SecWiki周刊(第229期)
2018/07/16-2018/07/22
安全资讯
Personal info of 1.5m SingHealth patients, including PM Lee, stolen in Singapore
https://www.straitstimes.com/singapore/personal-info-of-15m-singhealth-patients-including-pm-lee-stolen-in-singapores-most
https://www.straitstimes.com/singapore/personal-info-of-15m-singhealth-patients-including-pm-lee-stolen-in-singapores-most
云众可信陈博:从少年黑客杀马特到可信众测创业者
https://mp.weixin.qq.com/s/1anwDWOfI9A0r7Fhw-VlDw
https://mp.weixin.qq.com/s/1anwDWOfI9A0r7Fhw-VlDw
首届全国中学生网络安全竞赛决赛在西电开幕
http://news.xidian.edu.cn/info/2106/201118.htm
http://news.xidian.edu.cn/info/2106/201118.htm
网络武器已被全世界采用 论地缘政治对网络安全的影响
http://www.aqniu.com/news-views/28833.html?from=timeline
http://www.aqniu.com/news-views/28833.html?from=timeline
安全技术
CTF-Web-Challenges:历届 CTF开源的Web 题源码
https://github.com/inory009/CTF-Web-Challenges
https://github.com/inory009/CTF-Web-Challenges
如何挖掘泄漏用户隐私的敏感jsonp接口漏洞
http://www.infosec-wiki.com/?p=455211
http://www.infosec-wiki.com/?p=455211
互联网黑产-网络安全刑事司法保护白皮书
https://mp.weixin.qq.com/s?__biz=MzI1MjkxNDU1OQ==&mid=2247484852&idx=1&sn=51a0502ea4664dfef5be77d5b0de4046&chksm=e9dd3ba4deaab2b24
https://mp.weixin.qq.com/s?__biz=MzI1MjkxNDU1OQ==&mid=2247484852&idx=1&sn=51a0502ea4664dfef5be77d5b0de4046&chksm=e9dd3ba4deaab2b24
Go代码审计 - gitea 远程命令执行漏洞链
https://zhuanlan.zhihu.com/p/39835913
https://zhuanlan.zhihu.com/p/39835913
机器学习实践-DGA检测
https://mp.weixin.qq.com/s?__biz=MzIwNTcxNTczMQ==&mid=2247483838&idx=1&sn=e7147aadaf020a2d4960e2056b1ea6ef
https://mp.weixin.qq.com/s?__biz=MzIwNTcxNTczMQ==&mid=2247483838&idx=1&sn=e7147aadaf020a2d4960e2056b1ea6ef
WebLogic任意文件上传漏洞复现与分析
https://xz.aliyun.com/t/2458
https://xz.aliyun.com/t/2458
测试 Electron 应用的基本指南
https://xz.aliyun.com/t/2461
https://xz.aliyun.com/t/2461
Fiddler Customize Rules
http://www.infosec-wiki.com/?p=140777
http://www.infosec-wiki.com/?p=140777
代码审计Day1 - in_array函数缺陷
https://xz.aliyun.com/t/2451
https://xz.aliyun.com/t/2451
Fiddler Extension – Request to Code
http://www.infosec-wiki.com/?p=140783
http://www.infosec-wiki.com/?p=140783
代码审计Day2 - filter_var函数缺陷
https://xz.aliyun.com/t/2457
https://xz.aliyun.com/t/2457
收集各类安全设备、Nginx日志实现日志统一管理及告警
https://mp.weixin.qq.com/s/wI_btTRyso_kPW_1HXJZIA
https://mp.weixin.qq.com/s/wI_btTRyso_kPW_1HXJZIA
Detecting Windows Endpoint Compromise with SACLs
https://medium.com/@cryps1s/detecting-windows-endpoint-compromise-with-sacls-cd748e10950
https://medium.com/@cryps1s/detecting-windows-endpoint-compromise-with-sacls-cd748e10950
基于卷积神经网络的SQL注入检测
http://www.freebuf.com/articles/web/176709.html
http://www.freebuf.com/articles/web/176709.html
第七课视频回放:高春辉给IP画个像
https://mp.weixin.qq.com/s/9aFbbPrSDRr88KDcdZ1g4Q
https://mp.weixin.qq.com/s/9aFbbPrSDRr88KDcdZ1g4Q
geth以太坊源码分析-连接其他以太坊peer节点流程
http://chenzhenianqing.com/articles/1613.html
http://chenzhenianqing.com/articles/1613.html
BFscan: 基于python3实现规避防火墙的轻量级信息探测工具
https://github.com/blackwolfsec/BFscan
https://github.com/blackwolfsec/BFscan
美团如何基于深度学习实现图像的智能审核
https://mp.weixin.qq.com/s/fnX7iH3S5k-hYTJQgNMJVw
https://mp.weixin.qq.com/s/fnX7iH3S5k-hYTJQgNMJVw
