SecWiki周刊（第139期)

SecWiki周刊（第139期）

2016/10/24-2016/10/30

安全资讯

[移动安全] DirtyCow 内核漏洞能被用于Root任何Android 设备
http://www.solidot.org/story?sid=50122

[Web安全] 打造一款自动化渗透测试平台 – 天象
http://www.4dogs.cn

[无线安全] 黑客攻破绝顶“安全”的无线键鼠，获取远程代码执行漏洞
http://www.aqniu.com/news-views/20648.html

[新闻] 幻盾：一个不一样的安全产品
http://mp.weixin.qq.com/s?__biz=MzAxNTk5ODcxOQ==&mid=2247485063&idx=1&sn=2362b765028f222f68f429835aff774d&chksm=9bfacd17ac8d44017b228f5be4e6196877f049b6b3fa13efaa2698ff8c7a85a3954b0d5cdb8d&mpshare=1&scene=2&srcid=1026FSXsVoGuOdoEMOca0y1r&from=timeline&isappinstalled=0#rd

[爆库] 黑客公开普京顾问的邮件存档
http://www.solidot.org/story?sid=50166

[会议] GeekPwn 2016 黑客盛会：攻破机器人、智能插座、电子轮椅
http://mp.weixin.qq.com/s?__biz=MzA4ODUxNjIwMg==&mid=2654323680&idx=1&sn=fdc1bedd68c37889164547ba94e1daf2&chksm=8be990e5bc9e19f3815d18780f896b46e3f4dc8655aae430b65b441e8813055f503948b4bc7a

[恶意分析] 威胁情报的几个关键概念
http://yepeng.blog.51cto.com/3101105/1866485

[新闻] 美国网络司令部133支网络部队已拥有初步作战能力
http://mp.weixin.qq.com/s?__biz=MzI4MjA1MzkyNA==&mid=2655294532&idx=1&sn=bc58574e09cb095b58e07f7c1c1c9b3e&chksm=f02fe80fc75861195f6efcc3bb7128dfc1296fd02b5f743461a927dfa9c2a74a08e22fd728c2

[人物] 黑客老王：一个人的黑客史
http://mp.weixin.qq.com/s?__biz=MzA4ODUxNjIwMg==&mid=2654323681&idx=1&sn=c888ec542a219acb5165ff816339894f&chksm=8be990e4bc9e19f2f9575f4aae7fe2138f8195d5a1288d2980f77ba9b72da64dd4fac8d8c625&mpshare=1&scene=2&srcid=10261eD0COpfn2u08z2lnE9P&from=timeline&isappinstalled=0#rd

[恶意分析] 关于网络威胁情报的几个基本概念
http://www.sec-un.org/%e5%85%b3%e4%ba%8e%e7%bd%91%e7%bb%9c%e5%a8%81%e8%83%81%e6%83%85%e6%8a%a5%e7%9a%84%e5%87%a0%e4%b8%aa%e5%9f%ba%e6%9c%ac%e6%a6%82%e5%bf%b5.html

[新闻] Google Has Quietly Dropped Ban on Personally Identifiable Web Tracking
https://www.propublica.org/article/google-has-quietly-dropped-ban-on-personally-identifiable-web-tracking

[新闻] 启明星辰安全网关基于威胁情报的实时防御
http://weibo.com/ttarticle/p/show?id=2309404034945172561212

[设备安全] 京东安全极客工场加油GeekPwn嘉年华京东首席安全专家Tony现身助阵
http://www.mottoin.com/91032.html

安全技术

[Web安全] 关于 mirai 僵尸网络控制主机的数据分析
http://blog.netlab.360.com/a-mirai-botnet-c2-data-analysis/

[Web安全] Hack.lu 2016 - Hadoop safari - Hunting for vulnerabilities
http://archive.hack.lu/2016/Wavestone%20-%20Hack.lu%202016%20-%20Hadoop%20safari%20-%20Hunting%20for%20vulnerabilities%20-%20v1.0.pdf

[其它] U.S. DOT issues Federal guidance to the automotive industry for improving motor
http://www.nhtsa.gov/About-NHTSA/Press-Releases/nhtsa_cybersecurity_best_practices_10242016

[Web安全] Bypass unsafe-inline mode CSP
http://paper.seebug.org/91/

[Web安全] Attacking JavaScript Engines: A case study of JavaScriptCore and CVE-2016-4622
http://www.phrack.org/papers/attacking_javascript_engines.html

[恶意分析] Deep Learning for Classification of Malware System Call Sequences
https://www.sec.in.tum.de/assets/Uploads/deeplearning.pdf

[工具] OWASP OWTF：WEB攻击测试框架
http://www.mottoin.com/91015.html

[漏洞分析] Redis Lua远程代码执行EXP
http://drops.wiki/index.php/2016/10/24/redis-lua/

[Web安全] Ruler：一款利用Exchange服务渗透的安全工具
http://www.freebuf.com/sectool/117516.html

[取证分析] 隐私保护红宝书@酒店篇
http://mp.weixin.qq.com/s?__biz=MzIzMzE2OTQyNA==&mid=2648946321&idx=1&sn=51e90f65a3694c1d3667eb7b36ef65f9&chksm=f09ea1eec7e928f870d2fc22a0f16da199fefe73e79be1c5a246c19024cdda9e33dbce27b51b&mpshare=1&scene=1&srcid=1027x1YpspZgW80kXGbbjRkc#rd

