SecWiki周刊(第227期)
2018/07/02-2018/07/08
安全资讯
杨卿自述:关于黑客男神的下一个十年
https://mp.weixin.qq.com/s/4DskkWpuvzEPgxRNrZrt2w
https://mp.weixin.qq.com/s/4DskkWpuvzEPgxRNrZrt2w
26个字母带你了解DARPA
https://mp.weixin.qq.com/s/vl6OcqS5v7oP-8PrW95Pww
https://mp.weixin.qq.com/s/vl6OcqS5v7oP-8PrW95Pww
白宫或将启动全球APT黑客组织全面调查
https://mp.weixin.qq.com/s/8cOywyuewCknJ_D5wqwFzg
https://mp.weixin.qq.com/s/8cOywyuewCknJ_D5wqwFzg
WCTF,一场属于黑客的世界杯狂欢
https://mp.weixin.qq.com/s/JUbs4wPBDSGUIEjORjvXCw
https://mp.weixin.qq.com/s/JUbs4wPBDSGUIEjORjvXCw
安全技术
fortify漏洞的学习途径
https://mp.weixin.qq.com/s/WYpLsML33xQBmRkDx3V52Q
https://mp.weixin.qq.com/s/WYpLsML33xQBmRkDx3V52Q
微信支付SDK存在XXE漏洞
https://xz.aliyun.com/t/2426
https://xz.aliyun.com/t/2426
中国网络安全产品分类及全景图2018.7
https://mp.weixin.qq.com/s/VTuUh2Fy2KYhMycqHWi38g
https://mp.weixin.qq.com/s/VTuUh2Fy2KYhMycqHWi38g
sql注入fuzz bypass waf
https://xz.aliyun.com/t/2418
https://xz.aliyun.com/t/2418
dftimewolf: A framework for orchestrating forensic
https://github.com/log2timeline/dftimewolf
https://github.com/log2timeline/dftimewolf
Mysql实时监控脚本
http://foreversong.cn/archives/1263
http://foreversong.cn/archives/1263
IoT安全测试之通信测试环境及方法
https://mp.weixin.qq.com/s/yPNxqzQ0qHtQarNBUPBzQg
https://mp.weixin.qq.com/s/yPNxqzQ0qHtQarNBUPBzQg
PublicCMS 任意目录文件写入漏洞分析与利用
https://mp.weixin.qq.com/s/bbEMrUkD5ItQAeiBj4mErw
https://mp.weixin.qq.com/s/bbEMrUkD5ItQAeiBj4mErw
onlinetools: 线上工具箱开源
https://github.com/iceyhexman/onlinetools
https://github.com/iceyhexman/onlinetools
Linux pwn入门教程(0)——环境配置
https://bbs.ichunqiu.com/thread-42239-1-1.html?from=sec
https://bbs.ichunqiu.com/thread-42239-1-1.html?from=sec
Mastering Machine Learning for Penetration Testing
https://github.com/PacktPublishing/Mastering-Machine-Learning-for-Penetration-Testing
https://github.com/PacktPublishing/Mastering-Machine-Learning-for-Penetration-Testing
灰熊矿业?BearMiner的创业之路
https://mp.weixin.qq.com/s/NEvX_Od3dgQrk9fHHV62Mw
https://mp.weixin.qq.com/s/NEvX_Od3dgQrk9fHHV62Mw
AccessLogAnylast: 支持Nginx、Apache、Tomcat等标准WEB日志的分析
https://github.com/cisp/AccessLogAnylast
https://github.com/cisp/AccessLogAnylast
使用 Apache Spark 和 Elasticsearch 构建一个推荐系统
https://github.com/IBM/elasticsearch-spark-recommender/blob/master/README-cn.md
https://github.com/IBM/elasticsearch-spark-recommender/blob/master/README-cn.md
UEBA如何在企业有效地应用与落地
https://www.sec-un.org/ueba%e5%a6%82%e4%bd%95%e5%9c%a8%e4%bc%81%e4%b8%9a%e6%9c%89%e6%95%88%e5%9c%b0%e5%ba%94%e7%94%a8%e4%b8%8e%e8%90%bd%e5%9c%b0/
https://www.sec-un.org/ueba%e5%a6%82%e4%bd%95%e5%9c%a8%e4%bc%81%e4%b8%9a%e6%9c%89%e6%95%88%e5%9c%b0%e5%ba%94%e7%94%a8%e4%b8%8e%e8%90%bd%e5%9c%b0/
使用PaddleFluid和TensorFlow训练RNN语言模型
https://mp.weixin.qq.com/s/JULU6bO7sPUbEJZ9tUDqiQ
https://mp.weixin.qq.com/s/JULU6bO7sPUbEJZ9tUDqiQ
知乎十万级容器规模的分布式镜像仓库实践
https://zhuanlan.zhihu.com/p/39004143
https://zhuanlan.zhihu.com/p/39004143
IoTSecurityNAT: IoT安全测试系统
