SecWiki周刊(第148期)
2016/12/26-2017/01/01
安全资讯
Top 50 vendors having highest number of cve security vulnerabilities in 2016
http://www.cvedetails.com/top-50-vendors.php?year=2016
http://www.cvedetails.com/top-50-vendors.php?year=2016
国外地下市场出售70W+中国apple账号
http://www.mottoin.com/94716.html
http://www.mottoin.com/94716.html
Firefox 52借鉴Tor浏览器引入防指纹跟踪功能
http://www.solidot.org/story?sid=50921
http://www.solidot.org/story?sid=50921
黑客Only_guest 亲身讲述的三个“非主流诈骗”故事
https://mp.weixin.qq.com/s?__biz=MzA4ODUxNjIwMg==&mid=2654323968&idx=1&sn=934d68372f2d3a12960df469d87a9503&chksm=8be99605bc9e1f1346ec144f38a166e2652fbb6a2fa967bb22b90a7fa8d4cae61a4d9c90214f
https://mp.weixin.qq.com/s?__biz=MzA4ODUxNjIwMg==&mid=2654323968&idx=1&sn=934d68372f2d3a12960df469d87a9503&chksm=8be99605bc9e1f1346ec144f38a166e2652fbb6a2fa967bb22b90a7fa8d4cae61a4d9c90214f
挑战中寻找机遇:FreeBuf2017互联网安全创新大会(FIT)次日素描
http://www.freebuf.com/news/topnews/124099.html
http://www.freebuf.com/news/topnews/124099.html
一个应用区块链技术的安全解决方案
http://www.aqniu.com/tools-tech/21936.html
http://www.aqniu.com/tools-tech/21936.html
国务院关于印发 “十三五”国家信息化规划的通知
http://www.gov.cn/zhengce/content/2016-12/27/content_5153411.htm
http://www.gov.cn/zhengce/content/2016-12/27/content_5153411.htm
安全技术
PhpMailer存在远程代码执行漏洞,含分析,测试成功
https://nosec.org/?token=h4oslg7y30
https://nosec.org/?token=h4oslg7y30
安全行业从业人员自研开源扫描器合集
https://github.com/We5ter/Scanners-Box
https://github.com/We5ter/Scanners-Box
QQSpider: QQ空间爬虫(日志、说说、个人信息)
https://github.com/LiuXingMing/QQSpider
https://github.com/LiuXingMing/QQSpider
Live-Streams – 33C3 Streaming 33C3会议直播
http://streaming.media.ccc.de/33c3
http://streaming.media.ccc.de/33c3
Kali下安装Shadowsocks与利用ss和ProxyChains实现任意应用代理
http://www.freebuf.com/sectool/123931.html
http://www.freebuf.com/sectool/123931.html
Web应用防火墙竞品分析
http://mp.weixin.qq.com/s/5ed8Cr_4GFdQZ7bW3u3wBw
http://mp.weixin.qq.com/s/5ed8Cr_4GFdQZ7bW3u3wBw
rootkit制作基础知识,hook技术
https://d0hnuts.com/2016/12/21/basics-of-making-a-rootkit-from-syscall-to-hook/
https://d0hnuts.com/2016/12/21/basics-of-making-a-rootkit-from-syscall-to-hook/
2016年高校网络信息安全学术年会 报告PPT下载
http://sec.edu-info.edu.cn/311
http://sec.edu-info.edu.cn/311
QQ-Groups-Spider: QQ Groups Spider(QQ 群爬虫)
https://github.com/caspartse/QQ-Groups-Spider
https://github.com/caspartse/QQ-Groups-Spider
DAVScan: Fingerprints servers, finds exploits, scans WebDAV
https://github.com/Graph-X/davscan
https://github.com/Graph-X/davscan
未完成的事 - 逆推乌云路人甲真实ID
http://www.thinkings.org//2016/12/25/wooyun-anonymous-reverse.html
http://www.thinkings.org//2016/12/25/wooyun-anonymous-reverse.html
使用Docker构建渗透测试容器(安全相关Docker Image收集)
http://www.mottoin.com/94831.html
http://www.mottoin.com/94831.html
PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln
http://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html
http://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html
DefectDojo:安全程序和漏洞管理工具
http://www.mottoin.com/94864.html
http://www.mottoin.com/94864.html
Fern Wifi Cracker :无线安全审计工具
http://www.mottoin.com/94611.html
http://www.mottoin.com/94611.html
开源软件源代码安全漏洞分析报告 ——区块链专题
http://lab.cert.org.cn/download/2016%E5%B9%B4%E5%BC%80%E6%BA%90%E9%A1%B9%E7%9B%AE%E7%AC%AC%E4%B8%89%E5%AD%A3%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90%E6%8A%A5%E5%91%8A.pdf
http://lab.cert.org.cn/download/2016%E5%B9%B4%E5%BC%80%E6%BA%90%E9%A1%B9%E7%9B%AE%E7%AC%AC%E4%B8%89%E5%AD%A3%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90%E6%8A%A5%E5%91%8A.pdf
DBShield: Database firewall written in Go 数据库透明代理防护系统
https://nim4.github.io/DBShield/
https://nim4.github.io/DBShield/
Mathematica突破支付宝AR红包方法
http://www.kylen314.com/archives/7364
http://www.kylen314.com/archives/7364
Fansmitter利用声波入侵物理隔离系统
http://www.arkteam.net/?p=1450
http://www.arkteam.net/?p=1450
Hacking-ElasticSearch: Elasticsearch使用安全注意事项
https://2016.zeronights.ru/wp-content/uploads/2016/12/Hacking-ElasticSearch.pdf
https://2016.zeronights.ru/wp-content/uploads/2016/12/Hacking-ElasticSearch.pdf
layui: 经典模块化前端框架(后端程序猿前端库)
http://www.layui.com/
http://www.layui.com/
如何用汇编语言制作一个病毒
https://cranklin.wordpress.com/2016/12/26/how-to-create-a-virus-using-the-assembly-language/
https://cranklin.wordpress.com/2016/12/26/how-to-create-a-virus-using-the-assembly-language/
移动平台流量黑产研究——色情播放器类恶意软件产业链
http://blogs.360.cn/blog/porn_player_underground_industry/
http://blogs.360.cn/blog/porn_player_underground_industry/
Why do XSS strings often start with ">?