[恶意分析] 分析感染华硕路由器的P2P僵尸网络程序TheMoon
http://www.freebuf.com/articles/terminal/117437.html

[文档] QConShanghai2016: QCon上海2016幻灯片
https://github.com/QConChina/QConShanghai2016

[设备安全] 工业互联网的安全研究与实践
http://www.i170.com/Attach/3AEAD43D-7295-45B6-808E-0ACCD26366C0

[恶意分析] 关于 dyn / twitter 受攻击情况的说明和 mirai 僵尸网络的回顾
http://blog.netlab.360.com/a-dyn-twitter-ddos-event-report-and-mirai-botnet-review/

[比赛] 第4讲：高校安全管理运维挑战赛(实践赛)CTF入门
http://mp.weixin.qq.com/s?__biz=MzI0NDM5MzY3NA==&mid=2247484791&idx=1&sn=464f7275aabcfc9dbdcae37f6c52bb82&chksm=e95f36d2de28bfc4bb562467cb31da879bcc5c75a110169847788d593891a025b099928ab2a3&mpshare=1&scene=1&srcid=1024aS8fQv7QS3mZnmp3H7dZ#rd

[恶意分析] Mirai DDoS Botnet: Source Code & Binary Analysis
http://www.simonroses.com/2016/10/mirai-ddos-botnet-source-code-binary-analysis/

[Web安全] XSS dynamic detection using PhantomJs
http://www.n0tr00t.com/2016/10/29/XSS_dynamic_detection_using_PhantomJs.html

[Web安全] Win10在docker中运行GourdScanV2
http://xiaix.me/win10zai-dockerzhong-yun-xing-gourdscanv2/

[漏洞分析] Exploiting AMI Aptio firmware on example of Intel NUC
http://blog.cr4.sh/2016/10/exploiting-ami-aptio-firmware.html

[工具] CodeWarrior：代码审计静态分析工具
http://www.mottoin.com/91088.html

[运维安全] Personal security checklist for securing your devices and accounts
https://github.com/alulsh/personal-security-checklist

[恶意分析] 安天透过北美DDoS事件解读IoT设备安全
http://mp.weixin.qq.com/s?__biz=MjM5MTA3Nzk4MQ==&mid=2650170047&idx=1&sn=7bae4b539ad9bd682f19a73c167418ed&chksm=beb9c18d89ce489be2fba894009f34952574586ca98577399bd9ff3d794e8d5c7df940b3756b&scene=0#rd

[移动安全] Android逆向随笔之遇见MultiDex
http://drops.wiki/index.php/2016/10/26/android-multidex/

[恶意分析] Mirai过后，约1100万路由器和摄像头仍暴露在公网
http://mp.weixin.qq.com/s?__biz=MzIwMDk0MjcwNA==&mid=2247483854&idx=1&sn=a917e227e0321fefb2c30fcc40e04f62&chksm=96f434d1a183bdc7cfb31e07b09dd5462d45048b01e70f1757f6594f2b2105a60a577766423d

[数据挖掘] Net-Creds：快速嗅探数据包及接口中的敏感信息
http://www.mottoin.com/91154.html

[漏洞分析] 关于 fuzzing 的一些思考
https://github.com/tinysec/public/blob/master/article/about_fuzz/about_fuzz_cn.md

[恶意分析] Moonlight – Targeted attacks in the Middle East
http://blog.vectranetworks.com/blog/moonlight-middle-east-targeted-attacks

[取证分析] Solving GrrCon 2016 Memory Challenge
https://techanarchy.net/2016/10/solving-grrcon-2016-dfir-challenge/

[其它] 增长黑客：如何用数据来驱动产品增长
http://yedingding.com/2016/10/19/out-product-death-cycle.html

[恶意分析] Inside the Gootkit C&C server
https://securelist.com/blog/research/76433/inside-the-gootkit-cc-server/

[数据挖掘] 40年认知架构研究概览：实现通用人工智能的道路上我们走了多远
http://mp.weixin.qq.com/s?__biz=MzA3MzI4MjgzMw==&mid=2650720132&idx=1&sn=d630d47c4ab60d35752aba74a9d53361&chksm=871b03fab06c8aec767776a6a4a407c3897dcad26392b24a22536261565e9dc6b5ce52df0816&mpshare=1&scene=2&srcid=10289l9xAfQIrWt5R10Y0S0x&from=timeline&isappinstalled=0#rd

[漏洞分析] Joomla未授权创建特权用户漏洞（CVE-2016-8869）分析
http://paper.seebug.org/88/

[移动安全] 安卓手机的后门控制工具SPADE
http://www.freebuf.com/articles/terminal/117347.html

[恶意分析] DATA REVELATIONS: Nominum Data Science Security Report
http://www.nominum.com/wp-content/uploads/2016/10/nominum-security-report.pdf

