SecWiki周刊(第216期)
2018/04/16-2018/04/22
安全资讯
[其它]  
黑客袁哥:寻原初之力 秉正义之剑  点击率 926 
https://m.mp.oeeee.com/a/BAAFRD00002018041675442.html
[Web安全]  
Weblogic反序列化命令执行漏洞_CVE-2018-2628  点击率 815 
https://nosec.org/my/threats/1608
[新闻]  
美军网络任务部队最新部署  点击率 753 
https://mp.weixin.qq.com/s/M5Q_oV_7p04VwtUHho86vQ
[新闻]  
全国医院信息化建设标准与规范  点击率 728 
http://www.nhfpc.gov.cn/guihuaxxs/s10741/201804/5711872560ad4866a8f500814dcd7ddd.shtml
[会议]  
RSA 2018 全球高质量安全产品了解一下  点击率 589 
https://www.anquanke.com/post/id/105379
[新闻]  
习近平:自主创新推进网络强国建设  点击率 566 
http://www.xinhuanet.com/politics/2018-04/18/c_1122704349.htm
[新闻]  
加速推动信息领域核心技术突破  点击率 554 
https://mp.weixin.qq.com/s/S_HmemBo4wU22e6RJ_qDxw
安全技术
[Web安全]  
Weblogic反序列化漏洞(CVE-2018-2628)  点击率 1185 
https://github.com/shengqi158/CVE-2018-2628
[观点]  
信息安全从业者入门(入职)指南  点击率 650 
https://weibo.com/ttarticle/p/show?id=2309404229525654378347
[其它]  
知识星球"灰袍技能" 2017 精华  点击率 607 
https://chrislinn.gitbooks.io/greyhame-2017/
[漏洞分析]  
CVE-2018-2628 简单复现与分析  点击率 581 
https://mp.weixin.qq.com/s/nYY4zg2m2xsqT0GXa9pMGA
[Web安全]  
狗子的XSS学习之旅  点击率 437 
https://xz.aliyun.com/t/2296
[观点]  
工作中如何做好技术积累  点击率 424 
https://tech.meituan.com/study_vs_work.html
[文档]  
CISSP 2017资料  点击率 407 
https://pan.baidu.com/s/1tr4hKWzeLj3bcdmdyJ7Iqw
[Web安全]  
Bypass X-WAF SQL注入防御(多姿势)  点击率 389 
https://mp.weixin.qq.com/s/5TQddrOqa8MmtsuHoCRu0Q
[比赛]  
DDCTF 2018 Web Writeup  点击率 355 
http://sec2hack.com/ctf/ddctf-2018-web-writeup.html
[Web安全]  
AutoFuck: 自动识别cms并且加载相关poc自动攻击  点击率 353 
https://github.com/fengxuangit/AutoFuck
[漏洞分析]  
Whatsapp user’s IP disclosure with Link Preview feature  点击率 335 
https://medium.com/@kankrale.rahul/whatsapp-users-ip-disclosure-with-link-preview-feature-39a477f54fba
[数据挖掘]  
解析卷积神经网络—深度学习实践手册  点击率 330 
http://lamda.nju.edu.cn/weixs/book/CNN_book.html
[Web安全]  
Python反序列化漏洞的花式利用  点击率 329 
https://xz.aliyun.com/t/2289
[恶意分析]  
吃鸡辅助远控木马分析  点击率 322 
https://www.anquanke.com/post/id/105670
[漏洞分析]  
打破基于OpenResty的WEB安全防护(CVE-2018-9230)  点击率 321 
https://www.anquanke.com/post/id/103771
[漏洞分析]  
CVE-2018-0171 Cisco Smart Install远程代码执行漏洞分析  点击率 316 
https://www.anquanke.com/post/id/105473
[运维安全]  
驭龙hids入侵检测功能初探   点击率 316 
http://pirogue.org/2018/04/20/yulong-hids/
[恶意分析]  
从一次溯源窥探地下YY直播洗号产业链  点击率 313 
https://www.anquanke.com/post/id/105043
[运维安全]  
A tool for covert execution in Linux.  点击率 308 
https://github.com/emptymonkey/mimic
[数据挖掘]  
180页PPT,讲解人工智能技术与产业发展  点击率 305 
https://mp.weixin.qq.com/s/s8VLWjXrVCrTt4v2d3MoIQ
[漏洞分析]  
Drupal 7 - CVE-2018-7600 PoC Writeup  点击率 289 
https://ricterz.me/posts/Drupal%207%20-%20CVE-2018-7600%20PoC%20Writeup
[Web安全]  
CVE申请的那些事  点击率 284 
http://www.freebuf.com/articles/rookie/168362.html
[比赛]  
从0CTF一道题看move_uploaded_file的一个细节问题  点击率 273 
