SecWiki周刊(第204期)
2018/01/22-2018/01/28
安全资讯
DC010沙龙年度合集-顶尖Hacking技术盛宴
https://www.ichunqiu.com/dc010?from=sec
https://www.ichunqiu.com/dc010?from=sec
DuckDuckGo 发布全新浏览器扩展保护用户隐私
https://www.solidot.org/story?sid=55321
https://www.solidot.org/story?sid=55321
公安部成立全国公安大数据工作领导小组
http://news.cyol.com/yuanchuang/2018-01/25/content_16901261.htm
http://news.cyol.com/yuanchuang/2018-01/25/content_16901261.htm
国家标准《信息安全技术 个人信息安全规范》评析
https://mp.weixin.qq.com/s/v3lWLXgTFyBicWLJ7DK3nQ
https://mp.weixin.qq.com/s/v3lWLXgTFyBicWLJ7DK3nQ
美国网络安全市场未来十年预测
https://mp.weixin.qq.com/s/bEje_Grg7gR5CkBWzVObnQ
https://mp.weixin.qq.com/s/bEje_Grg7gR5CkBWzVObnQ
2017年中国网络安全大事网络投票
http://hd.baomitu.com/act/secure2017?from=secwiki
http://hd.baomitu.com/act/secure2017?from=secwiki
评测:Mantix4的“威胁追捕即服务”
http://www.aqniu.com/tools-tech/31148.html
http://www.aqniu.com/tools-tech/31148.html
工业和信息化部批准设立济南国际互联网数据专用通道
http://www.cnbeta.com/articles/tech/692597.htm
http://www.cnbeta.com/articles/tech/692597.htm
《涉外情报监控法修正案》第702条授权延长至2023年
https://mp.weixin.qq.com/s/aimlLub6dwPFGtCfFyjFUQ
https://mp.weixin.qq.com/s/aimlLub6dwPFGtCfFyjFUQ
谷歌新成立Chronicle公司 专注网络安全
https://mp.weixin.qq.com/s/it4FqfZfYUEFX0VDKijksg
https://mp.weixin.qq.com/s/it4FqfZfYUEFX0VDKijksg
安全技术
2018 IEEE Symposium on Security and Privacy (SP) (2018) 论文集合
https://csdl.computer.org/csdl/proceedings/sp/2018/4353/00/index.html
https://csdl.computer.org/csdl/proceedings/sp/2018/4353/00/index.html
Smarty <= 3.1.32 PHP代码执行漏洞分析—CVE-2017-1000480
https://xianzhi.aliyun.com/forum/topic/1983
https://xianzhi.aliyun.com/forum/topic/1983
SSRF To RCE in MySQL
https://mp.weixin.qq.com/s/9vk-H36erencugdYca9qXA
https://mp.weixin.qq.com/s/9vk-H36erencugdYca9qXA
Hacker101:set of video lessons – HackerOne出品的安全教学视频
https://www.hacker101.com/
https://www.hacker101.com/
Electron < v1.8.2-beta.4 远程命令执行漏洞—CVE-2018-1000006
https://xianzhi.aliyun.com/forum/topic/1990
https://xianzhi.aliyun.com/forum/topic/1990
揩油揩到加油站了,黑客开发多款针对加油站的恶意软件
http://www.4hou.com/info/news/10080.html
http://www.4hou.com/info/news/10080.html
使用生成对抗网络(GAN)生成DGA
http://www.webber-guo.com/posts/%E4%BD%BF%E7%94%A8%E7%94%9F%E6%88%90%E5%AF%B9%E6%8A%97%E7%BD%91%E7%BB%9C%28GAN%29%E7%94%9F%E6%88%90DGA/
http://www.webber-guo.com/posts/%E4%BD%BF%E7%94%A8%E7%94%9F%E6%88%90%E5%AF%B9%E6%8A%97%E7%BD%91%E7%BB%9C%28GAN%29%E7%94%9F%E6%88%90DGA/
JStillery: 在 AST 上局部执行实现 js 反混淆的工具
https://github.com/mindedsecurity/JStillery
https://github.com/mindedsecurity/JStillery
实战教程:用Burpsuite测试移动应用程序
http://www.4hou.com/penetration/8965.html
http://www.4hou.com/penetration/8965.html
通用二进制恶意代码反混淆工具
http://www.deepbitstech.com/index-2.html
http://www.deepbitstech.com/index-2.html
Neat tricks to bypass CSRF-protection
https://zhuanlan.zhihu.com/p/32716181/
https://zhuanlan.zhihu.com/p/32716181/
Cracking Codes with Python
http://inventwithpython.com/cracking/
http://inventwithpython.com/cracking/
渗透测试向导—子域名枚举技术
https://zhuanlan.zhihu.com/p/31160156
https://zhuanlan.zhihu.com/p/31160156
一个二进制POC的诞生之旅CVE-2018-0802
http://www.freebuf.com/vuls/160115.html
http://www.freebuf.com/vuls/160115.html
VulScritp: 内网渗透脚本
