SecWiki周刊(第239期)
2018/09/24-2018/09/30
安全资讯
从青果直播用户隐私看摄像头安全问题,千万摄像头暴露公网
https://nosec.org/home/detail/1837.html
https://nosec.org/home/detail/1837.html
少年黑客入侵苹果下载1TB数据,被判处缓刑8个月
https://nosec.org/home/detail/1845.html
https://nosec.org/home/detail/1845.html
Facebook现安全漏洞造成5000万账户泄露,股价跌超3%
https://nosec.org/home/detail/1849.html
https://nosec.org/home/detail/1849.html
联合国WordPress网站泄露数千份简历
https://nosec.org/home/detail/1842.html
https://nosec.org/home/detail/1842.html
管中窥豹,从DVP数据看中心化交易所的安全现状
https://nosec.org/home/detail/1846.html
https://nosec.org/home/detail/1846.html
安全技术
Web安全实战系列:SQL注入漏洞
https://mp.weixin.qq.com/s/m6bsWlJ3Yj1YMFZwz5uHIQ
https://mp.weixin.qq.com/s/m6bsWlJ3Yj1YMFZwz5uHIQ
轻松理解什么是 C&C 服务器
https://mp.weixin.qq.com/s/uiXmL36bsr5415mLJ-T04g
https://mp.weixin.qq.com/s/uiXmL36bsr5415mLJ-T04g
Ethernaut学习智能合约系列(一)
http://foreversong.cn/archives/1295
http://foreversong.cn/archives/1295
BeyondCorp:一种企业安全新方法-中英文对照版
https://mp.weixin.qq.com/s/DKTODvkmZqTVi1lfqtHdDw
https://mp.weixin.qq.com/s/DKTODvkmZqTVi1lfqtHdDw
pwcracker: 一款插件化的密码爆破框架
https://github.com/c0ny1/pwcracker
https://github.com/c0ny1/pwcracker
SeLoadDriverPrivilege 在提权中的应用
https://mp.weixin.qq.com/s/VSF7nNnh0x7ptdtyDWDYsA
https://mp.weixin.qq.com/s/VSF7nNnh0x7ptdtyDWDYsA
前端安全系列(一):如何防止XSS攻击?
https://segmentfault.com/a/1190000016551188
https://segmentfault.com/a/1190000016551188
网络归因溯源之误区刍议(三)
https://mp.weixin.qq.com/s/u-o_G4qi3KW4_A4oYB3Z-w
https://mp.weixin.qq.com/s/u-o_G4qi3KW4_A4oYB3Z-w
Red Team 工具集之攻击武器库
https://mp.weixin.qq.com/s/HNJRq_yTX_NLrXsvMXUrTA
https://mp.weixin.qq.com/s/HNJRq_yTX_NLrXsvMXUrTA
ThinkPHP-漏洞分析集合
https://xz.aliyun.com/t/2812
https://xz.aliyun.com/t/2812
Red Team 工具集之远程控制软件
https://mp.weixin.qq.com/s/CQ642WcTLcdZgrYwwNWXjA
https://mp.weixin.qq.com/s/CQ642WcTLcdZgrYwwNWXjA
记一次对色情网站拥有人身份的挖掘
https://nosec.org/home/detail/1869.html
https://nosec.org/home/detail/1869.html
用不同姿势复现 CVE-2018-8174 漏洞
https://mp.weixin.qq.com/s/AGWCU7snrDQWy8UIKJURmQ
https://mp.weixin.qq.com/s/AGWCU7snrDQWy8UIKJURmQ
浅谈针对rdp协议的四种测试方法
https://mp.weixin.qq.com/s/mCMBpx_jLmy6jDYqA67EjQ
https://mp.weixin.qq.com/s/mCMBpx_jLmy6jDYqA67EjQ
Wifi 四次握手认证过程介绍
https://mp.weixin.qq.com/s/sFk15theGX4eotiu9bJUCg
https://mp.weixin.qq.com/s/sFk15theGX4eotiu9bJUCg
墨者学院审计类通关指南
https://xz.aliyun.com/t/2821
https://xz.aliyun.com/t/2821
大数据威胁建模方法论
https://www.cdxy.me/?p=797