https://www.anquanke.com/post/id/103784
[比赛]  
DDCTF2018 部分writeup   点击率 272 
http://phantom0301.cc/2018/04/20/ddctf2018/
[Web安全]  
记一次渗透测试过程中的Zabbix命令执行利用  点击率 268 
http://www.freebuf.com/articles/web/168819.html
[杂志]  
SecWiki周刊(第215期)  点击率 266 
https://www.sec-wiki.com/weekly/215
[数据挖掘]  
生成式对抗网络GAN的研究进展与展望  点击率 256 
https://mp.weixin.qq.com/s/QiIRIHiGv6u-4QfK8awKpw
[Web安全]  
浅谈如何建立互联网风控系统  点击率 255 
http://mp.weixin.qq.com/s/_tTtWv5f-r2ihNysZz0LAw
[恶意分析]  
利用Digital Ocean构建远控基础设施  点击率 255 
http://www.4hou.com/technology/11107.html
[取证分析]  
检测攻击的基础日志服务器 Part2:日志聚合  点击率 254 
https://www.anquanke.com/post/id/103348
[恶意分析]  
nebula: "星云"业务风控系统  点击率 254 
https://github.com/threathunterX/nebula
[Web安全]  
MYSQL新特性secure_file_priv对读写文件的影响  点击率 241 
https://xz.aliyun.com/t/2293
[运维安全]  
shield: 基于Strom的日志实时流量分析主动防御(CCFirewall)系统  点击率 232 
https://github.com/gy-games/shield
[运维安全]  
Abusing Linux's firewall: the hack that allowed us to build Spectrum  点击率 223 
https://blog.cloudflare.com/how-we-built-spectrum/
[Web安全]  
WebExtension security - Part 1  点击率 221 
http://leucosite.com/WebExtension-Security/
[设备安全]  
The IoT Hacker's Toolkit  点击率 219 
https://systemoverlord.com/2018/04/16/the-iot-hackers-toolkit.html
[Web安全]  
Bypass CSP by Abusing XSS Filter in Edge  点击率 215 
https://medium.com/bugbountywriteup/bypass-csp-by-abusing-xss-filter-in-edge-43e9106a9754
[漏洞分析]  
bug-monitor: Seebug、structs、cve漏洞实时监控推送系统  点击率 215 
https://github.com/FortuneC00kie/bug-monitor
[运维安全]  
宜信防火墙自动化运维之路  点击率 212 
http://www.freebuf.com/articles/security-management/166895.html
[恶意分析]  
写在“软件基因技术”分论坛之后(一)  点击率 211 
https://mp.weixin.qq.com/s/qpVmvTuq6cIl2rQFclX4Yw
[取证分析]  
weblogger: 针对ctf线下赛流量抓取(php)、真实环境流量抓取分析的工具  点击率 211 
https://github.com/wupco/weblogger
[恶意分析]  
基于机器学习的家用物联网设备DDoS检测  点击率 210 
https://xz.aliyun.com/t/2285
[文档]  
how-to-become-a-cyber-forensics-expert  点击率 210 
https://www.peerlyst.com/posts/how-to-become-a-cyber-forensics-expert-abhinav-singh
[恶意分析]  
APT Trends report Q1 2018  点击率 207 
https://securelist.com/apt-trends-report-q1-2018/85280/
[运维安全]  
Pam-Python实现SSH的短信双因素认证  点击率 203 
http://www.freebuf.com/articles/web/165139.html
[恶意分析]  
Ember: An Open Source Classifier And Dataset  点击率 202 
https://github.com/endgameinc/ember
[漏洞分析]  
Windows: WLDP CLSID policy .NET COM Instantiation UMCI Bypass  点击率 202 
https://bugs.chromium.org/p/project-zero/issues/detail?id=1514
[移动安全]  
iOS应用逆向工程资料汇总  点击率 198 
https://everettjf.github.io/2018/01/15/ios-app-reverse-engineering-stuff/
[漏洞分析]  
$5k Service dependencies  点击率 194 
https://sites.google.com/site/testsitehacking/-5k-service-dependencies
[取证分析]  
用零宽度字符水印揭露泄密者身份  点击率 193 
http://www.freebuf.com/articles/web/167903.html
[工具]  