https://github.com/CaiJiJi/VulScritp
https://github.com/CaiJiJi/VulScritp
AttackFilter: Logstash 日志安全攻击分析插件
https://github.com/anbai-inc/AttackFilter
https://github.com/anbai-inc/AttackFilter
赛博地球杯初赛第三名,ChaMd5安全团队的writeup
https://mp.weixin.qq.com/s?__biz=MzIzMTc1MjExOQ==&mid=2247484574&idx=1&sn=91850fae13f6a478869f10fa176e3e8c
https://mp.weixin.qq.com/s?__biz=MzIzMTc1MjExOQ==&mid=2247484574&idx=1&sn=91850fae13f6a478869f10fa176e3e8c
CTF WP – 工控业务流量分析
http://icsmaster.org/ics/ctf-wp-%e5%b7%a5%e6%8e%a7%e4%b8%9a%e5%8a%a1%e6%b5%81%e9%87%8f%e5%88%86%e6%9e%90/?from=timeline
http://icsmaster.org/ics/ctf-wp-%e5%b7%a5%e6%8e%a7%e4%b8%9a%e5%8a%a1%e6%b5%81%e9%87%8f%e5%88%86%e6%9e%90/?from=timeline
2017年反序列化漏洞年度报告
http://blog.nsfocus.net/2017-loophole-report/
http://blog.nsfocus.net/2017-loophole-report/
妖娆的代理工具shadowProxy
https://mp.weixin.qq.com/s/ENjRuI5FZArtzV5H4LbJng
https://mp.weixin.qq.com/s/ENjRuI5FZArtzV5H4LbJng
Burp Suite Pro Loader&Keygen By surferxyz(附带v1.7.31原版)
https://www.52pojie.cn/thread-691448-1-1.html
https://www.52pojie.cn/thread-691448-1-1.html
2017年度安全报告––数据泄密
https://cert.360.cn/static/files/2017%E5%B9%B4%E5%BA%A6%E5%AE%89%E5%85%A8%E6%8A%A5%E5%91%8A--%E6%95%B0%E6%8D%AE%E6%B3%84%E5%AF%86.pdf
https://cert.360.cn/static/files/2017%E5%B9%B4%E5%BA%A6%E5%AE%89%E5%85%A8%E6%8A%A5%E5%91%8A--%E6%95%B0%E6%8D%AE%E6%B3%84%E5%AF%86.pdf
运营商劫持系列1-疯狂的支付宝红包
https://0x0d.im/archives/internet-traffic-hijacking-series-one-crazy-alipay-red-pocket.html
https://0x0d.im/archives/internet-traffic-hijacking-series-one-crazy-alipay-red-pocket.html
Python资源整理合集
https://weibo.com/ttarticle/p/show?id=2309404200174363762670&sudaref=wiki.ioin.in&display=0&retcode=6102
https://weibo.com/ttarticle/p/show?id=2309404200174363762670&sudaref=wiki.ioin.in&display=0&retcode=6102
如何做好首席安全官 – 企业安全体系与架构实现
https://www.sec-un.org/%e5%a6%82%e4%bd%95%e5%81%9a%e5%a5%bd%e9%a6%96%e5%b8%ad%e5%ae%89%e5%85%a8%e5%ae%98-%e4%bc%81%e4%b8%9a%e5%ae%89%e5%85%a8%e4%bd%93%e7%b3%bb%e4%b8%8e%e6%9e%b6%e6%9e%84%e5%ae%9e%e7%8e%b0/
https://www.sec-un.org/%e5%a6%82%e4%bd%95%e5%81%9a%e5%a5%bd%e9%a6%96%e5%b8%ad%e5%ae%89%e5%85%a8%e5%ae%98-%e4%bc%81%e4%b8%9a%e5%ae%89%e5%85%a8%e4%bd%93%e7%b3%bb%e4%b8%8e%e6%9e%b6%e6%9e%84%e5%ae%9e%e7%8e%b0/
MyKings: 一个大规模多重僵尸网络
http://blog.netlab.360.com/mykings-the-botnet-behind-multiple-active-spreading-botnets/
http://blog.netlab.360.com/mykings-the-botnet-behind-multiple-active-spreading-botnets/
UEBA视角下的威胁情报聚类与攻击者分析
https://mp.weixin.qq.com/s/bm8jK8mLsYkWNH_fwIcPAg
https://mp.weixin.qq.com/s/bm8jK8mLsYkWNH_fwIcPAg
Equation Group泄露工具之vBulletin无文件后门分析
https://mp.weixin.qq.com/s/5WRXpljL7RFSPRQ2NdHhtA
https://mp.weixin.qq.com/s/5WRXpljL7RFSPRQ2NdHhtA
DnsLog的改造和自动化调用
http://www.polaris-lab.com/index.php/archives/423/
http://www.polaris-lab.com/index.php/archives/423/
IoT Security Techniques Based on Machine Learning
https://arxiv.org/pdf/1801.06275.pdf
https://arxiv.org/pdf/1801.06275.pdf
对邪恶某组的一次“友情测试”
https://bbs.ichunqiu.com/thread-32952-1-1.html?from=sec
https://bbs.ichunqiu.com/thread-32952-1-1.html?from=sec
1-Day Browser & Kernel Exploitation
http://powerofcommunity.net/poc2017/andrew.pdf