https://www.cdxy.me/?p=797
deep-analysis-of-driver-based-mitm-malware-itranslator
https://www.fortinet.com/blog/threat-research/deep-analysis-of-driver-based-mitm-malware-itranslator.html
https://www.fortinet.com/blog/threat-research/deep-analysis-of-driver-based-mitm-malware-itranslator.html
CVE-2018-0952: Privilege Escalation Vulnerability in Windows Standard Collector
https://www.atredis.com/blog/cve-2018-0952-privilege-escalation-vulnerability-in-windows-standard-collector-service
https://www.atredis.com/blog/cve-2018-0952-privilege-escalation-vulnerability-in-windows-standard-collector-service
Red Team 工具集之信息收集
https://mp.weixin.qq.com/s/ItDg3vq0alCt10Q7vae2hw
https://mp.weixin.qq.com/s/ItDg3vq0alCt10Q7vae2hw
RirchFaces反序列化漏洞
http://www.polaris-lab.com/index.php/archives/584/
http://www.polaris-lab.com/index.php/archives/584/
cvs-dde-exploits-and-obfuscation
https://blog.reversinglabs.com/blog/cvs-dde-exploits-and-obfuscation
https://blog.reversinglabs.com/blog/cvs-dde-exploits-and-obfuscation
如何攻击 LTE 4G 网络
https://mp.weixin.qq.com/s/nSO-9WvN_DJCuMJJigvUYQ
https://mp.weixin.qq.com/s/nSO-9WvN_DJCuMJJigvUYQ
VPNFilter III:恶意软件中的瑞士军刀
https://www.anquanke.com/post/id/160861
https://www.anquanke.com/post/id/160861
从暴力枚举用户到获取域所有信息
https://mp.weixin.qq.com/s/ssCeYjorQzLFN6FNsYnRJw
https://mp.weixin.qq.com/s/ssCeYjorQzLFN6FNsYnRJw
一个人的安全部之大话企业数据安全保护
http://www.freebuf.com/articles/database/185288.html
http://www.freebuf.com/articles/database/185288.html
隔壁小孩都要知道的Drupal配置
https://bbs.ichunqiu.com/thread-46127-1-1.html?from=sec
https://bbs.ichunqiu.com/thread-46127-1-1.html?from=sec
Torii botnet - Not another Mirai variant
https://blog.avast.com/new-torii-botnet-threat-research
https://blog.avast.com/new-torii-botnet-threat-research
Java SQL 注入学习笔记
https://b1ngz.github.io/java-sql-injection-note/
https://b1ngz.github.io/java-sql-injection-note/
网络归因溯源之误区刍议(一)
https://mp.weixin.qq.com/s/F-6EbrLSFj5QVsjMb4r5cA
https://mp.weixin.qq.com/s/F-6EbrLSFj5QVsjMb4r5cA
AI与安全的恩怨情仇五部曲「1」Misuse AI
http://www.polaris-lab.com/index.php/archives/585/
http://www.polaris-lab.com/index.php/archives/585/
Pin-in-CTF 学习整理记录
https://mp.weixin.qq.com/s/ch-WYgkpg5iDcppOPzCpRQ
https://mp.weixin.qq.com/s/ch-WYgkpg5iDcppOPzCpRQ
禅道pms-路由及漏洞分析
https://www.anquanke.com/post/id/160473
https://www.anquanke.com/post/id/160473
OSINT tool for visualizing relationships between domains, IPs and email
