SecWiki周刊(第241期)
2018/10/08-2018/10/14
安全资讯
[新闻]  焦点访谈20181007 信息安全:防内鬼 防黑客
http://tv.cctv.com/2018/10/07/VIDEHBYLGmnR5LoYZawu3dZc181007.shtml
[新闻]  华夏银行技术处长编写病毒植入系统,盗窃700余万受审
https://nosec.org/home/detail/1886.html
安全技术
[比赛]  2018护网杯线上赛 Writeup by Whitzard
https://xz.aliyun.com/t/2893
[数据挖掘]  Logan:美团点评的开源移动端基础日志库
https://tech.meituan.com/logan_open_source.html
[数据挖掘]  基于DREAD模型的漏洞等级计算
https://mp.weixin.qq.com/s/-gHMhj1Qdl1N5rCne61m4Q
[比赛]  2018护网杯线上赛 Writeup by 天枢
https://xz.aliyun.com/t/2897
[Web安全]  利用FOFA做些有趣的事
https://nosec.org/home/detail/1858.html
[Web安全]  短网址安全浅谈
https://mp.weixin.qq.com/s/4hGUZWXN6qzjMcbtZsYCSA
[数据挖掘]  吾爱破解论坛-爱盘源码
https://github.com/ganlvtech/down_52pojie_cn
[比赛]  2018护网杯-web部分题解
https://www.anquanke.com/post/id/161849
[Web安全]  打开JBoss的潘多拉魔盒——JBoss高危漏洞分析
https://mp.weixin.qq.com/s/Kjw_abH6a-ifXdQmbc5Pug
[取证分析]  Behinder: “冰蝎”动态二进制加密网站管理客户端
https://github.com/rebeyond/Behinder/releases
[Web安全]  看我是如何利用升级系统一键GetShell
https://bbs.ichunqiu.com/thread-46603-1-1.html?from=sec
[运维安全]  运维安全之应用发布安全隐患
https://mp.weixin.qq.com/s/SykbwlIuNJUHf2Ch_PE3ow
[Web安全]  渗透基础——端口转发与代理
http://www.4hou.com/technology/13970.html
[恶意分析]  DNS后门及其检测
http://www.freebuf.com/articles/network/185324.html
[漏洞分析]  Fuzzing技术总结与工具列表
https://blog.csdn.net/wcventure/article/details/82085251
[Web安全]  堆入门的必备基础知识
https://bbs.ichunqiu.com/thread-46714-1-1.html?from=sec
[其它]   TheDAO悲剧重演,SpankChain重入漏洞分析
https://nosec.org/home/detail/1884.html
[设备安全]  全球超过30万路由器变矿机,现每日递增1万
https://nosec.org/home/detail/1841.html
[运维安全]  红队技术从零到一 part 2
http://www.4hou.com/technology/13476.html
[比赛]  2018 XJNU CTF Web Writeup
https://imlonghao.com/54.html
[Web安全]  PHP代码审计中的一些Tips
http://zeroyu.xyz/2018/10/13/php-audit-tips/
[漏洞分析]  QiboCMS从SQL注入到getshell
https://xz.aliyun.com/t/2879
[漏洞分析]  利用NodeJS SSRF漏洞获取AWS完全控制权限
https://xz.aliyun.com/t/2871
[恶意分析]  APT组织ZooPark V3版移动样本分析
http://www.freebuf.com/articles/terminal/185500.html
[Web安全]  Top 10 Web Hacking Techniques of 2017
https://portswigger.net/blog/top-10-web-hacking-techniques-of-2017
[Web安全]  A timing attack with CSS selectors and Javascript
https://blog.sheddow.xyz/css-timing-attack/
[恶意分析]  Security researchers find solid evidence linking Industroyer to NotPetya
https://www.zdnet.com/article/security-researchers-find-solid-evidence-linking-industroyer-to-notpetya/
[Web安全]  EmpireCMS_V7.5的一次审计
https://bbs.ichunqiu.com/thread-46685-1-1.html?from=sec
[恶意分析]  A Malware Campaign Targeting the Tibetan Diaspora Resurfaces
https://citizenlab.ca/2018/08/familiar-feeling-a-malware-campaign-targeting-the-tibetan-diaspora-resurfaces/
[恶意分析]  银行模块化恶意木马
https://nosec.org/home/detail/1859.html
[漏洞分析]  AWS takeover through SSRF in JavaScript
http://10degres.net/aws-takeover-ssrf-javascript/
[文档]  区块链安全风险白皮书第二版
https://www.knownsec.com/media/upload/the_whitepaper_of_blockchain_security_risks_by_Knownsec_V2.0.pdf
[论文]  Analysis and Detection of Spying Browser Extensions
https://mp.weixin.qq.com/s/D1si0cYJ8kIh4nACBY_4bQ
[其它]  币早知道夺宝题--以太坊题解题方法
https://www.cnblogs.com/xiaoxiaoleo/p/9729142.html
[Web安全]  Glibc堆块的向前向后合并与unlink原理机制探究
https://bbs.ichunqiu.com/thread-46614-1-1.html?from=sec
[其它]  互联网企业为什么必须关注应用安全能力建设
http://www.polaris-lab.com/index.php/archives/599/
[其它]  使用ESP8266信标垃圾邮件发送者来跟踪智能手机用户
https://nosec.org/home/detail/1878.html
[数据挖掘]  开源软件源代码安全缺陷分析报告 —人工智能类开源软件专题
https://www.anquanke.com/post/id/161526
[设备安全]  基于goahead 的固件程序分析
https://xz.aliyun.com/t/2835
[运维安全]  红队技术从零到一 part 1
http://www.4hou.com/technology/13350.html
[恶意分析]  知己知彼之新型勒索Viro Botnet Ransomware的功能分析
http://www.freebuf.com/articles/terminal/185735.html
[取证分析]  浅析区块链隐私保护技术之门罗币
http://www.freebuf.com/articles/blockchain-articles/185999.html
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第241期)