SecWiki周刊(第201期)
2018/01/01-2018/01/07
安全资讯
盘点2017年网络诈骗十大事件
http://www.chinanews.com/sh/2018/01-03/8415103.shtml
http://www.chinanews.com/sh/2018/01-03/8415103.shtml
工业控制系统信息安全行动计划发布
https://mp.weixin.qq.com/s/TE-uWlKflUCMUDzLAeaXSA
https://mp.weixin.qq.com/s/TE-uWlKflUCMUDzLAeaXSA
工信部司局详解2018年重点工作思路
https://mp.weixin.qq.com/s/sMRtE5_GExWj6lIVcSqMBg
https://mp.weixin.qq.com/s/sMRtE5_GExWj6lIVcSqMBg
23项信安标委归口国家标准获批发布
https://mp.weixin.qq.com/s/vq4rr2bfcP0qCT-L5jTRyA
https://mp.weixin.qq.com/s/vq4rr2bfcP0qCT-L5jTRyA
连载黑客小说 |《杀手》第八章:时代
http://www.freebuf.com/column/158793.html
http://www.freebuf.com/column/158793.html
政务信息系统政府采购管理暂行办法
https://www.toutiao.com/i6506326748072772104/
https://www.toutiao.com/i6506326748072772104/
《中国网络安全企业50强》(2017年下半年)
https://mp.weixin.qq.com/s/5jl-V5SzXExhJ6qQHuil8Q
https://mp.weixin.qq.com/s/5jl-V5SzXExhJ6qQHuil8Q
美国海关和边境保护局2017年搜查了30200部电子设备
http://www.cnbeta.com/articles/tech/686581.htm
http://www.cnbeta.com/articles/tech/686581.htm
揭秘:暗网卖家是如何构建信任的?
http://www.4hou.com/info/news/9693.html
http://www.4hou.com/info/news/9693.html
姚羽:保卫工控安全就是保卫国家安全
https://mp.weixin.qq.com/s/UzCdkKRzovEjaRHdGjDkwQ
https://mp.weixin.qq.com/s/UzCdkKRzovEjaRHdGjDkwQ
安全技术
使用bugscan插件的扫描器
https://github.com/boy-hack/w9scan
https://github.com/boy-hack/w9scan
从微信小程序看前端代码安全
https://share.whuboy.com/weapp.html
https://share.whuboy.com/weapp.html
社工找出幕后诈骗的黑手技巧篇(下)
https://bbs.ichunqiu.com/thread-31905-1-1.html?from=sec
https://bbs.ichunqiu.com/thread-31905-1-1.html?from=sec
Web Scraping with selenium
http://sm0nk.com/2017/11/27/%E5%9F%BA%E4%BA%8ESeleinum%E7%9A%84%E5%8F%A3%E4%BB%A4%E7%88%86%E7%A0%B4%E5%BA%94%E7%94%A8/
http://sm0nk.com/2017/11/27/%E5%9F%BA%E4%BA%8ESeleinum%E7%9A%84%E5%8F%A3%E4%BB%A4%E7%88%86%E7%A0%B4%E5%BA%94%E7%94%A8/
weblogic XMLDecoder反序列化漏洞-CVE-2017-10271
http://pirogue.org/2017/12/29/weblogic-XMLDecoder/
http://pirogue.org/2017/12/29/weblogic-XMLDecoder/
Beautiful list of deep learning tutorial 深度学习案例
https://github.com/Xyntax/ML
https://github.com/Xyntax/ML
处理器A级漏洞Meltdown(熔毁)和Spectre(幽灵)分析报告
https://weibo.com/ttarticle/p/show?id=2309404192764286877696
https://weibo.com/ttarticle/p/show?id=2309404192764286877696
后渗透:ESXi反弹Shell
https://www.anquanke.com/post/id/93672
https://www.anquanke.com/post/id/93672
性能VS安全?CPU芯片漏洞攻击实战(1) - 破解macOS KASLR篇
https://media.weibo.cn/article?id=2309404192549521743410
https://media.weibo.cn/article?id=2309404192549521743410
fsociety Hacking Tools Pack – A Penetration Testing Framework
https://github.com/Manisso/fsociety
https://github.com/Manisso/fsociety
Removing Backdoors – Powershell Empire Edition – n00py Blog
https://www.n00py.io/2017/01/removing-backdoors-powershell-empire-edition/
https://www.n00py.io/2017/01/removing-backdoors-powershell-empire-edition/
批量挖SRC漏洞的其中一种打开方式-基于cms的漏洞扫描设计与实现
https://mp.weixin.qq.com/s/zDAXg1dmTh1I6N4hGusT5g
https://mp.weixin.qq.com/s/zDAXg1dmTh1I6N4hGusT5g
AFL(American Fuzzy Lop)实现细节与文件变异
https://paper.seebug.org/496/
