SecWiki周刊（第205期)

SecWiki周刊（第205期）

2018/01/29-2018/02/04

安全资讯

[新闻] 恶意安卓组件致游戏传播恶意广告，450万用户受影响
http://www.4hou.com/info/news/10122.html

[观点] 个人发展与七大能力管理
https://mp.weixin.qq.com/s/NaGk6KdHBczvyI_mr_Tg6g

[新闻] 美国情报界的全球威胁评估
https://mp.weixin.qq.com/s/9jPxVyccwPTLOAhQkBbbTQ

[新闻] Ransomware Hero to Receive FBI Award
https://www.bleepingcomputer.com/news/security/ransomware-hero-to-receive-fbi-award/

[观点] 数据跨境流动政策认知与建议
https://mp.weixin.qq.com/s/97MFf8-ZtJzz_D6zkYGbrw

安全技术

[Web安全] 千倍速一句话密码爆破工具
https://github.com/theLSA/awBruter

[运维安全] 谷歌的零信任安全架构实践
https://mp.weixin.qq.com/s/lxw9TAPB0pXJJePcnu8RcA

[恶意分析] APTSimulator: APT 受害者环境模拟工具
https://github.com/Neo23x0/APTSimulator

[设备安全] Cisco Adaptive Security Appliance Remote Code Execution and Denial of Service Vu
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1

[Web安全] injectify: Perform advanced MiTM attacks on websites 中间人脚本攻击
https://github.com/samdenty99/injectify

[漏洞分析] kDriver-Fuzzer：基于ioctlbf框架编写的驱动漏洞挖掘工具
https://github.com/k0keoyo/kDriver-Fuzzer

[数据挖掘] web-traffic-forecasting: Kaggle 网站流量预测比赛代码
https://github.com/sjvasquez/web-traffic-forecasting

[移动安全] Android平台挖矿木马研究报告
http://www.freebuf.com/articles/paper/161741.html

[取证分析] 各种加密代理协议的简单对比
https://medium.com/@Blankwonder/%E5%90%84%E7%A7%8D%E5%8A%A0%E5%AF%86%E4%BB%A3%E7%90%86%E5%8D%8F%E8%AE%AE%E7%9A%84%E7%AE%80%E5%8D%95%E5%AF%B9%E6%AF%94-1ed52bf7a803

[移动安全] CrossRat远程控制软件的分析
http://www.4hou.com/technology/10131.html

[恶意分析] 谁动了我的金矿：深扒黑产挖矿进阶之路
https://www.leiphone.com/news/201801/GLmAX9VzPhN17cpr.html

[移动安全] SigKill: 一键绕过App签名验证
https://github.com/xxxyanchenxxx/SigKill

[漏洞分析] DedeCMS最新版(20180109)任意用户密码修改漏洞分析
https://blog.formsec.cn/2018/01/11/DedeCMS-password-reset/

[恶意分析] Flash 0 Day In The Wild: Group 123 At The Controls
http://blog.talosintelligence.com/2018/02/group-123-goes-wild.html

[Web安全] 冷门知识 — NoSQL注入知多少
https://www.anquanke.com/post/id/97211

[Web安全] Automating Apache mod_rewrite and Cobalt Strike Malleable C2 Profiles
https://posts.specterops.io/automating-apache-mod-rewrite-and-cobalt-strike-malleable-c2-profiles-d45266ca642

[Web安全] Windows 提权命令指南
http://www.4hou.com/system/10212.html

[恶意分析] Reviving DDE: Using OneNote and Excel for Code Execution
https://posts.specterops.io/reviving-dde-using-onenote-and-excel-for-code-execution-d7226864caee

[取证分析] 你的剪切板被强制复制
https://www.xxwhite.com/2018/Clipboard.html

[恶意分析] Operation PZChao: a possible return of the Iron Tiger APT
https://labs.bitdefender.com/2018/02/operation-pzchao-a-possible-return-of-the-iron-tiger-apt/

[文档] 2017年度ITOT一体化的工业信息安全态势报告（2017）
http://zt.360.cn/dl.php?filename=2017%E5%B9%B4%E5%BA%A6ITOT%E4%B8%80%E4%BD%93%E5%8C%96%E7%9A%84%E5%B7%A5%E4%B8%9A%E4%BF%A1%E6%81%AF%E5%AE%89%E5%85%A8%E6%80%81%E5%8A%BF%E6%8A%A5%E5%91%8A%EF%BC%882017%EF%BC%89.pdf

[Web安全] Python安全和代码审计相关资料收集
https://github.com/bit4woo/python_sec

[Web安全] 软路由实现流量拦截
http://oddboy.cn/2018/01/Traffic-Interception-By-Soft-Router/

[恶意分析] 深度学习PHP webshell查杀引擎demo
https://www.cdxy.me/?p=788

[恶意分析] Lotus Blossom 团伙对东南亚国家联盟的攻击的分析
https://community.rsa.com/community/products/netwitness/blog/2018/01/30/apt32-continues-asean-targeting

[无线安全] GPS欺骗（一）—无人机的劫持
http://www.freebuf.com/column/161795.html

[设备安全] embedded-device-lab：利用qemu模拟物联网漏洞的测试环境
https://github.com/stayliv3/embedded-device-lab

[取证分析] xlog：轻量web日志扫描工具
http://www.freebuf.com/column/161765.html

[移动安全] Android Hook技术防范漫谈
https://tech.meituan.com/android_anti_hooking.html

[漏洞分析] Web安全-逻辑漏洞讲解
https://xianzhi.aliyun.com/forum/topic/2011

[恶意分析] DDG.Mining.Botnet：一个瞄准数据库服务器的挖矿僵尸网络
http://blog.netlab.360.com/ddg-a-mining-botnet-aiming-at-database-server/

