SecWiki周刊(第218期)
2018/04/30-2018/05/06
安全资讯
[会议]  
2018首都网络安全日企业大点评  点击率 541 
http://www.aqniu.com/industry/33318.html
[观点]  
吴世忠:对当前网络信息安全新特点新趋势的几点认识  点击率 436 
https://mp.weixin.qq.com/s/h94f2_y9hsdDZQPIEF9ZVg
[观点]  
RSA2018终端厂商及产品趋势解读(EPP&EDR&CWPP)  点击率 377 
http://www.aqniu.com/tools-tech/33370.html
安全技术
[Web安全]  
超详细的域渗透过程!  点击率 622 
https://bbs.ichunqiu.com/thread-39555-1-1.html?from=sec
[Web安全]  
metasploit之学习笔记  点击率 431 
http://nobgr.me/2018/05/05/metasploit/
[Web安全]  
惊蛰:一款基于Pocsuite的漏洞扫描系统  点击率 428 
https://github.com/jeffzh3ng/InsectsAwake
[Web安全]  
内网渗透中用到的计划任务  点击率 386 
https://xz.aliyun.com/t/2319
[Web安全]  
面向萌新的红帽杯2018线上赛wp  点击率 361 
https://bbs.ichunqiu.com/thread-39687-1-1.html?from=sec
[Web安全]  
时间延迟盲注的三种加速注入方式[mysql篇]  点击率 357 
http://www.ch1st.cn/?p=44
[工具]  
借鉴开源框架自研日志收集系统   点击率 324 
https://mp.weixin.qq.com/s/4TmrqAhr01e8N9e9keLCMA
[其它]  
金融企业信息安全培训规划与实践  点击率 310 
https://mp.weixin.qq.com/s/JKcaU2uMrTxcQudpsdFbnA
[文档]  
信息安全技术个人信息安全规范  点击率 307 
https://www.tc260.org.cn/upload/2018-01-24/1516799764389090333.pdf
[Web安全]  
Windows提权基本原理,各位表哥了解下!  点击率 284 
https://bbs.ichunqiu.com/thread-39731-1-1.html?from=sec
[恶意分析]  
利用机器学习检测HTTP恶意外连流量  点击率 277 
https://www.anquanke.com/post/id/107124
[Web安全]  
打破基于openresty的WEB安全防护(CVE-2018-9230)  点击率 258 
https://mp.weixin.qq.com/s/9Z6KSHbXQr61mrHcVA2--Q
[Web安全]  
JSON Web Token Pentesting  点击率 257 
https://medium.com/@netscylla/json-web-token-pentesting-890bc2cf0dcd
[编程技术]  
burpsuite插件开发之检测越权访问漏洞   点击率 255 
https://thief.one/2018/05/04/1/
[其它]  
中国程序员容易发音错误的单词  点击率 250 
https://github.com/shimohq/chinese-programmer-wrong-pronunciation
[编程技术]  
faceai:一款优秀的人脸检测、人脸识别、视频识别、文字识别等智能AI项目  点击率 247 
https://github.com/vipstone/faceai
[漏洞分析]  
CVE-2018-873X组合拳:深入分析NagiosXI漏洞链  点击率 243 
https://xz.aliyun.com/t/2321
[运维安全]  
ClickHouse与威胁日志分析  点击率 241 
http://candylab.net/hobby/clickhouse-basic/?from=timeline
[Web安全]  
从钓鱼样本到某大厂存储型XSS  点击率 238 
https://xz.aliyun.com/t/2322
[数据挖掘]  
web-analytics: 监测分析、异常监测、广告验证、访客唯一标识  点击率 236 
https://github.com/TingGe/web-analytics
[运维安全]  
实战公有云威胁情报系统构建  点击率 230 
http://www.4hou.com/technology/11307.html
[数据挖掘]  
NIPS 2017对抗样本攻防竞赛总结  点击率 225 
https://mp.weixin.qq.com/s/AuOFvbEl7sHpdbT4vFv46Q
[漏洞分析]  
7-Zip: From Uninitialized Memory to Remote Code Execution   点击率 218 
https://landave.io/2018/05/7-zip-from-uninitialized-memory-to-remote-code-execution/
[运维安全]  
开源软件创建SOC的一份清单  点击率 216 
http://www.freebuf.com/articles/network/169632.html
[Web安全]  
How I found 2.9 RCE at Yahoo! Bug Bounty program  点击率 215 
https://medium.com/@kedrisec/how-i-found-2-9-rce-at-yahoo-bug-bounty-program-20ab50dbfac7
[Web安全]  
Katana Framework武士刀操作指南  点击率 211 
http://www.freebuf.com/sectool/169457.html
[漏洞分析]  
CVE-2018-9995_dvr_credentials: Get DVR Credentials  点击率 210 
https://github.com/ezelf/CVE-2018-9995_dvr_credentials
[恶意分析]  
The new Domain Generation Algorithm of Nymaim  点击率 209 
https://johannesbader.ch/2018/04/the-new-domain-generation-algorithm-of-nymaim/