https://paper.seebug.org/496/
用Python对用户评论典型意见进行数据挖掘
https://mp.weixin.qq.com/s/iytARh75EjYDnfxkBqnEOw
https://mp.weixin.qq.com/s/iytARh75EjYDnfxkBqnEOw
CPU乱序执行和预测执行导致的安全问题
https://zhuanlan.zhihu.com/p/32654221
https://zhuanlan.zhihu.com/p/32654221
Tensorflow实战学习笔记
https://github.com/MachineLP/Tensorflow-
https://github.com/MachineLP/Tensorflow-
恶意样本分析手册–溯源篇
http://blog.nsfocus.net/trace-source/
http://blog.nsfocus.net/trace-source/
Reading Network Packets as a Natural Language for Intrusion Detection
http://www.icisc.org/icisc/asp/papers/sec8_2_slide.pdf
http://www.icisc.org/icisc/asp/papers/sec8_2_slide.pdf
Inndy的Hack Game攻略(WEB篇)
http://www.freebuf.com/articles/web/158885.html
http://www.freebuf.com/articles/web/158885.html
使用docker一键部署Web应用
https://jiayi.space/post/shi-yong-dockeryi-jian-bu-shu-webying-yong
https://jiayi.space/post/shi-yong-dockeryi-jian-bu-shu-webying-yong
normalized data logs from 250K sandboxed samples 恶意样本函数调用数据集
http://www.hexacorn.com/blog/2017/12/31/happy-new-year-2018-get-yourself-logs-from-250k-sandboxed-samples/
http://www.hexacorn.com/blog/2017/12/31/happy-new-year-2018-get-yourself-logs-from-250k-sandboxed-samples/
手把手教你制作漏洞复现环境
http://mp.weixin.qq.com/s/Xxd2fO3zfMrjV90mrjyL7Q
http://mp.weixin.qq.com/s/Xxd2fO3zfMrjV90mrjyL7Q
OpenRASP技术分析
http://blog.nsfocus.net/openrasp-tech/
http://blog.nsfocus.net/openrasp-tech/
挖洞技巧:APP手势密码绕过思路总结
https://www.anquanke.com/post/id/93662
https://www.anquanke.com/post/id/93662
PowerShell Empire实战入门篇
http://www.freebuf.com/sectool/158393.html
http://www.freebuf.com/sectool/158393.html
看我如何逆向卡巴斯基引擎实现对机密文件的检测
https://www.anquanke.com/post/id/93462
https://www.anquanke.com/post/id/93462
“借刀杀人”之CSRF拿下盗图狗后台
https://bbs.ichunqiu.com/thread-31779-1-1.html?from=sec
https://bbs.ichunqiu.com/thread-31779-1-1.html?from=sec
如何使用MitmAP创建一个恶意接入点
http://www.4hou.com/technology/9154.html
http://www.4hou.com/technology/9154.html
用 360 随身 WiFi 钓鱼
http://mp.weixin.qq.com/s/dUVUswYm_3s67A6ZnXlu8A
http://mp.weixin.qq.com/s/dUVUswYm_3s67A6ZnXlu8A
以溯源为目的蜜罐系统建设
http://www.4hou.com/technology/9687.html
http://www.4hou.com/technology/9687.html
安卓恶意软件检测:系统调用日志+机器学习算法
http://www.4hou.com/info/news/9669.html
http://www.4hou.com/info/news/9669.html
对华为HG532远程命令执行漏洞的新探索
http://xlab.tencent.com/cn/2018/01/05/a-new-way-to-exploit-cve-2017-17215/
http://xlab.tencent.com/cn/2018/01/05/a-new-way-to-exploit-cve-2017-17215/
安卓渗透利器AndroTickler排雷指北
https://mp.weixin.qq.com/s/xI3qLGRL9JmlBJL3mEP-iQ
https://mp.weixin.qq.com/s/xI3qLGRL9JmlBJL3mEP-iQ
RSAP技术分析
http://blog.nsfocus.net/rsap-tech/
http://blog.nsfocus.net/rsap-tech/
Adapting the POC for CVE-2017-1000112 to Other Kernels
https://ricklarabee.blogspot.jp/2017/12/adapting-poc-for-cve-2017-1000112-to.html
https://ricklarabee.blogspot.jp/2017/12/adapting-poc-for-cve-2017-1000112-to.html
Open-Redirect-Payloads: Open Redirect Payloads
https://github.com/cujanovic/Open-Redirect-Payloads