[运维安全] 开源HIDS OSSEC部署与扩展使用
https://xianzhi.aliyun.com/forum/topic/2003

[杂志] 2017年安全行业年度报告汇总
https://mp.weixin.qq.com/s/guVljwZyvafts-SZY_Zwow

[恶意分析] 恶意软件逆向 - Burpsuite Keygen
https://0x00sec.org/t/malware-reversing-burpsuite-keygen/5167

[恶意分析] VERMIN: Quasar RAT and Custom Malware Used In Ukraine
https://researchcenter.paloaltonetworks.com/2018/01/unit42-vermin-quasar-rat-custom-malware-used-ukraine/

[杂志] SecWiki周刊（第204期)
https://www.sec-wiki.com/weekly/204

[恶意分析] TheMoon : 一个僵尸网络的老皇历和新变种
http://blog.netlab.360.com/themoon-botnet-a-review-and-new-features/

[恶意分析] 2017年度安全报告––供应链
https://cert.360.cn/static/files/2017%E5%B9%B4%E5%BA%A6%E5%AE%89%E5%85%A8%E6%8A%A5%E5%91%8A--%E4%BE%9B%E5%BA%94%E9%93%BE.pdf

[取证分析] WEB访问日志自动化分析浅谈
http://www.freebuf.com/articles/security-management/161546.html

[恶意分析] Drive-by Download Must Die 浏览器漏洞利用检测
https://github.com/nao-sec/jsac2018

[Web安全] 企业安全项目-测试环境内网化
https://mp.weixin.qq.com/s?__biz=MzI3Njk2OTIzOQ==&mid=2247483912&idx=1&sn=4bad6208297bc08d07149cf78d891407&chksm=eb6c2070dc1ba966486f844b87dfaf0803112b6d808ba702ceb3d303127e0675e82ece0316d3#rd

[Web安全] 代码审计“吃鸡”辅助外挂黑色产业链
http://www.freebuf.com/articles/system/161518.html

[论文] IEEE European Symposium on Security and Privacy 2018 (EuroS&P) 论文接收列表
http://www.ieee-security.org/TC/EuroSP2018/accepted.php

[恶意分析] FinSpy VM Part 2: VM Analysis and Bytecode Disassembly
http://www.msreverseengineering.com/blog/2018/1/31/finspy-vm-part-2-vm-analysis-and-bytecode-disassembly

[文档] 2018中国区块链行业白皮书
https://36kr.com/p/5117525.html?from=timeline

[漏洞分析] wget 缓冲区溢出漏洞分析（CVE-2017-13089）
https://mp.weixin.qq.com/s/KW9ROTCMJyJ-mBt8dwBmBg

[恶意分析] Ransom Where? Malicious Cryptocurrency Miners Takeover, Generating Millions
http://blog.talosintelligence.com/2018/01/malicious-xmr-mining.html?m=1&from=timeline

[设备安全] Enumerating remote access policies through GPO
https://labs.mwrinfosecurity.com/blog/enumerating-remote-access-policies-through-gpo/

[Web安全] Ver-observer：探测框架及依赖版本的命令行工具
http://blog.neargle.com/2018/01/29/ver-observer-a-tool-about-version-detection/

[取证分析] 比特币交易记录仍然能暴露你的身份[论文]
https://arxiv.org/pdf/1801.07501.pdf

[工具] Very flexible Host IDS designed for Windows
https://github.com/0xrawsec/whids

[运维安全] 面向千万级用户的运维事件管理之路
https://mp.weixin.qq.com/s/iI0qRxzaLOk1xEpQ3XG-ew

[取证分析] 基于反病毒软件、代理、DNS和HTTP日志的威胁检测技术
https://xianzhi.aliyun.com/forum/topic/2001

[恶意分析] A Walk-Through Tutorial, with Code, on Statically Unpacking the FinSpy VM
http://www.msreverseengineering.com/blog/2018/1/23/a-walk-through-tutorial-with-code-on-statically-unpacking-the-finspy-vm-part-one-x86-deobfuscation

[漏洞分析] IE沙箱拖拽安全策略解析
https://slab.qq.com/news/tech/1278.html

[取证分析] 全球云服务商 IP 地址分析报告 2H 2017
https://mp.weixin.qq.com/s/5XRz-inuBpTn_IGQLTAXpg

[恶意分析] mal_getter: Tool for dropping malware from EK 恶意网页提取样本程序
https://github.com/nao-sec/mal_getter

[取证分析] starc: Simple high-interactive client honeypot
https://github.com/nao-sec/starc

[观点] 深入研究的套路之黑客与区块链
https://mp.weixin.qq.com/s/7F2-eLqIdSiNIHHJDzkwcg

[Web安全] Deemon:自动化CSRF安全检测框架
http://www.arkteam.net/?p=3390

[Web安全] PHP代码安全杂谈
http://www.freebuf.com/articles/rookie/161474.html

[取证分析] 2017年网络诈骗趋势研究报告（全文）
http://www.aqniu.com/industry/31297.html

[取证分析] Malicious Traffic Collection 浏览器Exploit Packs恶意样本流量数据
https://traffic.moe/

[工具] A tool I have found incredibly useful whenever creating custom shellcode
https://github.com/wetw0rk/Sickle

[取证分析] 浅谈情报的实践与落地
https://www.sec-un.org/%E6%B5%85%E8%B0%88%E6%83%85%E6%8A%A5%E7%9A%84%E5%AE%9E%E8%B7%B5%E4%B8%8E%E8%90%BD%E5%9C%B0/

-----微信ID：SecWiki-----
SecWiki，12年来一直专注安全技术资讯分析！
SecWiki：https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第205期)

SecWiki周刊（第205期）

最新公告

友情链接

SecWiki公众号

安全学术圈