SecWiki周刊(第254期)
2019/01/07-2019/01/13
安全资讯
ICS/SCADA系统的对比
http://www.4hou.com/system/15634.html
http://www.4hou.com/system/15634.html
携程凌云:举着火把照亮安全前路的男孩
https://mp.weixin.qq.com/s/oyvQ_Mhe0Q33RKUKVXKXyw
https://mp.weixin.qq.com/s/oyvQ_Mhe0Q33RKUKVXKXyw
管中窥豹—从NSA泄露资料看美国网络安全
https://mp.weixin.qq.com/s/ImlfOFJK-ui0h6YV-tURrg
https://mp.weixin.qq.com/s/ImlfOFJK-ui0h6YV-tURrg
Exclusive: How a Russian firm helped catch an alleged NSA data thief
https://www.politico.com/story/2019/01/09/russia-kaspersky-lab-nsa-cybersecurity-1089131
https://www.politico.com/story/2019/01/09/russia-kaspersky-lab-nsa-cybersecurity-1089131
广东省反诈短视频创作大赛正式启动
https://mp.weixin.qq.com/s/Kf0VzANEmBBWQkFu23dQRA
https://mp.weixin.qq.com/s/Kf0VzANEmBBWQkFu23dQRA
Reapers, Cryptos, and More: Our Top 5 Research Pieces From 2018
https://www.recordedfuture.com/top-research-2018/
https://www.recordedfuture.com/top-research-2018/
The January 2019 Security Update Review
https://www.zerodayinitiative.com/blog/2019/1/8/the-january-2019-security-update-review
https://www.zerodayinitiative.com/blog/2019/1/8/the-january-2019-security-update-review
安全技术
NDSS 2019 论文录用列表
https://mp.weixin.qq.com/s/HGNSOQcHedQAbGG3Hl1rwg
https://mp.weixin.qq.com/s/HGNSOQcHedQAbGG3Hl1rwg
Perun: 网络资产漏洞扫描器/扫描框架
https://github.com/WyAtu/Perun
https://github.com/WyAtu/Perun
2018年暗网非法数据交易总结
https://mp.weixin.qq.com/s/hCLPdAt7MRhv40nxNeXTag
https://mp.weixin.qq.com/s/hCLPdAt7MRhv40nxNeXTag
如何远程利用PHP绕过Filter以及WAF规则
https://www.anquanke.com/post/id/168667
https://www.anquanke.com/post/id/168667
tknk_scanner:Community-based integrated malware identification system
https://github.com/nao-sec/tknk_scanner
https://github.com/nao-sec/tknk_scanner
mkcert: valid HTTPS certificates for localhost
https://blog.filippo.io/mkcert-valid-https-certificates-for-localhost/
https://blog.filippo.io/mkcert-valid-https-certificates-for-localhost/
hackthebox 入门攻略
https://xz.aliyun.com/t/3811
https://xz.aliyun.com/t/3811
Scanver: 分布式在线资产漏洞扫描管理系统
https://github.com/ydhcui/Scanver
https://github.com/ydhcui/Scanver
ThinkPHP request函数远程代码执行
http://www.lmxspace.com/2019/01/13/ThinkPHP-request%E5%87%BD%E6%95%B0%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C/
http://www.lmxspace.com/2019/01/13/ThinkPHP-request%E5%87%BD%E6%95%B0%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C/
dont-underestimate-credential-theft-malware
https://www.fireeye.com/blog/executive-perspective/2019/01/dont-underestimate-credential-theft-malware.html
https://www.fireeye.com/blog/executive-perspective/2019/01/dont-underestimate-credential-theft-malware.html
whitepaper-http-security-headers
https://www.netsparker.com/whitepaper-http-security-headers/
https://www.netsparker.com/whitepaper-http-security-headers/
公链安全之比特币任意盗币漏洞浅析(CVE-2010-5141)
https://bcsec.org/index/detail/tag/2/id/443
https://bcsec.org/index/detail/tag/2/id/443
DNS Tunneling & Other Hunts w/ RockNSM (Bro & ELK)
https://blog.perched.io/dns-tunneling-other-hunts-w-rocknsm-bro-elk-52a4486e44d0
https://blog.perched.io/dns-tunneling-other-hunts-w-rocknsm-bro-elk-52a4486e44d0
Exchange在渗透测试中的利用
https://evi1cg.me/archives/Exchange_Hack.html
https://evi1cg.me/archives/Exchange_Hack.html