[取证分析]  
揭开神秘的面纱:CCleaner APT事件调查  点击率 206 
http://www.4hou.com/other/11221.html
[取证分析]  
0xB9 威胁情报体系与企业SIEM结合的那些套路—TIP平台建设  点击率 206 
https://zhuanlan.zhihu.com/p/36427877
[恶意分析]  
解析针对巴西用户的恶意软件及垃圾邮件行动  点击率 205 
http://www.4hou.com/technology/11251.html
[取证分析]  
Open Source Intelligence (OSINT) Tools & Resources  点击率 196 
http://osint.link/
[运维安全]  
TITAN: 云集分布式全链路压测军演系统  点击率 191 
https://github.com/yunjiweidian/TITAN
[取证分析]  
Bad-Pdf: Steal NTLM Hashes with Bad-PDF  点击率 189 
https://github.com/deepzec/Bad-Pdf
[编程技术]  
Requests-html: Pythonic HTML Parsing for Humans  点击率 188 
https://github.com/kennethreitz/requests-html
[编程技术]  
Norse - IPViking Map 源码改进与解析  点击率 187 
https://github.com/TingGe/data-visualization/tree/master/ipviking
[Web安全]  
线下AD&代码审计&ECShop V2.7.3  点击率 183 
https://www.anquanke.com/post/id/107008
[漏洞分析]  
Java反序列化漏洞的原理分析  点击率 181 
http://www.freebuf.com/vuls/170344.html
[Web安全]  
Multiple security vulnerabilities in domains belonging to Google  点击率 179 
https://sysdream.com/news/lab/2018-04-30-multiple-security-vulnerabilities-in-domains-belonging-to-google/
[设备安全]  
巧妙使用机器学习的方法来检测IOT设备中的DDOS攻击  点击率 179 
https://mp.weixin.qq.com/s/ksqB8wkHuCFvmTvxD4doWA
[漏洞分析]  
GPON Home Gateway 远程命令执行漏洞分析  点击率 170 
https://paper.seebug.org/593/
[书籍]  
Free Security and Hacking eBooks  点击率 169 
https://github.com/Hack-with-Github/Free-Security-eBooks
[比赛]  
2018-redhat-misc&web-writeup  点击率 169 
https://www.anquanke.com/post/id/107005
[数据挖掘]  
中国科学院院士:梅宏—智慧社会与软件定义  点击率 167 
https://mp.weixin.qq.com/s/h1nGYuusENkNroxdte9_yQ
[Web安全]  
#BugBounty — How I was able to bypass firewall to get RCE and then went from ser  点击率 166 
https://medium.com/@logicbomb_1/bugbounty-how-i-was-able-to-bypass-firewall-to-get-rce-and-then-went-from-server-shell-to-get-783f71131b94
[工具]  
A repository of sysmon configuration modules  点击率 166 
https://github.com/olafhartong/sysmon-modular
[编程技术]  
news_feed: 实时监控1000家中国企业的新闻动态  点击率 164 
https://github.com/lazycatzh/news_feed
[Web安全]  
GitList-0-6-Unauthenticated-RCE-分析  点击率 163 
https://chybeta.github.io/2018/04/30/GitList-0-6-Unauthenticated-RCE-分析/
[工具]  
santa:A binary whitelisting/blacklisting system for Mac OS X  点击率 154 
https://github.com/google/santa
[运维安全]  
gdpr-checklist: The GDPR Checklist Project  点击率 152 
https://github.com/privacyradius/gdpr-checklist
[取证分析]  
Palantir的新专利曝光:挖掘和整合全世界的数据  点击率 149 
https://mp.weixin.qq.com/s/y6wEiVqaRkXxGvDeUxO6-w
[恶意分析]  
Operation GhostSecret:在全球范围内窃取数据的攻击活动  点击率 149 
https://www.anquanke.com/post/id/106853
[文档]  
Tips for Reverse-Engineering Malicious Code - Cheat Sheet  点击率 140 
https://digital-forensics.sans.org/media/reverse-engineering-malicious-code-tips.pdf
[恶意分析]  
Kaspersky 发布针对网络间谍活动 ZooPark 的研究报告  点击率 134 
https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/05/03114450/ZooPark_for_public_final_edit.pdf
-----微信ID:SecWiki-----
SecWiki,5年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第218期)