SecWiki周刊(第233期)
2018/08/13-2018/08/19
安全资讯
[法规]  中央国家机关2018-2019年政府集中采购信息类产目录
http://www.zycg.gov.cn/td_xxlcpxygh/platform
[新闻]  BlackHat 2018:10大网络安全热点趋势pick一下
https://mp.weixin.qq.com/s/cGg_1VNL0Yj2CcpcmvN_Dw
[新闻]  推动企业上云实施指南(2018-2020年)
https://mp.weixin.qq.com/s/lUvdujsFeW_GbHzpY0aVLw
安全技术
[Web安全]  New PHP Code Execution Attack Puts WordPress Sites at Risk
https://thehackernews.com/2018/08/php-deserialization-wordpress.html
[漏洞分析]  利用Craft CMS SEOmatic插件(版本<= 3.1.3)实现服务器端模板注入 [CVE-2018-14716]
https://xz.aliyun.com/t/2580
[Web安全]  实战web缓存中毒
https://xz.aliyun.com/t/2585
[取证分析]  openQPA: 协议分析软件QPA的开源代码(进程抓包、特征自动分析)
https://gitee.com/qielige/openQPA
[Web安全]  初试XML外部实体注入
https://xz.aliyun.com/t/2571
[取证分析]  Mailget: 通过脉脉用户猜测企业邮箱
https://github.com/Ridter/Mailget
[会议]  第二届顺丰信息安全峰会2018 PDF #密码: 09cu
https://pan.baidu.com/s/14I8YxPwoLcjzwYhSQO3H-Q
[Web安全]  PHP-Audit-Labs题解之Day5-8
https://xz.aliyun.com/t/2597
[编程技术]  DocHub: 使用Beego(Golang)开发的开源文库系统
https://github.com/TruthHun/DocHub
[编程技术]  MesaPy项目开源: 一个安全且快速的 Python
https://mp.weixin.qq.com/s/IVpij_eGCccI2I-V0FYfBQ
[工具]  2018黑帽大会工具清单-Blackhat
http://www.ddosi.com/2018/08/13/2018blackhat/
[编程技术]  基于Redis的扫描器任务调度设计方案
https://thief.one/2018/08/15/1/
[其它]  自适应安全架构的历史和演进
https://mp.weixin.qq.com/s/6BmRdNPKG2dA7m1DrdGtkQ
[Web安全]  渗透测试实战-lin.security靶机+Goldeneye靶机入侵
https://www.anquanke.com/post/id/156098?from=timeline
[比赛]  TJCTF 2018 Web专题全解析
https://www.anquanke.com/post/id/156434
[视频]  Advanced Topics in Security 课程视频
https://www.youtube.com/playlist?list=PL5H0SXHF1jMVpMEEcddvGJ_ZhqFwxmpO5
[编程技术]  Docker从入门到放弃
http://www.freebuf.com/articles/system/180142.html
[运维安全]  Google SRE最佳实践之On-Call
https://mp.weixin.qq.com/s/NZlhmapXN0iErIMIKx7aHw
[取证分析]  Omnibus: Automating OSINT Collection
http://blog.inquest.net/blog/2018/08/16/omnibus-automating-osint/
[工具]  Bodhi - Client-side Vulnerability Playground
https://github.com/amolnaik4/bodhi
[取证分析]  服务器入侵溯源小技巧整理
http://www.freebuf.com/articles/rookie/179638.html
[Web安全]  业务安全之另类隐患
https://mp.weixin.qq.com/s/NWxFkWImIRIYtLYz82gjMw
[Web安全]  代码审计之YOUKE365
https://xz.aliyun.com/t/2561
[运维安全]  Detecting SSH Username Enumeration
https://blog.rootshell.be/2018/08/16/detecting-ssh-username-enumeration/
[运维安全]  Iptables Essentials: Common Firewall Rules and Commands.
