的应用实践
https://mp.weixin.qq.com/s/Fuu70rPWyYP5mQSOK3J9_Q
https://mp.weixin.qq.com/s/Fuu70rPWyYP5mQSOK3J9_Q
浅谈一下mshta在CVE-2017-11882里的命令构造
http://www.freebuf.com/articles/web/155304.html
http://www.freebuf.com/articles/web/155304.html
利用Outlook的CreateObject方法和DotNetToJScript渗透内网
http://www.4hou.com/penetration/8541.html
http://www.4hou.com/penetration/8541.html
记一次线下赛靶机攻击过程
http://www.myh0st.cn/index.php/archives/598/
http://www.myh0st.cn/index.php/archives/598/
TINFOLEAK: open-source tool for Twitter intelligence analysis
http://www.vicenteaguileradiaz.com/tools/
http://www.vicenteaguileradiaz.com/tools/
代码混淆之道(三)控制流扁平的开源实践和改进
https://bbs.ichunqiu.com/thread-29665-1-1.html?from=sec
https://bbs.ichunqiu.com/thread-29665-1-1.html?from=sec
首届安全分析与情报大会纪实(下)
http://www.freebuf.com/fevents/155846.html
http://www.freebuf.com/fevents/155846.html
企业安全中DevSecOps的一些思考
http://www.freebuf.com/articles/es/145567.html
http://www.freebuf.com/articles/es/145567.html
黑客游戏| Owasp juice shop (一)
https://bbs.ichunqiu.com/thread-29680-1-1.html?from=sec
https://bbs.ichunqiu.com/thread-29680-1-1.html?from=sec
你的Web App能弹计算器吗?
https://blog.zsxsoft.com/post/32
https://blog.zsxsoft.com/post/32
CVE-2017-11882漏洞复现结合MSF拿电脑shell
https://bbs.ichunqiu.com/thread-29620-1-1.html?from=sec
https://bbs.ichunqiu.com/thread-29620-1-1.html?from=sec
骚年,看我如何把 PhantomJS 图片的 XSS 升级成 SSRF/LFR
https://bbs.ichunqiu.com/thread-24786-1-1.html?from=sec
https://bbs.ichunqiu.com/thread-24786-1-1.html?from=sec
Java反序列化漏洞从无到有
http://www.freebuf.com/column/155381.html
http://www.freebuf.com/column/155381.html
Visualise Event Logs to Identify Compromised Accounts
http://blog.jpcert.or.jp/2017/11/visualise-event-logs-to-identify-compromised-accounts---logontracer-.html
http://blog.jpcert.or.jp/2017/11/visualise-event-logs-to-identify-compromised-accounts---logontracer-.html
Windows下载远程Payload并执行代码的各种技巧
http://www.freebuf.com/articles/system/155147.html
http://www.freebuf.com/articles/system/155147.html
New Mirai Attack Attempts Detected in South America and North African Countries
http://blog.trendmicro.com/trendlabs-security-intelligence/new-mirai-attack-attempts-detected-south-america-north-african-countries/?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+Anti-MalwareBlog+%28Trendlabs+Security+Intelligence+Blog%29
http://blog.trendmicro.com/trendlabs-security-intelligence/new-mirai-attack-attempts-detected-south-america-north-african-countries/?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+Anti-MalwareBlog+%28Trendlabs+Security+Intelligence+Blog%29
对工控系统安全防护的思考与实践
https://mp.weixin.qq.com/s/MzLeI17OeDqr2aFBNAidZQ
https://mp.weixin.qq.com/s/MzLeI17OeDqr2aFBNAidZQ
CRLF & OpenRedirect Newline and redirect For WebVillage
https://speakerd.s3.amazonaws.com/presentations/698791c9e3ff4ef6b6bf8d8c522fd823/ZN_CRLF_PDF.pdf
https://speakerd.s3.amazonaws.com/presentations/698791c9e3ff4ef6b6bf8d8c522fd823/ZN_CRLF_PDF.pdf
首届安全分析与情报大会纪实(上)
http://www.freebuf.com/fevents/155830.html
http://www.freebuf.com/fevents/155830.html
7zip CVE-2016-2334 HFS+ Code Execution Vulnerability
http://blog.talosintelligence.com/2017/11/exploiting-cve-2016-2334.html?m=1&from=timeline
http://blog.talosintelligence.com/2017/11/exploiting-cve-2016-2334.html?m=1&from=timeline
SecWiki周刊(第195期)
https://www.sec-wiki.com/weekly/195
https://www.sec-wiki.com/weekly/195
Web 网页爬虫对抗指南 Part.2
http://www.4hou.com/web/8736.html
http://www.4hou.com/web/8736.html
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第196期)
