SecWiki周刊(第254期)
2019/01/07-2019/01/13
安全资讯
[观点]  黑客是场电子梦
https://mp.weixin.qq.com/s/Hraig48huSQ93ZMf448Htw
[新闻]  广东省反诈短视频创作大赛正式启动
https://mp.weixin.qq.com/s/Kf0VzANEmBBWQkFu23dQRA
[新闻]  Exclusive: How a Russian firm helped catch an alleged NSA data thief
https://www.politico.com/story/2019/01/09/russia-kaspersky-lab-nsa-cybersecurity-1089131
[观点]  管中窥豹—从NSA泄露资料看美国网络安全
https://mp.weixin.qq.com/s/ImlfOFJK-ui0h6YV-tURrg
[人物]  携程凌云:举着火把照亮安全前路的男孩
https://mp.weixin.qq.com/s/oyvQ_Mhe0Q33RKUKVXKXyw
[新闻]  区块链信息服务管理规定
http://www.cac.gov.cn/2019-01/10/c_1123971164.htm
[新闻]  Reapers, Cryptos, and More: Our Top 5 Research Pieces From 2018
https://www.recordedfuture.com/top-research-2018/
[其它]  ICS/SCADA系统的对比
http://www.4hou.com/system/15634.html
安全技术
[会议]  NDSS 2019 论文录用列表
https://mp.weixin.qq.com/s/HGNSOQcHedQAbGG3Hl1rwg
[漏洞分析]  Scanver: 分布式在线资产漏洞扫描管理系统
https://github.com/ydhcui/Scanver
[数据挖掘]  2018年暗网非法数据交易总结
https://mp.weixin.qq.com/s/hCLPdAt7MRhv40nxNeXTag
[Web安全]  Perun: 网络资产漏洞扫描器/扫描框架
https://github.com/WyAtu/Perun
[数据挖掘]  知识图谱更新技术研究及其应用
https://mp.weixin.qq.com/s/umGYa32iGyeV0dE60rg9Gw
[Web安全]  Exchange在渗透测试中的利用
https://evi1cg.me/archives/Exchange_Hack.html
[Web安全]  安全研究者的自我修养
https://mp.weixin.qq.com/s/WrSZpqgq6gvZwEIqghqggg
[比赛]  hackthebox 入门攻略
https://xz.aliyun.com/t/3811
[其它]  区块链安全-以太坊智能合约静态分析
http://blogs.360.cn/post/staticAnalysis_of_smartContract.html
[Web安全]  Apache Spark RPC协议中的反序列化漏洞分析
https://mp.weixin.qq.com/s/tIG5PZHkMOh62mcIauxShQ
[Web安全]  dota2官网的存储型XSS
https://nosec.org/home/detail/2149.html
[取证分析]  斯诺登泄露文档简报(1)
https://mp.weixin.qq.com/s/BB9abB5j3IuAH8Rj4lPyvQ
[Web安全]  利用Cookie劫持+HTML注入进行钓鱼攻击
https://nosec.org/home/detail/2150.html
[数据挖掘]  LEMNA: 深度学习在网络安全应用中的可解释性
https://mp.weixin.qq.com/s/t0e49MiSGY2lam8y9B-FIg
[比赛]  2018国内网络安全赛事排名
https://mp.weixin.qq.com/s/OAqfstNEu0ns4l3aKJQ9oA
[漏洞分析]  ThinkPHP5 核心类 Request 远程代码漏洞分析
https://mp.weixin.qq.com/s/DGWuSdB2DvJszom0C_dkoQ
[观点]  安全研究者的自我修养(续)
https://mp.weixin.qq.com/s/o7IMaLMuPYuXgr5hatK5Mw
[漏洞分析]  基于深度学习的 API 误用缺陷检测
https://mp.weixin.qq.com/s/c3FqWiY6H4xdlZlmylnBkQ
[Web安全]  XSS in steam react chat client
https://hackerone.com/reports/409850
[Web安全]  如何远程利用PHP绕过Filter以及WAF规则
https://www.anquanke.com/post/id/168667
[漏洞分析]  尝试进行RPC漏洞挖掘
https://mp.weixin.qq.com/s/RLNyzImYsgRWkGlp0AXcVg
[漏洞分析]  基于机器学习的 C 程序内存泄漏智能化检测方法
https://mp.weixin.qq.com/s/ZHd6wWqnHB1rjKL2SCUqWw
[恶意分析]  爆破流DDOS团伙ChinaZ的流程记录
https://mp.weixin.qq.com/s/enSFtxUSYqovYuMX0X8nQg
[取证分析]  跨国定位手机の奥义
https://mp.weixin.qq.com/s/K-zFVBaSw6yThuoLdUTjdg
[数据挖掘]  qtalk: Startalk 是一款高性能的企业级im套件
https://github.com/qunarcorp/qtalk
[数据挖掘]  100-Days-Of-ML-Code中文版
https://github.com/MLEveryday/100-Days-Of-ML-Code
[运维安全]  安全建设之平台搭建
https://www.freebuf.com/articles/es/193143.html
[数据挖掘]  基于知识图谱的问答系统入门—NLPCC2016KBQA数据集
https://mp.weixin.qq.com/s/v4XjU2UGe1ikVj8d70gTSw
[Web安全]  从LFI到SMTP日志投毒到远程代码执行
https://xz.aliyun.com/t/3799
[Web安全]  ThinkPHP 5.0再曝远程代码执行漏洞
https://nosec.org/home/detail/2163.html
[漏洞分析]  如何黑掉一台ATM
https://nosec.org/home/detail/2161.html
[恶意分析]  国内网站内容篡改现状调查