https://hackernoon.com/osint-tool-for-visualizing-relationships-between-domains-ips-and-email-addresses-94377aa1f20a
https://hackernoon.com/osint-tool-for-visualizing-relationships-between-domains-ips-and-email-addresses-94377aa1f20a
服务器针对文件的解析漏洞汇总
https://mp.weixin.qq.com/s/f0y_AjRtc4NjEqeJe6cPhw
https://mp.weixin.qq.com/s/f0y_AjRtc4NjEqeJe6cPhw
轻松理解什么是 SQL 注入
https://mp.weixin.qq.com/s/H7fs_lKgvZM6s_ywjUk1_w
https://mp.weixin.qq.com/s/H7fs_lKgvZM6s_ywjUk1_w
网络归因溯源之误区刍议(二)
https://mp.weixin.qq.com/s/NncuUaKdhiD2gbUMCTZ9Cg
https://mp.weixin.qq.com/s/NncuUaKdhiD2gbUMCTZ9Cg
apache_struts_CVE-2018-11776-part2
https://lgtm.com/blog/apache_struts_CVE-2018-11776-part2
https://lgtm.com/blog/apache_struts_CVE-2018-11776-part2
APT-RAT(Poison ivy ) 攻击模拟及监测口令提取
https://mp.weixin.qq.com/s/zxz1hSXbrBeRjcw0sK_ajw
https://mp.weixin.qq.com/s/zxz1hSXbrBeRjcw0sK_ajw
Twenty years of Escaping the Java Sandbox
http://phrack.org/papers/escaping_the_java_sandbox.html
http://phrack.org/papers/escaping_the_java_sandbox.html
移动互联网信息传输安全现状分析
https://mp.weixin.qq.com/s/CdeePQh1j9SKtnKEKVqycA
https://mp.weixin.qq.com/s/CdeePQh1j9SKtnKEKVqycA
awesome-honeypots: an awesome list of honeypot resources
https://github.com/paralax/awesome-honeypots
https://github.com/paralax/awesome-honeypots
ourphp 前台注册登入前台某用戶
https://mp.weixin.qq.com/s/NEE_N1ytAn-U5wiVQFx-Vg
https://mp.weixin.qq.com/s/NEE_N1ytAn-U5wiVQFx-Vg
PowerShell 降级攻击的检测与防御
https://mp.weixin.qq.com/s/kCDnnr-LIiGLyk3nMHeNXw
https://mp.weixin.qq.com/s/kCDnnr-LIiGLyk3nMHeNXw
Linux 闯关游戏之通关秘籍
https://mp.weixin.qq.com/s/7N--mAlG2o4ixfpHyUAc_A
https://mp.weixin.qq.com/s/7N--mAlG2o4ixfpHyUAc_A
轻松理解 X-XSS-Protection
https://mp.weixin.qq.com/s/qVM2haPcLdSBE_xLaXI65g
https://mp.weixin.qq.com/s/qVM2haPcLdSBE_xLaXI65g
从CVE-2018-1273学漏洞分析
https://www.secpulse.com/archives/75930.html
https://www.secpulse.com/archives/75930.html
pwnable.kr详细通关秘籍(二)
https://bbs.ichunqiu.com/thread-46250-1-1.html?from=sec
https://bbs.ichunqiu.com/thread-46250-1-1.html?from=sec
Fantastic Malware and Where to Find Them
http://www.megabeets.net/fantastic-malware-and-where-to-find-them/
http://www.megabeets.net/fantastic-malware-and-where-to-find-them/
我如何发现雅虎邮箱APP的存储型XSS漏洞
http://www.freebuf.com/articles/terminal/184041.html
http://www.freebuf.com/articles/terminal/184041.html
Linux 闯关游戏之通关秘籍续
