SecWiki周刊(第197期)
2017/12/04-2017/12/10
安全资讯
[其它]  2345联盟通过流氓软件推广挖矿工具, 众多用户电脑沦为“肉鸡”
http://www.freebuf.com/articles/terminal/155895.html
[法规]  中华人民共和国反间谍法实施细则
http://www.gov.cn/zhengce/content/2017-12/06/content_5244819.htm
[新闻]   手机访客系统团队被抓
http://www.solidot.org/story?sid=54760
[观点]  关键信息基础设施安全等级保护技术框架研究
https://mp.weixin.qq.com/s/DCxfYFOEE6kOlX9KQJ3ahQ
[人物]  林皓:一颗螺丝钉
https://mp.weixin.qq.com/s/IHf8H5-BGOv_0Amo0eg1Mw
安全技术
[文档]  Black Hat Europe 2017的PPT
https://www.blackhat.com/eu-17/briefings.html
[文档]  安全分析和情报大会PPT
https://threatbook.cn/event/
[运维安全]  安全运维那些洞
http://mp.weixin.qq.com/s/xDgrIQG7bdbkrgNpbsxSIQ
[移动安全]  Android APP安全测试之敏感信息本地存储
http://mp.weixin.qq.com/s/vDIgYIlWnZ5FJUwy9Vs-lg
[Web安全]  浅谈常规渗透瓶颈,实例发散思维突破
http://mp.weixin.qq.com/s/kiOAk2VfgkS51A_gwd23qw
[Web安全]  搜集SRC信息中的“技术活儿”
http://mp.weixin.qq.com/s/juGoL1QlirhxwCjDZD3nfg
[Web安全]  ISCC 2017 GRD Web Writeup
http://foreversong.cn/archives/847
[Web安全]  cmsPoc-A CMS Exploit Framework
https://github.com/CHYbeta/cmsPoc/wiki/Scripts
[无线安全]  SecBee: ZigBee security testing tool
https://github.com/Cognosec/SecBee
[运维安全]  xsec-proxy-scanner: 一款速度超快、小巧的代理扫描器
https://github.com/netxfly/xsec-proxy-scanner
[Web安全]  使用sqlmap曲折渗透某服务器
https://bbs.ichunqiu.com/thread-29736-1-1.html?from=sec
[数据挖掘]  基于神经网络的实体识别和关系抽取联合学习
https://mp.weixin.qq.com/s/AhoEzujMVUU-P7j5z_8sVQ
[运维安全]  nmap_vscan: nmap service and application detection (without nmap)
https://github.com/nixawk/nmap_vscan
[编程技术]  weibo-api: 免登陆获取新浪微博数据的Python库
https://github.com/yawuplus/weibo-api
[漏洞分析]  Linux kernel 4.14 SLAB_FREELIST_HARDENED 简单分析
https://paper.seebug.org/470/
[Web安全]  TensorFlow自动识别验证码(一)
http://mp.weixin.qq.com/s/J9vjaoClzBbR4oigusNdpw
[Web安全]  对《cookie之困》的一些总结与思考
http://www.cnblogs.com/r00tuser/p/7993509.html
[漏洞分析]  PHP Security Advent Calendar 2017 PHP挑战赛
https://www.ripstech.com/php-security-calendar-2017/
[编程技术]  scrapy+selenium爬取UC头条网站
http://kekefund.com/2017/12/06/scrapy-and-selenium/
[数据挖掘]  XLearning:一款支持多种机器学习、深度学习框架调度系统
https://github.com/Qihoo360/XLearning/blob/master/README_CN.md
[移动安全]  Android开发工具Apktool漏洞利用分析
https://security.tencent.com/index.php/blog/msg/122
[移动安全]  某系列光猫几处漏洞分析
http://mp.weixin.qq.com/s/bq3yUSA3dLLmbWEyewjcMw
[恶意分析]  基于AST抽象语法树的PowerShell代码混淆技术
http://www.4hou.com/penetration/9002.html
[Web安全]  花式窃取NetNTLM哈希的方法
https://paper.seebug.org/474/
[Web安全]  攻击容器集群管理平台
https://0x0d.im/archives/attack-container-management-platform.html
[Web安全]  【代码审计】之Cacti
