SecWiki周刊(第246期)
2018/11/12-2018/11/18
安全资讯
[人物]  腾讯安全守门人 Coolc:黑客站在旷野,他们有时孤独
https://mp.weixin.qq.com/s/bTdL34ugYJ67vIkVBmGexg
[新闻]  美国公布长达35页的《2016—2045年新兴科技趋势报告》
https://mp.weixin.qq.com/s/okd_GK0-DzCDsuVB-yxoYQ
[法规]  一图看懂等保2.0标准
https://mp.weixin.qq.com/s/9V-eFVI0kHeUj27_2SYfhg
[新闻]  曝光美国全球网络情报链条
https://mp.weixin.qq.com/s/VZxa6VtII3eSLYLG9T5f1Q
[新闻]  全球网络安全25强
https://mp.weixin.qq.com/s/CXIrKq94alSPKt5zbbqsxw
安全技术
[Web安全]  2018最新PHP漏洞利用技巧
http://zeroyu.xyz/2018/11/13/New-PHP-exploit-techniques/
[运维安全]  勒索软件种类在线检测及对应解密软件下载
https://www.nomoreransom.org/crypto-sheriff.php?lang=zh
[漏洞分析]  IOT漏洞挖掘之路由器
https://mp.weixin.qq.com/s/ZSLYdpN4oG1ZSTvSdnVK2g
[漏洞分析]  CTF pwn 中最通俗易懂的堆入坑指南
https://www.anquanke.com/post/id/163971
[取证分析]  威胁猎杀实战(三)-基于Wazuh, Snort/Suricata和Elastic Stack的SOC
https://blog.tianyulab.com/post/ty-practical-guide-to-threat-hunting-03/
[设备安全]  智能门锁网络安全分析报告
https://mp.weixin.qq.com/s/ErK_HlBnohMy4lrIdvhxqA
[Web安全]  手把手教你如何用MSF进行后渗透测试
https://www.anquanke.com/post/id/164525
[漏洞分析]  深入理解Double Free:CVE-2015-2419 Exploit分析
https://www.freebuf.com/vuls/188558.html
[Web安全]  Serialization flaw in wp-gdpr-compliance
https://medium.com/alertot/serialization-flaw-in-wp-gdpr-compliance-8cfc8feb4ec3
[数据挖掘]  美团容器平台架构及容器技术实践
https://tech.meituan.com/docker_architecture_and_evolution_practice.html
[运维安全]   中间人攻击框架xerosploit介绍
https://mp.weixin.qq.com/s/GdzoLZ78Gy3iTEwxsSTh3Q
[Web安全]  Adobe ColdFusion最新文件上传漏洞实际利用在公网被发现(CVE-2018-15961)
https://nosec.org/home/detail/1953.html
[比赛]  HCTF 2018 Web Write-up
http://momomoxiaoxi.com/ctf/2018/11/12/HCTF2018/
[取证分析]  威胁猎杀实战(二): NIDS和HIDS关联
https://blog.tianyulab.com/post/ty-practical-guide-to-threat-hunting-02/
[工具]  Sandbox escape using WinHTTP Web Proxy Auto-Discovery Service
https://github.com/hacksysteam/WpadEscape
[工具]  Feed the tool a .nessus file and it will automatically get you MSF shell
https://github.com/DanMcInerney/msf-autoshell
[恶意分析]  容器安全的全球威胁分析
http://blog.nsfocus.net/global-threat-analysis-container-safety/
[数据挖掘]  企业安全建设之探索安全数据分析平台
https://xz.aliyun.com/t/3294
[漏洞分析]  Privilege Escalation in gVisor, Google's Container Sandbox
https://justi.cz/security/2018/11/14/gvisor-lpe.html
[工具]  CaptfEncoder:一款跨平台网络安全工具套件
https://www.freebuf.com/sectool/188397.html
[其它]  Machine Learning for Red Teams, Part 1
https://silentbreaksecurity.com/machine-learning-for-red-teams-part-1/