[数据挖掘] 【开源】微软发布认知工具包：让机器学习更快、更大、更强
https://mp.weixin.qq.com/s?__biz=MzAwMTA3MzM4Nw==&mid=2649439195&idx=1&sn=09afaeac1861e4175d9854796f96f19e&chksm=82c0d25fb5b75b49c6aa6700729421715a3da5236c7af711de9c747f4b30aeb2c90193c1e241&scene=0&key=&ascene=7&uin=&devicetype=android-19&version=26031b31&nettype=WIFI

[Web安全] Google SpreadSheet的CSRF漏洞和JSON劫持漏洞导致数据窃取
http://www.mottoin.com/91113.html

[Web安全] 模拟众测漏洞 write-up
http://d0n9.me/2016/10/23/%E6%A8%A1%E6%8B%9F%E4%BC%97%E6%B5%8B%E6%BC%8F%E6%B4%9E-write-up/

[运维安全] 深度剖析开源分布式监控CAT
http://tech.meituan.com/CAT_in_Depth_Java_Application_Monitoring.html

[Web安全] Nishang：PowerShell渗透测试工具
http://www.mottoin.com/91098.html

[数据挖掘] TuShare -免费、开源的Python财经数据接口包
http://tushare.org/index.html

[运维安全] Zmap论文简读
http://phantom0301.cc/2016/10/27/Zmapread/

[Web安全] 使用DNS 预读取绕过Content Security Policy（CSP）
http://www.mottoin.com/91044.html

[书籍] selenium webdriver 从入门到提高
https://www.gitbook.com/book/easonhan007/selenium-webdriver/details

[移动安全] Android ChatSecure 即时通信应用的取证分析
https://arxiv.org/pdf/1610.06721v1.pdf

[文档] 路由器相关BlackHat议题
https://www.evernote.com/shard/s625/sh/f9e17f58-9902-4e3e-ae48-69f213b4d47a/12f7b4e4cb691536

[恶意分析] IOT后门程序Marai样本技术分析
http://blog.topsec.com.cn/ad_lab/iot%e5%90%8e%e9%97%a8%e7%a8%8b%e5%ba%8fmarai%e6%a0%b7%e6%9c%ac%e6%8a%80%e6%9c%af%e5%88%86%e6%9e%90/

[取证分析] Breaking Down the Surkov Leaks
https://medium.com/dfrlab/breaking-down-the-surkov-leaks-b2feec1423cb#.k6ip7u3ib

[杂志] SecWiki周刊（第138期)
https://www.sec-wiki.com/weekly/138

[其它] 2016 Google Summer of Code Projects
https://summerofcode.withgoogle.com/projects/?sp-page=2#!

[Web安全] 【漏洞预警】Joomla未授权创建账号/权限提升漏洞
http://www.mottoin.com/91059.html

[数据挖掘] 年薪12万加税谣言——一次网络“蝴蝶效应”
http://weibo.com/ttarticle/p/show?id=2309404034796719336517

[工具] mimikatz新版发布：支持Windows 10 AU & Server 2016
http://www.mottoin.com/90997.html

[取证分析] Detect TCP content injection attacks with findject
http://www.netresec.com/?page=Blog&month=2016-10&post=Detect-TCP-content-injection-attacks-with-findject

[Web安全] 浏览器插件的攻击向量
http://www.freebuf.com/articles/web/117112.html

[工具] lonely-shell：使用Go实现的反向Shell
http://www.mottoin.com/90883.html

[设备安全] Full(er) House: Exposing high-end poker cheating devices
https://www.elie.net/blog/security/fuller-house-exposing-high-end-poker-cheating-devices

[设备安全] 简单贴下对工业安全的看法（2）
http://mp.weixin.qq.com/s?__biz=MzI1MzUwNTM2MA==&mid=2247483667&idx=1&sn=b6c505640a5e83137bd0cd54ea16d945&chksm=e9d23b2cdea5b23a2458b0222f53ff19ecc1ef25b2805ab058eea7fa024e8794539cb6748169&mpshare=1&scene=1&srcid=1028N3q9kJYOwRSKc4VhjRrf#rd

[移动安全] backdoor-apk: adding a backdoor to any Android APK file
https://github.com/dana-at-cp/backdoor-apk

[数据挖掘] 分类之性能评估指标
https://www.52ml.net/20440.html

[设备安全] 简单贴下对工业安全的看法
http://mp.weixin.qq.com/s?__biz=MzI1MzUwNTM2MA==&mid=2247483660&idx=1&sn=47b4d4be661b6c9f326b7dce5d52aaef&chksm=e9d23b33dea5b225c1353e9c59f35773cef59ed87492de9fd8aaef3f43caa085f064f617b959&mpshare=1&scene=1&srcid=1027lpyYqo93ftwwr3EIXTA5#rd

[移动安全] Drammer漏洞源码分析
http://seclab.dbappsecurity.com.cn/?p=1491

-----微信ID：SecWiki-----
SecWiki，13年来一直专注安全技术资讯分析！
SecWiki：https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第139期)

SecWiki周刊（第139期）

最新公告

友情链接

SecWiki公众号

安全学术圈