http://www.4hou.com/info/news/15683.html
[论文]  研究综述 | 事件抽取及推理 (上)
https://mp.weixin.qq.com/s/etMS7OdLz_NUj1YtSGNdTg
[漏洞分析]  如何快速捕捉 0-Day Payload
https://mp.weixin.qq.com/s/pgo83SPu9Cd9qv3achhnrQ
[漏洞分析]  公链安全之比特币任意盗币漏洞浅析(CVE-2010-5141)
https://bcsec.org/index/detail/tag/2/id/443
[Web安全]  利用SMTP日志+LFI本地文件包含进行getshell
https://nosec.org/home/detail/2155.html
[取证分析]  路由器抓包分析之SMB篇
https://www.freebuf.com/news/193340.html
[设备安全]  德国35C3混沌通信大会—IoT相关议题解读
https://www.anquanke.com/post/id/169260
[数据挖掘]  深度学习在搜索业务中的探索与实践
https://tech.meituan.com/2019/01/10/deep-learning-in-meituan-hotel-search-engine.html
[论文]  研究综述 | 事件抽取及推理 (下)
https://mp.weixin.qq.com/s/xR_JFczYbxY0xuy7BYDc7g
[数据挖掘]  初探Kaggle之再探微软恶意软件预测挑战赛
https://xz.aliyun.com/t/3780
[杂志]  SecWiki周刊(第253期)
https://www.sec-wiki.com/weekly/253
[其它]  mattnotmax/cyber-chef-recipes: A list of cyber-chef recipes
https://github.com/mattnotmax/cyber-chef-recipes
[漏洞分析]  区块链安全—详谈代币合约ERC20
https://xz.aliyun.com/t/3769
[取证分析]  GDPR实践-隐私成熟度模型PM2(一)
https://www.freebuf.com/articles/es/193658.html
[Web安全]  dxa4481/XSSOauthPersistence: Maintaining account persistence via XSS and Oauth
https://github.com/dxa4481/XSSOauthPersistence
[Web安全]  How I could have taken over any Pinterest account
http://infosecflash.com/2019/01/05/how-i-could-have-taken-over-any-pinterest-account/
[Web安全]  Dolibarr ERP CRM 小于v8.0.2 SQL注入漏洞分析
https://nosec.org/home/detail/2142.html
[漏洞分析]  区块链攻击利用技术拓展
https://www.anquanke.com/post/id/169248
[漏洞分析]  Java反序列化:基于CommonsCollections4的Gadget分析
https://www.freebuf.com/articles/others-articles/193445.html
[恶意分析]  analysis-of-cyberattacks-against-the-national-bank-of-malawi
http://www.antiy.net/p/analysis-of-cyberattacks-against-the-national-bank-of-malawi/
[论文]  NDSS 2019 议题抢先 (一)
https://mp.weixin.qq.com/s/0VX4FAPhmCjqs1OYj4lOIw
[论文]  2018 ML和NLP学术会议统计
https://mp.weixin.qq.com/s/6bVxjkjnKJR3ixsUGY7_4Q
[论文]  科研新手写论文常犯的15个错误
https://mp.weixin.qq.com/s/wtJRA1c17Phnq3CYPT_XHA
[比赛]  AI Challenger 2018 机器翻译参赛总结
https://zhuanlan.zhihu.com/p/54060156
[数据挖掘]  基于AWS Greengrass的机器学习模型部署实践
http://blog.nsfocus.net/deployment-practice-of-machine-learning-model-based-on-aws-greengrass/
[取证分析]  对抗样本对人工智能应用的威胁
https://www.aqniu.com/tools-tech/42523.html
[工具]  woj-ciech/LeakLooker: Find open databases with Shodan
https://github.com/woj-ciech/LeakLooker
[工具]  A PoC for data smuggling using Scapy and ideas
https://www.linkedin.com/pulse/smuggler-cove-poc-data-smuggling-using-scapy-ideas-sean
[其它]  whitepaper-http-security-headers
https://www.netsparker.com/whitepaper-http-security-headers/
[恶意分析]  tknk_scanner:Community-based integrated malware identification system
https://github.com/nao-sec/tknk_scanner
[其它]  mkcert: valid HTTPS certificates for localhost
https://blog.filippo.io/mkcert-valid-https-certificates-for-localhost/
[恶意分析]  DNS Tunneling & Other Hunts w/ RockNSM (Bro & ELK)
https://blog.perched.io/dns-tunneling-other-hunts-w-rocknsm-bro-elk-52a4486e44d0
-----微信ID:SecWiki-----
SecWiki,5年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第254期)