SecWiki周刊(第229期)
2018/07/16-2018/07/22
安全资讯
[运维安全]  Personal info of 1.5m SingHealth patients, including PM Lee, stolen in Singapore
https://www.straitstimes.com/singapore/personal-info-of-15m-singhealth-patients-including-pm-lee-stolen-in-singapores-most
[人物]  云众可信陈博:从少年黑客杀马特到可信众测创业者
https://mp.weixin.qq.com/s/1anwDWOfI9A0r7Fhw-VlDw
[新闻]  首届全国中学生网络安全竞赛决赛在西电开幕
http://news.xidian.edu.cn/info/2106/201118.htm
[观点]  网络武器已被全世界采用 论地缘政治对网络安全的影响
http://www.aqniu.com/news-views/28833.html?from=timeline
安全技术
[比赛]  CTF-Web-Challenges:历届 CTF开源的Web 题源码
https://github.com/inory009/CTF-Web-Challenges
[Web安全]  如何挖掘泄漏用户隐私的敏感jsonp接口漏洞
http://www.infosec-wiki.com/?p=455211
[漏洞分析]  Go代码审计 - gitea 远程命令执行漏洞链
https://zhuanlan.zhihu.com/p/39835913
[Web安全]  WebLogic任意文件上传漏洞复现与分析
https://xz.aliyun.com/t/2458
[Web安全]  测试 Electron 应用的基本指南
https://xz.aliyun.com/t/2461
[Web安全]  代码审计Day1 - in_array函数缺陷
https://xz.aliyun.com/t/2451
[编程技术]  Fiddler Customize Rules
http://www.infosec-wiki.com/?p=140777
[编程技术]  Fiddler Extension – Request to Code
http://www.infosec-wiki.com/?p=140783
[Web安全]  代码审计Day2 - filter_var函数缺陷
https://xz.aliyun.com/t/2457
[取证分析]  收集各类安全设备、Nginx日志实现日志统一管理及告警
https://mp.weixin.qq.com/s/wI_btTRyso_kPW_1HXJZIA
[设备安全]  Detecting Windows Endpoint Compromise with SACLs
https://medium.com/@cryps1s/detecting-windows-endpoint-compromise-with-sacls-cd748e10950
[Web安全]  基于卷积神经网络的SQL注入检测
http://www.freebuf.com/articles/web/176709.html
[数据挖掘]  第七课视频回放:高春辉给IP画个像
https://mp.weixin.qq.com/s/9aFbbPrSDRr88KDcdZ1g4Q
[漏洞分析]  geth以太坊源码分析-连接其他以太坊peer节点流程
http://chenzhenianqing.com/articles/1613.html
[Web安全]  BFscan: 基于python3实现规避防火墙的轻量级信息探测工具
https://github.com/blackwolfsec/BFscan
[数据挖掘]  美团如何基于深度学习实现图像的智能审核
https://mp.weixin.qq.com/s/fnX7iH3S5k-hYTJQgNMJVw
[运维安全]  windows入侵排查思路
https://mp.weixin.qq.com/s/17L_fQJ1qjSvt8UL7VSemg
[Web安全]  一个EXP查询平台
https://www.exploitalert.com/
[取证分析]  yoga: Your OSINT Graphical Analyzer
https://github.com/WebBreacher/yoga
[漏洞分析]  编译原理在安全领域的应用
https://mp.weixin.qq.com/s/6SqdcbyABfBxSaNfDlFKog
[运维安全]  数据库安全建设思路探索
https://mp.weixin.qq.com/s/h-DGDGpvxXaMgLLtQlvajw
[数据挖掘]  2018上半年互联网恶意爬虫分析
https://mp.weixin.qq.com/s/-NRqdU-P6jkQvItfyXHjpg
[Web安全]  Linux pwn入门教程——格式化字符串漏洞
https://bbs.ichunqiu.com/thread-42943-1-1.html?from=sec
[Web安全]  APK防护——Anti_Virtual App的思路和实现
https://bbs.ichunqiu.com/thread-42982-1-1.html?from=sec
[恶意分析]  Threat Hunting之横向移动攻击
https://mp.weixin.qq.com/s/PAA-8FEW6F5Gy_3aXWaCHA
[漏洞分析]  CTF中常见的RSA相关问题总结
https://xz.aliyun.com/t/2446
[取证分析]  收集各类安全设备、Nginx日志实现日志统一管理及告警
http://www.freebuf.com/articles/es/176953.html
[恶意分析]  Threat Hunting之横向移动攻击
http://www.4hou.com/info/news/12522.html
[恶意分析]  JS Sniffer: E-commerce Data Theft Made Easy
https://www.volexity.com/blog/2018/07/19/js-sniffer-e-commerce-data-theft-made-easy/
[运维安全]  闲谈-极客互联网企业安全建设方案
http://phantom0301.cc/2018/07/15/geek-company-security/
[取证分析]  OSINT Map: A MindMap for Your Investigations
https://webbreacher.com/2018/07/12/osint-map/
[漏洞分析]  从XML到RCE(远程代码执行)
https://www.anquanke.com/post/id/151944
[运维安全]  Hulu大规模容器调度系统Capos
https://mp.weixin.qq.com/s/M-DuRkzphtQgeSErpZ2DWg
[其它]  如何建设一个安全监控中心(SOC)?
http://www.freebuf.com/news/177919.html
[数据挖掘]  深度学习在恶意软件检测中的应用
https://xz.aliyun.com/t/2447
[数据挖掘]  关于用户画像那些事
https://mp.weixin.qq.com/s/cHinmVC5o9DApFcI5odxNQ
[恶意分析]  微信小程序“反编译”实战(一):解包
https://kangzubin.com/wxapp-decompile-1/
[数据挖掘]  From shallow to deep learning in fraud
https://eng.lyft.com/from-shallow-to-deep-learning-in-fraud-9dafcbcef743
[文档]  上交所举办行业网络安全实践研讨会PPT
https://cloud.ssetech.com.cn/p/DUf-3PEQtwcY7gg
[杂志]  SecWiki周刊(第228期)
https://www.sec-wiki.com/weekly/228
[漏洞分析]  Skyfire: 一种用于Fuzzing的数据驱动的种子生成工具
https://www.inforsec.org/wp/?p=2678
[数据挖掘]  互联网反欺诈体系漫谈
https://mp.weixin.qq.com/s/WAzCLk_6nkQ0Aap6Sx2lPw
[漏洞分析]  以太坊学习笔记2 -- 对以太坊机制的理解
https://0x48.pw/2018/07/16/0x46/
[运维安全]  建立和保持数据完整性的六个步骤
http://www.freebuf.com/articles/es/177399.html
[取证分析]  采用差分分析技术测量和干扰 Anti-adblockers
https://www.inforsec.org/wp/?p=2700
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第229期)