研究综述 | 事件抽取及推理 (上)
https://mp.weixin.qq.com/s/etMS7OdLz_NUj1YtSGNdTg
https://mp.weixin.qq.com/s/etMS7OdLz_NUj1YtSGNdTg
知识图谱更新技术研究及其应用
https://mp.weixin.qq.com/s/umGYa32iGyeV0dE60rg9Gw
https://mp.weixin.qq.com/s/umGYa32iGyeV0dE60rg9Gw
区块链安全-以太坊智能合约静态分析
http://blogs.360.cn/post/staticAnalysis_of_smartContract.html
http://blogs.360.cn/post/staticAnalysis_of_smartContract.html
LEMNA: 深度学习在网络安全应用中的可解释性
https://mp.weixin.qq.com/s/t0e49MiSGY2lam8y9B-FIg
https://mp.weixin.qq.com/s/t0e49MiSGY2lam8y9B-FIg
利用Cookie劫持+HTML注入进行钓鱼攻击
https://nosec.org/home/detail/2150.html
https://nosec.org/home/detail/2150.html
2018国内网络安全赛事排名
https://mp.weixin.qq.com/s/OAqfstNEu0ns4l3aKJQ9oA
https://mp.weixin.qq.com/s/OAqfstNEu0ns4l3aKJQ9oA
路由器抓包分析之SMB篇
https://www.freebuf.com/news/193340.html
https://www.freebuf.com/news/193340.html
Apache Spark RPC协议中的反序列化漏洞分析
https://mp.weixin.qq.com/s/tIG5PZHkMOh62mcIauxShQ
https://mp.weixin.qq.com/s/tIG5PZHkMOh62mcIauxShQ
从LFI到SMTP日志投毒到远程代码执行
https://xz.aliyun.com/t/3799
https://xz.aliyun.com/t/3799
HCTF 2018 Final
http://momomoxiaoxi.com/ctf/2018/12/31/HCTFfinal/
http://momomoxiaoxi.com/ctf/2018/12/31/HCTFfinal/
基于深度学习的 API 误用缺陷检测
https://mp.weixin.qq.com/s/c3FqWiY6H4xdlZlmylnBkQ
https://mp.weixin.qq.com/s/c3FqWiY6H4xdlZlmylnBkQ
基于知识图谱的问答系统入门—NLPCC2016KBQA数据集
https://mp.weixin.qq.com/s/v4XjU2UGe1ikVj8d70gTSw
https://mp.weixin.qq.com/s/v4XjU2UGe1ikVj8d70gTSw
利用SMTP日志+LFI本地文件包含进行getshell
https://nosec.org/home/detail/2155.html
https://nosec.org/home/detail/2155.html
GDPR实践-隐私成熟度模型PM2(一)
https://www.freebuf.com/articles/es/193658.html
https://www.freebuf.com/articles/es/193658.html
对抗样本对人工智能应用的威胁
https://www.aqniu.com/tools-tech/42523.html
https://www.aqniu.com/tools-tech/42523.html
中小型企业自建安全平台
https://bloodzer0.github.io/ossa/other-security-branch/security-operation/security-platform/
https://bloodzer0.github.io/ossa/other-security-branch/security-operation/security-platform/
如何快速捕捉 0-Day Payload
https://mp.weixin.qq.com/s/pgo83SPu9Cd9qv3achhnrQ
https://mp.weixin.qq.com/s/pgo83SPu9Cd9qv3achhnrQ
qtalk: Startalk 是一款高性能的企业级im套件
https://github.com/qunarcorp/qtalk
https://github.com/qunarcorp/qtalk
dota2官网的存储型XSS
https://nosec.org/home/detail/2149.html
https://nosec.org/home/detail/2149.html
Java反序列化:基于CommonsCollections4的Gadget分析
https://www.freebuf.com/articles/others-articles/193445.html
https://www.freebuf.com/articles/others-articles/193445.html
安全研究者的自我修养(续)
https://mp.weixin.qq.com/s/o7IMaLMuPYuXgr5hatK5Mw
https://mp.weixin.qq.com/s/o7IMaLMuPYuXgr5hatK5Mw
Dolibarr ERP CRM 小于v8.0.2 SQL注入漏洞分析
https://nosec.org/home/detail/2142.html
https://nosec.org/home/detail/2142.html
初探Kaggle之再探微软恶意软件预测挑战赛
https://xz.aliyun.com/t/3780
https://xz.aliyun.com/t/3780
100-Days-Of-ML-Code中文版
https://github.com/MLEveryday/100-Days-Of-ML-Code
https://github.com/MLEveryday/100-Days-Of-ML-Code
研究综述 | 事件抽取及推理 (下)
https://mp.weixin.qq.com/s/xR_JFczYbxY0xuy7BYDc7g
https://mp.weixin.qq.com/s/xR_JFczYbxY0xuy7BYDc7g
基于机器学习的 C 程序内存泄漏智能化检测方法
https://mp.weixin.qq.com/s/ZHd6wWqnHB1rjKL2SCUqWw
https://mp.weixin.qq.com/s/ZHd6wWqnHB1rjKL2SCUqWw
爆破流DDOS团伙ChinaZ的流程记录
https://mp.weixin.qq.com/s/enSFtxUSYqovYuMX0X8nQg