http://powerofcommunity.net/poc2017/andrew.pdf
2017年度安卓系统安全性生态环境研究
https://www.anquanke.com/post/id/95950
https://www.anquanke.com/post/id/95950
低成本企业安全建设部分实践
https://xianzhi.aliyun.com/forum/topic/1996
https://xianzhi.aliyun.com/forum/topic/1996
一次在 Sandstorm 跳脫沙箱的滲透經驗
https://devco.re/blog/2018/01/26/Sandstorm-Security-Review-CVE-2017-6200/
https://devco.re/blog/2018/01/26/Sandstorm-Security-Review-CVE-2017-6200/
2017中国网站安全形势分析报告
http://zt.360.cn/1101061855.php?dtid=1101062368&did=490995546
http://zt.360.cn/1101061855.php?dtid=1101062368&did=490995546
pwnjs: A Javascript library for browser exploitation
https://github.com/theori-io/pwnjs
https://github.com/theori-io/pwnjs
Java RASP浅析——以百度OpenRASP为例
https://paper.seebug.org/513/
https://paper.seebug.org/513/
盘点2017年的WordPress插件和主题安全漏洞
http://securityaffairs.co/wordpress/68114/hacking/wordpress-plugins-themes-flaws-2017.html
http://securityaffairs.co/wordpress/68114/hacking/wordpress-plugins-themes-flaws-2017.html
Windows下的密码hash——NTLM hash和Net-NTLM hash介绍
https://3gstudent.github.io/3gstudent.github.io/Windows%E4%B8%8B%E7%9A%84%E5%AF%86%E7%A0%81hash-NTLM-hash%E5%92%8CNet-NTLM-hash%E4%BB%8B%E7%BB%8D/
https://3gstudent.github.io/3gstudent.github.io/Windows%E4%B8%8B%E7%9A%84%E5%AF%86%E7%A0%81hash-NTLM-hash%E5%92%8CNet-NTLM-hash%E4%BB%8B%E7%BB%8D/
HackerOne:2018年黑客调查报告
https://www.anquanke.com/post/id/96102
https://www.anquanke.com/post/id/96102
等保2.0之如何确定信息系统安全保护等级
https://mp.weixin.qq.com/s/VrVBE7I4pCOd5BOnwIAs9A
https://mp.weixin.qq.com/s/VrVBE7I4pCOd5BOnwIAs9A
Universal XSS via Evernote WebClipper
https://blog.xpnsec.com/evernote-webclipper-uxss/
https://blog.xpnsec.com/evernote-webclipper-uxss/
GAN在网络特征学习中的应用(PPT+视频)
https://zhuanlan.zhihu.com/p/33227420?group_id=939237823266709504
https://zhuanlan.zhihu.com/p/33227420?group_id=939237823266709504
Op EvilTraffic Malware Analysis Report – Tens of Thousands of Websites Infected
http://csecybsec.com/download/zlab/20180121_CSE_Massive_Malvertising_Report.pdf
http://csecybsec.com/download/zlab/20180121_CSE_Massive_Malvertising_Report.pdf
Google Summer of Code 2018 Project Ideas
https://honeynet.org/gsoc2018/ideas
https://honeynet.org/gsoc2018/ideas
SecWiki周刊(第203期)
https://www.sec-wiki.com/weekly/203
https://www.sec-wiki.com/weekly/203
Large Scale Monero Cryptocurrency Mining Operation using XMRig
https://researchcenter.paloaltonetworks.com/2018/01/unit42-large-scale-monero-cryptocurrency-mining-operation-using-xmrig/?from=timeline
https://researchcenter.paloaltonetworks.com/2018/01/unit42-large-scale-monero-cryptocurrency-mining-operation-using-xmrig/?from=timeline
黑客攻击焦点之韩国(上)
http://www.4hou.com/info/news/10059.html
http://www.4hou.com/info/news/10059.html
Cybercrime Tactics and Techniques: 2017 State of Malware 年度报告
https://www.malwarebytes.com/pdf/white-papers/CTNT-Q4-17.pdf
https://www.malwarebytes.com/pdf/white-papers/CTNT-Q4-17.pdf
黑客攻击焦点之韩国(下)
http://www.4hou.com/info/news/10062.html
http://www.4hou.com/info/news/10062.html
安全专题
2017年安全行业年度报告汇总
https://www.sec-wiki.com/topic/81
https://www.sec-wiki.com/topic/81
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第204期)
