SecWiki周刊(第213期)
2018/03/26-2018/04/01
安全资讯
从抄书到开源之巅:章亦春的程序人生 2018 RSA 相关信息梳理 WebRTC bug 泄漏 VPN 用户的真实 IP NSF3000万美元推动计算和信息科学领域前沿变革研究
安全技术
代码审计之LaySNS_v2.2.0漏洞分析 MSSQL Error-Based SQL Injection Order by clause 利用最新Apache解析漏洞(CVE-2017-15715)绕过上传黑名单 SpringBoot应用监控Actuator使用的安全隐患 Black Hat Asia 2018 slides 7块钱的BadUSB 宜信漏洞管理平台-洞察 Exploiting Browser Extensions & Context Menus Cowrie Honeypot Analysis 强网杯出题思路-solid_core-HijackPrctl 今日头条与木马 摩诃草APT组织针对我国敏感机构最新的网络攻击活动分析 Android Studio 3.0.1 编写 Xposed 插件入门记录 8291端口告警事件简报 Adhrit:open source Android APK reversing and analysis tool Powershell+dnscat2实现DNS隐蔽隧道反弹Shell,和检测方法 第二届强网杯Web Writeup DBScanner: 自动扫描内网常数据库脚本未授权访问及常规弱口令检测 GitStack <= 2.3.10 远程命令执行漏洞分析-CVE-2018-5955 通俗、有逻辑的写一篇说下Xgboost的原理 强网杯“彩蛋”—Shiro 1.2.4(SHIRO-550)漏洞之发散性思考 The phenomenon of smart contract honeypots 基于概念知识图谱的短文本理解 渗透测试入门 第二届强网杯Web Writeup Exploiting Jolokia Agent with Java EE Servers 记一次爬虫批量爬取exp MIPCMS V3.1.0 远程写入配置文件Getshell过程分析(附批量getshell脚本) following the trace of WMI Backdoors & other nastiness QWB-2018 Web partial solutions 第二届强网杯中应用的一种反作弊新思路 饿了么在ELasticsearch自动化运维平台和监控平台的应用实践 Threat Landscape for Industrial Automation Systems in H2 2017 逆向分析以太坊智能合约 Binary學習終極指南 uefi-ninja PS4 4.55 BPF Race Condition Kernel Exploit Writeup Exploit kits: Winter 2018 review 密码破解全能工具:Hashcat密码破解攻略 Breaking the unbreakable voting machine! Bluefrost Ekoparty Stack Overflow Chall PHP-FPM源码分析 Python is the best language-Writeup #BugBounty — Rewarded by securing vulnerabilities in Bookmyshow (India’s largest Amazon's AWS Misconfiguration: Arbitrary Files Upload in Amazon Go Exploring the opportunities and limitations of Threat Intelligence Platforms Jolokia JNDI Injection&XXE Vulnerability分析复现 Prevent bypassing of SSL certificate pinning in iOS applications #BugBounty — API keys leakage, Source code disclosure in India’s largest e-comme basics-of-tracking-wmi-activity 你必须了解的漏洞利用缓解及对抗技术 ezXSS:一款功能强大的XSS盲测工具 BLE安全入门及实战 IoTInfographic Attack seam framework 攻防组网之----MikroTik软路由的配置和FUZZ Android 4.4 - Android 7.1 APP Vulnerability Benchmarks SecWiki周刊(第212期) 容器镜像安全概述 Cisco2018年度网络安全报告(ACR)R11 初探下一代SIEM核心技术发展趋势 Quickpost: Using Suricata on Windows YARA Rules for Finding and Analyzing in InfoSec 代码审计之QYKCMS后台任意文件上传、任意文件读取漏洞 Tools to gather subdomains from Bug Bounty programs 老司机带你过常规WAF 浅谈Linux系统MongoDB安全配置 CryptoPot:Simple cryptocurrency mining honeypot Joomla内核SQL注入漏洞(CVE-2018-8045)分析 Awesome XSS stuff ScrapedIn:A tool to scrape LinkedIn without API restrictions for data reconnaiss 腾讯2017年度传销态势感知白皮书 利用插件对Chrome进行UXSS 客户端 session 导致的安全问题 Who and What Is Coinhive? Signature Based Detection of User Events for PostMortem Forensic Analysis Open XML标签解析类漏洞分析思路 Exploiting Facebook data for stealing your friends’ digital identities JBoss引起的内网渗透-3 Multi-stage Powershell script (Brownies) Zeppelin Augur Core Audit v1.0.0 Go-deliver is a payload delivery tool coded in Go. 利用恶意页面攻击本地Xdebug Exploring Cobalt Strike's ExternalC2 framework How BloodHound's Session Collection Works
安全专题
APP安全在线检测系统
https://www.sec-wiki.com/topic/82
https://www.sec-wiki.com/topic/82
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com
本期原文地址: SecWiki周刊(第213期)