https://github.com/3rdbody/IoTSecurityNAT
https://github.com/3rdbody/IoTSecurityNAT
Log-killer: Clear all your logs in [linux/windows] servers
https://github.com/Rizer0/Log-killer
https://github.com/Rizer0/Log-killer
Elasticsearch史上最全最常用工具清单
https://mp.weixin.qq.com/s/s2ema4tIXKcqTNUUhjGt1w
https://mp.weixin.qq.com/s/s2ema4tIXKcqTNUUhjGt1w
UAS-点评侧用户行为检索系统
https://tech.meituan.com/dp_user_action_system.html
https://tech.meituan.com/dp_user_action_system.html
Bypassing Web-Application Firewalls by abusing SSL/TLS
https://0x09al.github.io/waf/bypass/ssl/2018/07/02/web-application-firewall-bypass.html
https://0x09al.github.io/waf/bypass/ssl/2018/07/02/web-application-firewall-bypass.html
RANCOR: 针对东南亚的APT攻击
https://mp.weixin.qq.com/s/n75EFy-2f_8FdxURzGU45g
https://mp.weixin.qq.com/s/n75EFy-2f_8FdxURzGU45g
HDwiki二次注入案例分享
http://www.freebuf.com/vuls/175911.html
http://www.freebuf.com/vuls/175911.html
分布式Web漏洞扫描服务建设实践—衡量指标及解决实践(2)
https://mp.weixin.qq.com/s/P9LJe2ZFbgdB2FkD2km5WA
https://mp.weixin.qq.com/s/P9LJe2ZFbgdB2FkD2km5WA
weixin:// 跳转研究
https://liball.me/jump-to-weixin/
https://liball.me/jump-to-weixin/
嵌入式系统的安全技术分析(一)
https://mp.weixin.qq.com/s/At93VzqqDtAV7mhyRY7lfw
https://mp.weixin.qq.com/s/At93VzqqDtAV7mhyRY7lfw
以太坊学习—从私有链、交易到智能合约
http://phantom0301.cc/2018/06/29/ether/
http://phantom0301.cc/2018/06/29/ether/
Taking apart a double zero-day sample discovered in joint hunt with ESET
https://cloudblogs.microsoft.com/microsoftsecure/2018/07/02/taking-apart-a-double-zero-day-sample-discovered-in-joint-hunt-with-eset/
https://cloudblogs.microsoft.com/microsoftsecure/2018/07/02/taking-apart-a-double-zero-day-sample-discovered-in-joint-hunt-with-eset/
登录框之另类思考:来自客户端的欺骗
http://www.freebuf.com/vuls/175884.html
http://www.freebuf.com/vuls/175884.html
Delving deep into VBScript: Analysis of CVE-2018-8174 exploitation
https://securelist.com/delving-deep-into-vbscript-analysis-of-cve-2018-8174-exploitation/86333/
https://securelist.com/delving-deep-into-vbscript-analysis-of-cve-2018-8174-exploitation/86333/
信息安全规划文档的编写
https://xz.aliyun.com/t/2424
https://xz.aliyun.com/t/2424
PHP使用流包装器实现WebShell
http://www.freebuf.com/articles/web/176571.html
http://www.freebuf.com/articles/web/176571.html
从M-Trends 报告的两个指标谈起
https://mp.weixin.qq.com/s/_eVf8RZgHGsMTo-jsCGGJQ
https://mp.weixin.qq.com/s/_eVf8RZgHGsMTo-jsCGGJQ
BlockChain-Security-List Repo
https://github.com/im-bug/BlockChain-Security-List
https://github.com/im-bug/BlockChain-Security-List
基于Tor网络的钓鱼邮件分析
http://www.freebuf.com/articles/system/175721.html
http://www.freebuf.com/articles/system/175721.html
从FireEye发展看产品规划
https://www.jianshu.com/p/e78a869c7f8c
https://www.jianshu.com/p/e78a869c7f8c
HTTP Evader - Automate Firewall Evasion Tests
https://noxxi.de/research/http-evader.html
https://noxxi.de/research/http-evader.html
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第227期)
