SecWiki周刊(第205期)
2018/01/29-2018/02/04
安全资讯
[新闻]  恶意安卓组件致游戏传播恶意广告,450万用户受影响
http://www.4hou.com/info/news/10122.html
[观点]  个人发展与七大能力管理
https://mp.weixin.qq.com/s/NaGk6KdHBczvyI_mr_Tg6g
[新闻]  美国情报界的全球威胁评估
https://mp.weixin.qq.com/s/9jPxVyccwPTLOAhQkBbbTQ
[观点]  数据跨境流动政策认知与建议
https://mp.weixin.qq.com/s/97MFf8-ZtJzz_D6zkYGbrw
安全技术
[Web安全]  千倍速一句话密码爆破工具
https://github.com/theLSA/awBruter
[运维安全]  谷歌的零信任安全架构实践
https://mp.weixin.qq.com/s/lxw9TAPB0pXJJePcnu8RcA
[恶意分析]  APTSimulator: APT 受害者环境模拟工具
https://github.com/Neo23x0/APTSimulator
[设备安全]  Cisco Adaptive Security Appliance Remote Code Execution and Denial of Service Vu
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1
[Web安全]  injectify: Perform advanced MiTM attacks on websites 中间人脚本攻击
https://github.com/samdenty99/injectify
[漏洞分析]  kDriver-Fuzzer:基于ioctlbf框架编写的驱动漏洞挖掘工具
https://github.com/k0keoyo/kDriver-Fuzzer
[移动安全]  Android平台挖矿木马研究报告
http://www.freebuf.com/articles/paper/161741.html
[数据挖掘]  web-traffic-forecasting: Kaggle 网站流量预测比赛代码
https://github.com/sjvasquez/web-traffic-forecasting
[移动安全]  CrossRat远程控制软件的分析
http://www.4hou.com/technology/10131.html
[恶意分析]  谁动了我的金矿:深扒黑产挖矿进阶之路
https://www.leiphone.com/news/201801/GLmAX9VzPhN17cpr.html
[移动安全]  SigKill: 一键绕过App签名验证
https://github.com/xxxyanchenxxx/SigKill
[漏洞分析]  DedeCMS最新版(20180109)任意用户密码修改漏洞分析
https://blog.formsec.cn/2018/01/11/DedeCMS-password-reset/
[Web安全]  冷门知识 — NoSQL注入知多少
https://www.anquanke.com/post/id/97211
[恶意分析]  Flash 0 Day In The Wild: Group 123 At The Controls
http://blog.talosintelligence.com/2018/02/group-123-goes-wild.html
[Web安全]  Automating Apache mod_rewrite and Cobalt Strike Malleable C2 Profiles
https://posts.specterops.io/automating-apache-mod-rewrite-and-cobalt-strike-malleable-c2-profiles-d45266ca642
[恶意分析]  Reviving DDE: Using OneNote and Excel for Code Execution
https://posts.specterops.io/reviving-dde-using-onenote-and-excel-for-code-execution-d7226864caee
[Web安全]  Windows 提权命令指南
http://www.4hou.com/system/10212.html
[恶意分析]  Operation PZChao: a possible return of the Iron Tiger APT
https://labs.bitdefender.com/2018/02/operation-pzchao-a-possible-return-of-the-iron-tiger-apt/
[取证分析]  你的剪切板被强制复制
https://www.xxwhite.com/2018/Clipboard.html
[Web安全]  Python安全和代码审计相关资料收集
https://github.com/bit4woo/python_sec
[Web安全]  软路由实现流量拦截
http://oddboy.cn/2018/01/Traffic-Interception-By-Soft-Router/
[恶意分析]   Lotus Blossom 团伙对东南亚国家联盟的攻击的分析
https://community.rsa.com/community/products/netwitness/blog/2018/01/30/apt32-continues-asean-targeting
[恶意分析]  深度学习PHP webshell查杀引擎demo
https://www.cdxy.me/?p=788
[无线安全]  GPS欺骗(一)—无人机的劫持
http://www.freebuf.com/column/161795.html
[设备安全]  embedded-device-lab:利用qemu模拟物联网漏洞的测试环境
https://github.com/stayliv3/embedded-device-lab
[移动安全]  Android Hook技术防范漫谈
https://tech.meituan.com/android_anti_hooking.html
[取证分析]  xlog:轻量web日志扫描工具
http://www.freebuf.com/column/161765.html
[漏洞分析]  Web安全-逻辑漏洞讲解
https://xianzhi.aliyun.com/forum/topic/2011
[恶意分析]  DDG.Mining.Botnet:一个瞄准数据库服务器的挖矿僵尸网络