windows入侵排查思路
https://mp.weixin.qq.com/s/17L_fQJ1qjSvt8UL7VSemg
https://mp.weixin.qq.com/s/17L_fQJ1qjSvt8UL7VSemg
yoga: Your OSINT Graphical Analyzer
https://github.com/WebBreacher/yoga
https://github.com/WebBreacher/yoga
一个EXP查询平台
https://www.exploitalert.com/
https://www.exploitalert.com/
blue-team-tips
https://www.sneakymonkey.net/2018/06/25/blue-team-tips/
https://www.sneakymonkey.net/2018/06/25/blue-team-tips/
2018上半年互联网恶意爬虫分析
https://mp.weixin.qq.com/s/-NRqdU-P6jkQvItfyXHjpg
https://mp.weixin.qq.com/s/-NRqdU-P6jkQvItfyXHjpg
Linux pwn入门教程——格式化字符串漏洞
https://bbs.ichunqiu.com/thread-42943-1-1.html?from=sec
https://bbs.ichunqiu.com/thread-42943-1-1.html?from=sec
APK防护——Anti_Virtual App的思路和实现
https://bbs.ichunqiu.com/thread-42982-1-1.html?from=sec
https://bbs.ichunqiu.com/thread-42982-1-1.html?from=sec
Threat Hunting之横向移动攻击
https://mp.weixin.qq.com/s/PAA-8FEW6F5Gy_3aXWaCHA
https://mp.weixin.qq.com/s/PAA-8FEW6F5Gy_3aXWaCHA
CTF中常见的RSA相关问题总结
https://xz.aliyun.com/t/2446
https://xz.aliyun.com/t/2446
收集各类安全设备、Nginx日志实现日志统一管理及告警
http://www.freebuf.com/articles/es/176953.html
http://www.freebuf.com/articles/es/176953.html
Threat Hunting之横向移动攻击
http://www.4hou.com/info/news/12522.html
http://www.4hou.com/info/news/12522.html
JS Sniffer: E-commerce Data Theft Made Easy
https://www.volexity.com/blog/2018/07/19/js-sniffer-e-commerce-data-theft-made-easy/
https://www.volexity.com/blog/2018/07/19/js-sniffer-e-commerce-data-theft-made-easy/
闲谈-极客互联网企业安全建设方案
http://phantom0301.cc/2018/07/15/geek-company-security/
http://phantom0301.cc/2018/07/15/geek-company-security/
OSINT Map: A MindMap for Your Investigations
https://webbreacher.com/2018/07/12/osint-map/
https://webbreacher.com/2018/07/12/osint-map/
从XML到RCE(远程代码执行)
https://www.anquanke.com/post/id/151944
https://www.anquanke.com/post/id/151944
Hulu大规模容器调度系统Capos
https://mp.weixin.qq.com/s/M-DuRkzphtQgeSErpZ2DWg
https://mp.weixin.qq.com/s/M-DuRkzphtQgeSErpZ2DWg
如何建设一个安全监控中心(SOC)?
http://www.freebuf.com/news/177919.html
http://www.freebuf.com/news/177919.html
深度学习在恶意软件检测中的应用
https://xz.aliyun.com/t/2447
https://xz.aliyun.com/t/2447
微信小程序“反编译”实战(一):解包
https://kangzubin.com/wxapp-decompile-1/
https://kangzubin.com/wxapp-decompile-1/
From shallow to deep learning in fraud
https://eng.lyft.com/from-shallow-to-deep-learning-in-fraud-9dafcbcef743
https://eng.lyft.com/from-shallow-to-deep-learning-in-fraud-9dafcbcef743
Skyfire: 一种用于Fuzzing的数据驱动的种子生成工具
https://www.inforsec.org/wp/?p=2678
https://www.inforsec.org/wp/?p=2678
SecWiki周刊(第228期)
https://www.sec-wiki.com/weekly/228
https://www.sec-wiki.com/weekly/228
上交所举办行业网络安全实践研讨会PPT
https://cloud.ssetech.com.cn/p/DUf-3PEQtwcY7gg
https://cloud.ssetech.com.cn/p/DUf-3PEQtwcY7gg
以太坊学习笔记2 -- 对以太坊机制的理解
https://0x48.pw/2018/07/16/0x46/
https://0x48.pw/2018/07/16/0x46/
建立和保持数据完整性的六个步骤
http://www.freebuf.com/articles/es/177399.html
http://www.freebuf.com/articles/es/177399.html
采用差分分析技术测量和干扰 Anti-adblockers
https://www.inforsec.org/wp/?p=2700
https://www.inforsec.org/wp/?p=2700
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第229期)