Polymorph: A Real-Time Network Packet Manipulation Framework  点击率 188 
https://www.exploit-db.com/docs/english/44457-polymorph-a-real-time-network-packet-manipulation-framework.pdf
[Web安全]  
WordPress hacked site – forensics report  点击率 186 
https://www.glenscott.co.uk/wordpress-hacked-site-forensics-report/
[漏洞分析]  
Go AST Scanner:Inspects source code for security problems  点击率 185 
https://github.com/GoASTScanner/gas
[Web安全]  
毕业设计之php RASP(一) hook函数  点击率 185 
http://www.cnblogs.com/iamstudy/articles/php_code_rasp_1.html
[Web安全]  
XSS in pastebin.com via unsanitized markdown output  点击率 181 
https://github.com/Nhoya/PastebinMarkdownXSS
[Web安全]  
Vultr Domain Hijacking  点击率 180 
https://vincentyiu.co.uk/vultr-domain-hijacking/
[运维安全]  
SMB Protocol Bruteforce  点击率 179 
https://github.com/m4ll0k/SMBrute
[设备安全]  
Lateral Attacks Between IoT Devices: The Technical Details  点击率 177 
http://blog.senr.io/blog/lateral-attacks-between-iot-devices-the-technical-details
[恶意分析]  
写在“软件基因分论”之后(二)  点击率 174 
https://mp.weixin.qq.com/s/_cStfXSfXII8m5ary4fzWg
[恶意分析]  
Virtual Machine for Adversary Emulation and Threat Hunting  点击率 174 
https://github.com/redhuntlabs/RedHunt-OS/
[观点]  
创新沙盒初探 (2) - RSAC2018之二  点击率 173 
https://mp.weixin.qq.com/s/KEF458q-88jzrpRq6JpCUA
[编程技术]  
Golang for Security Professionals  点击率 169 
https://github.com/parsiya/Hacking-with-Go
[漏洞分析]  
Windows Exploitation Tricks: Exploiting Arbitrary File Writes for Local Elevatio  点击率 166 
https://googleprojectzero.blogspot.in/2018/04/windows-exploitation-tricks-exploiting.html
[运维安全]  
Hardening Script for Linux Servers/ Secure LAMP-LEMP Deployer  点击率 159 
https://github.com/Jsitech/JShielder
[漏洞分析]  
CVE-2018-4121 - Safari Wasm Sections POC RCE Exploit  点击率 152 
https://github.com/mwrlabs/CVE-2018-4121
[设备安全]  
Awesome Firmware Security & Other Helpful Documents  点击率 151 
https://github.com/PreOS-Security/awesome-firmware-security
[Web安全]  
Firefox 56.0 302 Redirect URL Spoofing Vulnerability  点击率 143 
http://rm-rf.gg/2018/04/19/Firefox_302_Redirect_URL_Spoofing_Vulnerability.html
[移动安全]  
Damn Vulnerable iOS App (DVIA) is an iOS application that is damn vulnerable.  点击率 137 
https://github.com/prateek147/DVIA-v2
[编程技术]  
Source code about machine learning and security.  点击率 131 
https://github.com/13o-bbr-bbq/machine_learning_security
[漏洞分析]  
Automotive Industry Guidelines for Secure Over-the-Air Updates  点击率 120 
https://fastr.org/wp-content/uploads/2018/04/FASTR_AutomotiveIndustry_Guidelines_SecureOver-the-Air_Updates_v2.pdf
[漏洞分析]  
An Empirical Analysis of Traceability in the Monero Blockchain  点击率 101 
https://www.andrew.cmu.edu/user/nicolasc/publications/Moeser-PETS18.pdf
-----微信ID:SecWiki-----
SecWiki,5年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第216期)