https://mp.weixin.qq.com/s/MnmXvDkaRQVCxFRUYHukmg
https://mp.weixin.qq.com/s/MnmXvDkaRQVCxFRUYHukmg
基于设备指纹的风控建模以及机器学习的尝试
https://www.secpulse.com/archives/75876.html
https://www.secpulse.com/archives/75876.html
APT 攻击链及事件响应策略
https://mp.weixin.qq.com/s/m0B0SECqiTyqbIAlmygX1w
https://mp.weixin.qq.com/s/m0B0SECqiTyqbIAlmygX1w
通过滥用 CSS 解析来窃取本地文件内容
https://xz.aliyun.com/t/2808
https://xz.aliyun.com/t/2808
Android进程保护研究分析报告
http://www.freebuf.com/articles/paper/185466.html
http://www.freebuf.com/articles/paper/185466.html
Mimikatz 攻防杂谈
https://mp.weixin.qq.com/s/BrQo_UnyStgAn-XyUBsamQ
https://mp.weixin.qq.com/s/BrQo_UnyStgAn-XyUBsamQ
PHP 代码审计之死磕 SQL 注入
https://mp.weixin.qq.com/s/I8432k8nl55vfY5NTrfsow
https://mp.weixin.qq.com/s/I8432k8nl55vfY5NTrfsow
恶意软件检测之Deep Learning分类器
http://www.4hou.com/technology/13788.html
http://www.4hou.com/technology/13788.html
Android 进程注入危害与测试
https://mp.weixin.qq.com/s/YSf3RuFzi3JTvBYT22md_g
https://mp.weixin.qq.com/s/YSf3RuFzi3JTvBYT22md_g
macOS 恶意软件分析过程
https://mp.weixin.qq.com/s/OV5M397iYPF8Ij4vMuGyAg
https://mp.weixin.qq.com/s/OV5M397iYPF8Ij4vMuGyAg
记一次小型 APT 恶意攻击
https://mp.weixin.qq.com/s/Yr4jbqIRQi9DjgF-dO5vpg
https://mp.weixin.qq.com/s/Yr4jbqIRQi9DjgF-dO5vpg
Discovering GraphQL endpoints and SQLi vulnerabilities
https://medium.com/@localh0t/discovering-graphql-endpoints-and-sqli-vulnerabilities-5d39f26cea2e
https://medium.com/@localh0t/discovering-graphql-endpoints-and-sqli-vulnerabilities-5d39f26cea2e
打造属于自己的 Wi-Fi “DOS” 攻击工具——Wi-Fi_deauther
https://mp.weixin.qq.com/s/62p41D_-TCFCCFBBjAe4yA
https://mp.weixin.qq.com/s/62p41D_-TCFCCFBBjAe4yA
Red Team 工具集之辅助工具
https://mp.weixin.qq.com/s/u1hYphFv-1c-gN-6uNazFw
https://mp.weixin.qq.com/s/u1hYphFv-1c-gN-6uNazFw
SecWiki周刊(第238期)
https://www.sec-wiki.com/weekly/238
https://www.sec-wiki.com/weekly/238
MetInfo 最新版代码审计漏洞合集
https://mp.weixin.qq.com/s/kmrIJnTdZtaQyQRTvL-6dQ
https://mp.weixin.qq.com/s/kmrIJnTdZtaQyQRTvL-6dQ
php 不用字母,数字和下划线写 shell
https://mp.weixin.qq.com/s/fCxs4hAVpa-sF4tdT_W8-w
https://mp.weixin.qq.com/s/fCxs4hAVpa-sF4tdT_W8-w
我是如何找到 Google Colaboratory 中的一个 xss 漏洞的
https://mp.weixin.qq.com/s/1Y7KrcIc8iwRwXQuhHob8Q
https://mp.weixin.qq.com/s/1Y7KrcIc8iwRwXQuhHob8Q
前端题目怎么就成了一个 sql 注入的题
https://mp.weixin.qq.com/s/m3nqBY7ijj8LNJGKT8eyyQ
https://mp.weixin.qq.com/s/m3nqBY7ijj8LNJGKT8eyyQ
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第239期)