https://github.com/trimstray/iptables-essentials
[Web安全]  论如何优雅地拿下PHPCMS
https://bbs.ichunqiu.com/thread-44046-1-1.html?from=sec
[比赛]  Real World CTF doc2own 命题报告
https://zhuanlan.zhihu.com/p/41544965
[比赛]  TJCTF 2018 Pwn_Re专题全解析
https://www.anquanke.com/post/id/156443
[漏洞分析]  一种利用 etherscan.io 缺陷的智能合约蜜罐
https://paper.seebug.org/671/
[文档]  deep-hooks-monitoring-native-execution-wow64-applications-part-2
https://www.sentinelone.com/blog/deep-hooks-monitoring-native-execution-wow64-applications-part-2/
[Web安全]  Web Application Penetration Testing Course URLs
https://docs.google.com/document/d/101EsKlu41ICdeE7mEv189SS8wMtcdXfRtua0ClYjP1M/edit
[数据挖掘]  我的AI安全检测学习笔记(一)
https://www.secpulse.com/archives/74179.html
[数据挖掘]  网络空间资源测绘:概念与技术
http://jcs.iie.ac.cn/ch/reader/view_abstract.aspx?file_no=20180401&flag=1
[其它]  逆向相关的wiki分享
https://lichao890427.github.io/wiki/
[Web安全]  利用PHP扩展Taint找出网站的潜在安全漏洞实践
https://bbs.ichunqiu.com/thread-44407-1-1.html?from=sec
[Web安全]  Trust no one: TrustKit SSL pinning bypass
https://kov4l3nko.github.io/blog/2018-08-14-trustkit-bypass/
[运维安全]  window应急响应(四):挖矿病毒
https://mp.weixin.qq.com/s/dbQ0ZMHur4vIq98oqR-sXA
[文档]  deep-hooks-monitoring-native-execution-wow64-applications-part-3
https://www.sentinelone.com/blog/deep-hooks-monitoring-native-execution-wow64-applications-part-3/
[比赛]  DEFCON 26 CTF參賽記
http://maskray.me/blog/2018-08-13-defcon-26-ctf
[其它]  NASA开源软件实践与思考
https://mp.weixin.qq.com/s/-9BlAQqApaoGLfRgtJIn7Q
[移动安全]  浅谈APK安全及自动化审计
http://www.freebuf.com/articles/terminal/180637.html
[运维安全]  window应急响应(三):勒索病毒
https://mp.weixin.qq.com/s/Z0kBcwy379x_J-Xm2Y-Vlg
[恶意分析]  How to Hunt Command & Control Channels Using Bro IDS and RITA
https://www.blackhillsinfosec.com/how-to-hunt-command-and-control-channels-using-bro-ids-and-rita/
[观点]  Black Hat 2018观感:威胁情报百家争鸣
https://mp.weixin.qq.com/s/rS7nTJ-rwnmcxvRSmwn-4w
[工具]  Charles 破解工具
https://github.com/8enet/Charles-Crack
[漏洞分析]  区块链技术安全概述
https://mp.weixin.qq.com/s/NIMcwmo59QSDoyI07DGDsQ
[恶意分析]  中国香港地区 DDoS-botnet 态势分析
https://mp.weixin.qq.com/s/_lzFwYVlSe9L5K0RsSS1bw
[数据挖掘]  教你如何自动创建机器学习特征
https://mp.weixin.qq.com/s/1Zj_pQDBqBJKSrtt9HsKXg
[Web安全]  一个传真接管你的网络:含有传真功能的打印机漏洞分析
https://xz.aliyun.com/t/2573
[观点]  Google编程之夏2018盘点
https://mp.weixin.qq.com/s/49liyrR-RcVS6CESkIC50w
[其它]  X-Ways Forensics/ WinHex(手册)
http://x-ways.net/winhex/manual.pdf
[恶意分析]  Dalton - IDS规则和PCAP测试系统
https://github.com/secureworks/dalton
[Web安全]  黑客是如何攻击 WebSockets 和 Socket.io的
https://xz.aliyun.com/t/2572
[运维安全]  Window应急响应(二):蠕虫病毒
https://mp.weixin.qq.com/s/xodT25Pn3fW1xHrU0IhBDQ
[漏洞分析]  基于机器学习的WebShell检测方法与实现(上)
http://www.freebuf.com/articles/web/181169.html
[数据挖掘]  ML&AI如何在云态势感知产品中落地
https://mp.weixin.qq.com/s/7Clr-Uxg6y5nXOnIQXLZ6A
[Web安全]  哈希长度拓展攻击(Hash Length Extension Attacks)
https://xz.aliyun.com/t/2563
[数据挖掘]  机器学习在安全攻防场景的应用与分析
https://cloud.tencent.com/developer/article/1045024
[其它]  deep-hooks-monitoring-native-execution-wow64-applications-part-1
https://www.sentinelone.com/blog/deep-hooks-monitoring-native-execution-wow64-applications-part-1/
[数据挖掘]  深度学习与词法、句法、语义分析
https://mp.weixin.qq.com/s/UERPcb_XWwmnwissDHkeTg
[漏洞分析]  Xdebug 攻击面在 PhpStorm 上的现实利用
https://paper.seebug.org/668/
[恶意分析]  初识威胁情报
https://mp.weixin.qq.com/s/wV8nJYvK-qzC1JNR9ODsjw
[恶意分析]  Delving deep into VBScript: Analysis of CVE-2018-8174 exploitation
https://securelist.com/delving-deep-into-vbscript-analysis-of-cve-2018-8174-exploitation/86333/?from=timeline
[工具]  2018 Blackhat 工具列表
https://nosec.org/home/detail/1739.html
[杂志]  SecWiki周刊(第232期)
https://www.sec-wiki.com/weekly/232
[数据挖掘]  2018中国大数据产业生态地图暨中国大数据产业发展白皮书
http://www.sohu.com/a/245975306_468714
[数据挖掘]  一种把指定程序的 TCP 流量重定向到代理的方法
https://www.v2ex.com/t/476594
[数据挖掘]  TensorFlow教程和资源(附链接&视频)
https://mp.weixin.qq.com/s/h5jpQCOwjOnniaJD7yFrPA
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第233期)