http://blog.netlab.360.com/ddg-a-mining-botnet-aiming-at-database-server/
[运维安全]  开源HIDS OSSEC部署与扩展使用
https://xianzhi.aliyun.com/forum/topic/2003
[杂志]  2017年安全行业年度报告汇总
https://mp.weixin.qq.com/s/guVljwZyvafts-SZY_Zwow
[恶意分析]  恶意软件逆向 - Burpsuite Keygen
https://0x00sec.org/t/malware-reversing-burpsuite-keygen/5167
[恶意分析]  VERMIN: Quasar RAT and Custom Malware Used In Ukraine
https://researchcenter.paloaltonetworks.com/2018/01/unit42-vermin-quasar-rat-custom-malware-used-ukraine/
[杂志]  SecWiki周刊(第204期)
https://www.sec-wiki.com/weekly/204
[恶意分析]  TheMoon : 一个僵尸网络的老皇历和新变种
http://blog.netlab.360.com/themoon-botnet-a-review-and-new-features/
[取证分析]  WEB访问日志自动化分析浅谈
http://www.freebuf.com/articles/security-management/161546.html
[恶意分析]  Drive-by Download Must Die 浏览器漏洞利用检测
https://github.com/nao-sec/jsac2018
[Web安全]  代码审计“吃鸡”辅助外挂黑色产业链
http://www.freebuf.com/articles/system/161518.html
[论文]  IEEE European Symposium on Security and Privacy 2018 (EuroS&P) 论文接收列表
http://www.ieee-security.org/TC/EuroSP2018/accepted.php
[恶意分析]  FinSpy VM Part 2: VM Analysis and Bytecode Disassembly
http://www.msreverseengineering.com/blog/2018/1/31/finspy-vm-part-2-vm-analysis-and-bytecode-disassembly
[文档]  2018中国区块链行业白皮书
https://36kr.com/p/5117525.html?from=timeline
[漏洞分析]  wget 缓冲区溢出漏洞分析(CVE-2017-13089)
https://mp.weixin.qq.com/s/KW9ROTCMJyJ-mBt8dwBmBg
[恶意分析]  Ransom Where? Malicious Cryptocurrency Miners Takeover, Generating Millions
http://blog.talosintelligence.com/2018/01/malicious-xmr-mining.html?m=1&from=timeline
[设备安全]  Enumerating remote access policies through GPO
https://labs.mwrinfosecurity.com/blog/enumerating-remote-access-policies-through-gpo/
[Web安全]  Ver-observer: 探测框架及依赖版本的命令行工具
http://blog.neargle.com/2018/01/29/ver-observer-a-tool-about-version-detection/
[取证分析]  比特币交易记录仍然能暴露你的身份[论文]
https://arxiv.org/pdf/1801.07501.pdf
[工具]  Very flexible Host IDS designed for Windows
https://github.com/0xrawsec/whids
[运维安全]  面向千万级用户的运维事件管理之路
https://mp.weixin.qq.com/s/iI0qRxzaLOk1xEpQ3XG-ew
[取证分析]  基于反病毒软件、代理、DNS和HTTP日志的威胁检测技术
https://xianzhi.aliyun.com/forum/topic/2001
[漏洞分析]  IE沙箱拖拽安全策略解析
https://slab.qq.com/news/tech/1278.html
[取证分析]  全球云服务商 IP 地址分析报告 2H 2017
https://mp.weixin.qq.com/s/5XRz-inuBpTn_IGQLTAXpg
[恶意分析]  mal_getter: Tool for dropping malware from EK 恶意网页提取样本程序
https://github.com/nao-sec/mal_getter
[取证分析]  starc: Simple high-interactive client honeypot
https://github.com/nao-sec/starc
[观点]  深入研究的套路之黑客与区块链
https://mp.weixin.qq.com/s/7F2-eLqIdSiNIHHJDzkwcg
[Web安全]  Deemon:自动化CSRF安全检测框架
http://www.arkteam.net/?p=3390
[Web安全]  PHP代码安全杂谈
http://www.freebuf.com/articles/rookie/161474.html
[取证分析]  2017年网络诈骗趋势研究报告(全文)
http://www.aqniu.com/industry/31297.html
[取证分析]  Malicious Traffic Collection 浏览器Exploit Packs恶意样本流量数据
https://traffic.moe/
[工具]  A tool I have found incredibly useful whenever creating custom shellcode
https://github.com/wetw0rk/Sickle
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第205期)