http://mp.weixin.qq.com/s/6g5KBnjwlKJ3C-1cVYMpQg
[移动安全]  深度剖析:手机指纹的马奇诺防线
https://paper.seebug.org/471/
[移动安全]  上网终端漏洞威胁情报报告
http://mp.weixin.qq.com/s/iHH0BR7UQh0ycBJONbgABw
[Web安全]  [PHP审计实战篇]XDCMS v2.0.8 SQL显错注入
https://bbs.ichunqiu.com/thread-30059-1-1.html?from=sec
[Web安全]  针对已知数据的信息挖掘
http://blog.nsfocus.net/web-mining/
[运维安全]  Detecting Lateral Movement through Tracking Event Logs (Version 2)
https://www.jpcert.or.jp/english/pub/sr/Detecting%20Lateral%20Movement%20through%20Tracking%20Event%20Logs_version2.pdf
[运维安全]  企业安全项目架构实践分享
https://mp.weixin.qq.com/s/RlBTH9-xrY7Nd1ZJK3KjDQ
[Web安全]  Owasp juice shop (二)
https://bbs.ichunqiu.com/thread-29958-1-1.html?from=sec
[移动安全]  一种全新的APP注册登录验证技术方案?
http://mp.weixin.qq.com/s/KALAL31QoC8s8bANKRgKcQ
[Web安全]  Methods to Bypass a Web Application Firewall
https://www.ptsecurity.com/upload/corporate/ww-en/download/PT-devteev-CC-WAF-ENG.pdf
[运维安全]  非即时反馈策略与随机噪音在业务安全中的应用
http://mp.weixin.qq.com/s/gFXbO4CkG4ZWZvNp-xpARQ
[其它]  分解型后门构想初探
http://mp.weixin.qq.com/s/KLR2s9PkHqy97eZjYTeM2w
[观点]  入坑安全你后悔吗
http://mp.weixin.qq.com/s/Spy0nS_3O5H49PpBGyUEhA
[Web安全]  分享几个好玩的过狗一句话
https://bbs.ichunqiu.com/thread-29896-1-1.html?from=sec
[恶意分析]  New Targeted Attack in the Middle East by APT34
https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.html
[恶意分析]  ics-attack-detection: Detection of Cyber Attacks with Zone Dividing and PCA
https://github.com/manikantareddyd/ics-attack-detection
[杂志]  SecWiki周刊(第196期)
https://www.sec-wiki.com/weekly/196
[数据挖掘]  Delivering Security Insights with Data Analytics and Visualization
https://www.slideshare.net/zrlram/delivering-security-insights-with-data-analytics-and-visualization-83499852
[恶意分析]  Wordpress Keylogger事件分析
https://cert.360.cn/warning/detail?id=6c3e744f070dff4b88a5d15c5e46620e
[取证分析]  Thinking in Graphs: Exploring with Timesketch
https://medium.com/timesketch/thinking-in-graphs-exploring-with-timesketch-84b79aecd8a6
[Web安全]  MySQL绕过WAF实战技巧
http://www.freebuf.com/articles/web/155570.html
[Web安全]  Pwnhub会员日一题引发的思考
http://mp.weixin.qq.com/s/_4Du7aqTHNhS4OArfVGqvw
[运维安全]  Designing Effective Covert Red Team Attack Infrastructure
https://posts.specterops.io/designing-effective-covert-red-team-attack-infrastructure-767d4289af43
[Web安全]  利用Empire桥接Metasploit和ShadowBroker发布的FuzzBunch
https://story.tonylee.name/2017/05/05/li-yong-empireqiao-jie-metasploithe-shadowbrokerfa-bu-de-fuzzbunch/
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第197期)