[Web安全]  使用基于浏览器的端口扫描来探测内网情况
https://nosec.org/home/detail/1954.html
[Web安全]  phpinfo可以告诉我们什么
http://zeroyu.xyz/2018/11/13/what-phpinfo-can-tell-we/
[漏洞分析]  以太坊智能合约审计 CheckList
https://paper.seebug.org/741/
[漏洞分析]  Google MyAccount价值7500美金的点击劫持漏洞
https://nosec.org/home/detail/1960.html
[Web安全]  Adobe ColdFusion远程命令执行漏洞预警(CVE-2018-15961)
https://nosec.org/home/detail/1958.html
[恶意分析]  4 种常见“无文件”攻击技术解析
https://mp.weixin.qq.com/s/eHsa0DgeogZN-tO5r3FeLg
[取证分析]  Privacy Online Test And Resource Compendium (POTARC)
https://github.com/CHEF-KOCH/Online-Privacy-Test-Resource-List
[漏洞分析]  JBoss RichFaces EL Injection RCE Analysis(CVE-2018-14667)
https://mp.weixin.qq.com/s/aB9eKXy5OUaivhAPRnzM0w
[Web安全]  phpmyadmin getshell姿势
https://xz.aliyun.com/t/3283
[漏洞分析]  “以太坊智能合约编码隐患”影响分析报告
https://lorexxar.cn/2018/11/08/haotian-s-5/
[漏洞分析]  PHP 运行时漏洞检测
http://blog.fatezero.org/2018/11/11/prvd/
[取证分析]  从一个iCloud钓鱼网站挖掘幕后人信息
https://zhuanlan.zhihu.com/p/49422034
[比赛]  HCTF2018 部分 web 题目 Writeup
https://paper.seebug.org/744/
[恶意分析]  疑似Group 123 APT团伙利用HWP软件未公开漏洞的定向攻击分析
https://www.freebuf.com/vuls/188846.html
[恶意分析]  被遗漏的0day ? —APT-C-06组织另一网络武器库分析揭秘
https://paper.seebug.org/743/
[Web安全]  我是如何发现影响约20个Uber子域的XSS漏洞的
https://nosec.org/home/detail/1964.html
[设备安全]  无人商店0元购技术分析
https://future-sec.com/free-shopping-in-unmanned-stores.html
[恶意分析]  恶意挖矿攻击的现状、检测及处置
https://www.anquanke.com/post/id/164447
[杂志]  SecWiki周刊(第245期)
https://www.sec-wiki.com/weekly/245
[观点]  关键信息基础设施重要信息资产漏洞治理的实践和思考
https://mp.weixin.qq.com/s/eQyc2jye-mrKBLhba_JP3g
[工具]  Bettercap Using in Penetration Tests
https://www.prismacsi.com/en/bettercap-using-in-penetration-tests/
[论文]  机器翻译学术论文写作方法和技巧
https://mp.weixin.qq.com/s/Th1ESj8WLZVFLzholoAC1g
[取证分析]  美国态势感知体系能力分析
https://mp.weixin.qq.com/s/G9WqDK1V1nHl3MGFQmm8Tw
[恶意分析]  一则邮件攻击样本分析分享
https://www.freebuf.com/articles/network/188527.html
[工具]  BabySploit Beginner Pentesting Framework Written in Python
https://github.com/M4cs/BabySploit
[恶意分析]  FCL (Fileless Command Lines) - Known command lines of fileless malicious executi
https://github.com/chenerlich/FCL
[设备安全]  西门子通信协议S7COMM(Part 2)
https://www.freebuf.com/articles/ics-articles/188606.html
[数据挖掘]  中文信息处理前沿技术进展
https://mp.weixin.qq.com/s/LA-EcQ8DvYYJJqOQKkSC9Q
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第246期)