https://mp.weixin.qq.com/s/enSFtxUSYqovYuMX0X8nQg
Digging Up the Past: Windows Registry Forensics Revisited
https://www.fireeye.com/blog/threat-research/2019/01/digging-up-the-past-windows-registry-forensics-revisited.html
https://www.fireeye.com/blog/threat-research/2019/01/digging-up-the-past-windows-registry-forensics-revisited.html
mattnotmax/cyber-chef-recipes: A list of cyber-chef recipes
https://github.com/mattnotmax/cyber-chef-recipes
https://github.com/mattnotmax/cyber-chef-recipes
How I could have taken over any Pinterest account
http://infosecflash.com/2019/01/05/how-i-could-have-taken-over-any-pinterest-account/
http://infosecflash.com/2019/01/05/how-i-could-have-taken-over-any-pinterest-account/
区块链安全—详谈代币合约ERC20
https://xz.aliyun.com/t/3769
https://xz.aliyun.com/t/3769
AI Challenger 2018 机器翻译参赛总结
https://zhuanlan.zhihu.com/p/54060156
https://zhuanlan.zhihu.com/p/54060156
A PoC for data smuggling using Scapy and ideas
https://www.linkedin.com/pulse/smuggler-cove-poc-data-smuggling-using-scapy-ideas-sean
https://www.linkedin.com/pulse/smuggler-cove-poc-data-smuggling-using-scapy-ideas-sean
XSS in steam react chat client
https://hackerone.com/reports/409850
https://hackerone.com/reports/409850
ThinkPHP5 核心类 Request 远程代码漏洞分析
https://mp.weixin.qq.com/s/DGWuSdB2DvJszom0C_dkoQ
https://mp.weixin.qq.com/s/DGWuSdB2DvJszom0C_dkoQ
基于AWS Greengrass的机器学习模型部署实践
http://blog.nsfocus.net/deployment-practice-of-machine-learning-model-based-on-aws-greengrass/
http://blog.nsfocus.net/deployment-practice-of-machine-learning-model-based-on-aws-greengrass/
2018 ML和NLP学术会议统计
https://mp.weixin.qq.com/s/6bVxjkjnKJR3ixsUGY7_4Q
https://mp.weixin.qq.com/s/6bVxjkjnKJR3ixsUGY7_4Q
深度学习在搜索业务中的探索与实践
https://tech.meituan.com/2019/01/10/deep-learning-in-meituan-hotel-search-engine.html
https://tech.meituan.com/2019/01/10/deep-learning-in-meituan-hotel-search-engine.html
德国35C3混沌通信大会—IoT相关议题解读
https://www.anquanke.com/post/id/169260
https://www.anquanke.com/post/id/169260
SecWiki周刊(第253期)
https://www.sec-wiki.com/weekly/253
https://www.sec-wiki.com/weekly/253
科研新手写论文常犯的15个错误
https://mp.weixin.qq.com/s/wtJRA1c17Phnq3CYPT_XHA
https://mp.weixin.qq.com/s/wtJRA1c17Phnq3CYPT_XHA
woj-ciech/LeakLooker: Find open databases with Shodan
https://github.com/woj-ciech/LeakLooker
https://github.com/woj-ciech/LeakLooker
ThinkPHP 5.0再曝远程代码执行漏洞
https://nosec.org/home/detail/2163.html
https://nosec.org/home/detail/2163.html
NDSS 2019 议题抢先 (一)
https://mp.weixin.qq.com/s/0VX4FAPhmCjqs1OYj4lOIw
https://mp.weixin.qq.com/s/0VX4FAPhmCjqs1OYj4lOIw
dxa4481/XSSOauthPersistence: Maintaining account persistence via XSS and Oauth
https://github.com/dxa4481/XSSOauthPersistence
https://github.com/dxa4481/XSSOauthPersistence
国内网站内容篡改现状调查
http://www.4hou.com/info/news/15683.html
http://www.4hou.com/info/news/15683.html
analysis-of-cyberattacks-against-the-national-bank-of-malawi
http://www.antiy.net/p/analysis-of-cyberattacks-against-the-national-bank-of-malawi/
http://www.antiy.net/p/analysis-of-cyberattacks-against-the-national-bank-of-malawi/
区块链攻击利用技术拓展
https://www.anquanke.com/post/id/169248
https://www.anquanke.com/post/id/169248
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第254期)
