SecWiki周刊(第208期)
2018/02/19-2018/02/25
安全资讯
[新闻]  2018年最需要关注的八大国家黑客组织
http://www.aqniu.com/news-views/31594.html
[新闻]  中国白帽黑客成长记 | 专访清华“蓝莲花”战队
https://mp.weixin.qq.com/s/jbJJyWjmW-h7SI0YmYkElg
[人物]  我遇到了一位“黑客造梦师”:仙果
https://mp.weixin.qq.com/s/mF4D-MGM6_6QA3_7XZSj0w
[新闻]  欧盟GDPR《一般数据保护法案》
https://mp.weixin.qq.com/s/JhylKtarrpvpZlP--ARBRw
[新闻]  用自然语言查询威胁情报的搜索引擎:Insight Engines
http://www.aqniu.com/learn/31665.html
[新闻]  黑客正在销售合法的代码签名证书
https://www.solidot.org/story?sid=55590
[新闻]  俄罗斯利用网络助推特朗普入主白宫 司法部起诉13人
http://www.aqniu.com/news-views/31598.html
[新闻]  国家制造强国建设领导小组关于设立工业互联网专项工作组的通知
http://www.miit.gov.cn/n1146290/n4388791/c6067913/content.html
安全技术
[漏洞分析]  CVE-2018-4878 Exploit生成器
http://py4.me/blog/?p=572
[Web安全]  Wafid: WAF指纹识别工具
https://github.com/CSecGroup/wafid
[运维安全]  DDoS攻击新玩法之WebSocket
http://www.4hou.com/info/news/10425.html
[漏洞分析]  Dependency-Track:第三方库漏洞检测工具
https://github.com/stevespringett/dependency-track
[其它]  网安学科知识体系正式发布
https://mp.weixin.qq.com/s/uZFYl3xKT5-aWzvI3mmQ2A
[Web安全]  企业安全项目-短信验证码安全
http://mp.weixin.qq.com/s/sy-ti0QzESnOKfg-WUCYWA
[Web安全]  中间件安全-Tomcat安全测试概要
https://mp.weixin.qq.com/s/_-AtrbMNROUFRbaime3NrA
[漏洞分析]  分析CVE-2018-6376 – Joomla!二阶SQL注入
http://www.freebuf.com/articles/web/162822.html
[书籍]  Attacking Network Protocols 书籍
https://salttiger.com/attacking-network-protocols/
[数据挖掘]  如何通过人工智能技术构建自己的UBA引擎(上)
http://www.4hou.com/technology/10456.html
[Web安全]  代码审计之QCMS 3.0
http://foreversong.cn/archives/1092
[漏洞分析]  路由器漏洞复现分析第二弹:CNVD-2018-01084
http://www.freebuf.com/vuls/162627.html
[比赛]  HITCTF2018-web全题解
http://www.freebuf.com/column/163191.html
[Web安全]  OWASP Automated Threat Handbook Web Applications
https://www.owasp.org/images/3/33/Automated-threat-handbook.pdf
[Web安全]  Java反序列化漏洞从入门到深入
https://xianzhi.aliyun.com/forum/topic/2041
[Web安全]  用 javascript 框架绕过 XSS 防御
https://paper.seebug.org/533/
[漏洞分析]  华硕路由器AsusWRT局域网内未授权远程代码执行漏洞
http://www.freebuf.com/articles/terminal/161809.html
[取证分析]  2017年度蜜计划(蜜罐工作)总结
https://mp.weixin.qq.com/s/SIBGnMc-XIqy2Ohj1ni_fg
[观点]  看我如何参加众测项目发现美国国防部网站的各类高危漏洞
http://www.freebuf.com/articles/others-articles/162579.html
[漏洞分析]  SecGen: Generate vulnerable virtual machines on the fly
https://github.com/SecGen/SecGen
[漏洞分析]  Microsoft Office内存损坏漏洞(CVE-2017-11882)实战
http://www.freebuf.com/vuls/161753.html
[取证分析]  gitleaks: Searches full repo history for secrets and keys
https://github.com/zricethezav/gitleaks
[漏洞分析]  New bypass and protection techniques for ASLR on Linux
http://blog.ptsecurity.com/2018/02/new-bypass-and-protection-techniques.html
[取证分析]  威胁建模介绍
https://xianzhi.aliyun.com/forum/topic/2061
[取证分析]  利用无监督对抗生成网络(GANs)的破译密码算法
https://www.anquanke.com/post/id/98497
[Web安全]  Chrome extension and Express server that exploits keylogging abilities of CSS.
https://github.com/maxchehab/CSS-Keylogging
[Web安全]  Hacking Tinder Accounts using Facebook Accountkit
https://medium.com/appsecure/hacking-tinder-accounts-using-facebook-accountkit-d5cc813340d1
[工具]  Bug Bounty Toolkit – BugBountyHunting
https://medium.com/bugbountyhunting/bug-bounty-toolkit-aa36f4365f3f
[漏洞分析]  Edge Type Confusion利用:从type confused到内存读写
https://www.anquanke.com/post/id/98774
[工具]  Phishing on Twitter
https://github.com/omergunal/PoT
-----微信ID:SecWiki-----
SecWiki,5年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第208期)