https://github.com/cujanovic/Open-Redirect-Payloads
PotPlayer播放器极致优化版木马分析报告
https://www.anquanke.com/post/id/93227
https://www.anquanke.com/post/id/93227
“一个人”的互金企业安全建设总结
http://www.freebuf.com/articles/neopoints/158724.html
http://www.freebuf.com/articles/neopoints/158724.html
企业安全建设—模块化蜜罐平台的设计思路与想法
https://xianzhi.aliyun.com/forum/topic/1885/?from=timeline
https://xianzhi.aliyun.com/forum/topic/1885/?from=timeline
Office 365 Safe links bypass
https://oddvar.moe/2018/01/03/office-365-safe-links-bypass/
https://oddvar.moe/2018/01/03/office-365-safe-links-bypass/
某CMS注入分析及注入点总结
http://www.freebuf.com/articles/web/157827.html
http://www.freebuf.com/articles/web/157827.html
[社会工程学]小技巧找出幕后诈骗的黑手(上)
https://bbs.ichunqiu.com/thread-31584-1-1.html?from=sec
https://bbs.ichunqiu.com/thread-31584-1-1.html?from=sec
2017 物联网安全研究报告
http://www.nsfocus.com.cn/content/details_62_2646.html
http://www.nsfocus.com.cn/content/details_62_2646.html
穿透内网防线,USB自动渗透手法总结
http://www.freebuf.com/sectool/158784.html
http://www.freebuf.com/sectool/158784.html
Redis未授权访问致远程植入挖矿脚本(完结篇)
http://mp.weixin.qq.com/s/I1fNlytovsi7h715FFg3tg
http://mp.weixin.qq.com/s/I1fNlytovsi7h715FFg3tg
回看2017 | 威胁情报看威胁
https://mp.weixin.qq.com/s/dsafRx9ZcDBHWOEH8xLyAw
https://mp.weixin.qq.com/s/dsafRx9ZcDBHWOEH8xLyAw
路由器蠕虫触发的网络安全人工智能实战
https://mp.weixin.qq.com/s/O3apmnZDDZt2TrEHtwekUg
https://mp.weixin.qq.com/s/O3apmnZDDZt2TrEHtwekUg
2017我国移动端传销诈骗类威胁态势分析报告
http://blog.avlsec.com/2017/12/5083/paper/
http://blog.avlsec.com/2017/12/5083/paper/
Get Python Code From PyInstaller
https://lightless.me/archives/get-python-code-from-pyinstaller.html
https://lightless.me/archives/get-python-code-from-pyinstaller.html
Huawei Home Routers in Botnet Recruitment
https://research.checkpoint.com/good-zero-day-skiddie/
https://research.checkpoint.com/good-zero-day-skiddie/
一步一步带你体验 openvas
http://mp.weixin.qq.com/s/6kS5_tnfhkQoFR1q3WGjHg
http://mp.weixin.qq.com/s/6kS5_tnfhkQoFR1q3WGjHg
Fail2ban:一个可以监控系统日志的小应用
http://www.4hou.com/tools/9066.html
http://www.4hou.com/tools/9066.html
Process Doppelganging利用介绍
https://3gstudent.github.io/3gstudent.github.io/Process-Doppelganging%E5%88%A9%E7%94%A8%E4%BB%8B%E7%BB%8D/
https://3gstudent.github.io/3gstudent.github.io/Process-Doppelganging%E5%88%A9%E7%94%A8%E4%BB%8B%E7%BB%8D/
网页表单钓鱼以外的钓鱼方法
http://mp.weixin.qq.com/s/MW2ptmJKlBFiXgLGv-Q2Pg
http://mp.weixin.qq.com/s/MW2ptmJKlBFiXgLGv-Q2Pg
SecWiki周刊(第200期)
https://www.sec-wiki.com/weekly/200
https://www.sec-wiki.com/weekly/200
Cyber Intelligence 2017 Summary Report
http://www.clearskysec.com/cyber2017/
http://www.clearskysec.com/cyber2017/
严格 CSP 下的几种有趣的思路(34c3 CTF)
http://www.melodia.pw/?p=935
http://www.melodia.pw/?p=935
GraxCode/ReverseCrypt: Extract Crypted Jar Archives
https://github.com/GraxCode/ReverseCrypt
https://github.com/GraxCode/ReverseCrypt
2017 勒索软件威胁形势分析报告
https://www.anquanke.com/post/id/93031
https://www.anquanke.com/post/id/93031
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第201期)