http://security.stackexchange.com/questions/146590/why-do-xss-strings-often-start-with
http://security.stackexchange.com/questions/146590/why-do-xss-strings-often-start-with
如何在Kali Linux下编译Windows Exploit
http://www.mottoin.com/94732.html
http://www.mottoin.com/94732.html
My Favorite Threat Intel Tweets of 2016 威胁情报名人堂
http://www.cyintanalysis.com/my-favorite-threat-intel-tweets-of-2016/
http://www.cyintanalysis.com/my-favorite-threat-intel-tweets-of-2016/
three Zero-Day Vulnerabilities in web programming language PHP 7
http://blog.checkpoint.com/2016/12/27/check-point-discovers-three-zero-day-vulnerabilities-web-programming-language-php-7/
http://blog.checkpoint.com/2016/12/27/check-point-discovers-three-zero-day-vulnerabilities-web-programming-language-php-7/
Pentesting Windows environments: remote delivery of PowerShell payloads
https://akondrat.blogspot.jp/2016/12/pentesting-windows-environments-remote.html
https://akondrat.blogspot.jp/2016/12/pentesting-windows-environments-remote.html
mitmproxy: release v1.0.0 - 圣诞节版本
https://corte.si/posts/code/mitmproxy/announce_1_0/index.html
https://corte.si/posts/code/mitmproxy/announce_1_0/index.html
各种脚本语言不同版本一句话开启 HTTP 服务器的总结
http://www.mottoin.com/94895.html
http://www.mottoin.com/94895.html
How to bypass csp nonces with dom xss
http://sirdarckcat.blogspot.jp/2016/12/how-to-bypass-csp-nonces-with-dom-xss.html
http://sirdarckcat.blogspot.jp/2016/12/how-to-bypass-csp-nonces-with-dom-xss.html
Hack With XSLT(拓展样式表转换语言)
http://evi1cg.me/archives/Hack_With_XSLT.html
http://evi1cg.me/archives/Hack_With_XSLT.html
(U) Review of the Unauthorized Disclosures of Former National Security Agency Co
https://info.publicintelligence.net/US-HPSCI-SnowdenReport.pdf
https://info.publicintelligence.net/US-HPSCI-SnowdenReport.pdf
IoTNotes: Internet of Things Notes in Chinese(IoT 笔记)
https://github.com/ideaTouch/IoTNotes
https://github.com/ideaTouch/IoTNotes
分享一些支持企业安全工作的免费工具
http://www.freebuf.com/sectool/123851.html
http://www.freebuf.com/sectool/123851.html
Encryption Working Group Year-End Report
https://info.publicintelligence.net/US-HouseEncryptionWorkingGroup-2016.pdf
https://info.publicintelligence.net/US-HouseEncryptionWorkingGroup-2016.pdf
利用JavaScript进行后台文件上传getshell
http://ecma.io/?p=574
http://ecma.io/?p=574
Pastebin dump
http://psbdmp.com/dumps
http://psbdmp.com/dumps
作者在Sebug提交的漏洞详情和POC
https://github.com/ganliuzhuo/Sebug
https://github.com/ganliuzhuo/Sebug
3 Critical Zero-Day Flaws Found in PHP 7 — One Remains Unpatched!
http://thehackernews.com/2016/12/php-7-update.html
http://thehackernews.com/2016/12/php-7-update.html
黑云压城城欲摧 – 2016年iOS公开可利用漏洞总结
http://drops.wiki/index.php/2016/12/27/2016-ios-summary/
http://drops.wiki/index.php/2016/12/27/2016-ios-summary/
DIY USB Killer
http://jerrygamblin.com/2016/12/29/diy-usb-killer/
http://jerrygamblin.com/2016/12/29/diy-usb-killer/
SecWiki周刊(第147期)
https://www.sec-wiki.com/weekly/147
https://www.sec-wiki.com/weekly/147
commix: Automated All-in-One OS command injection and exploitation tool.
https://github.com/commixproject/commix
https://github.com/commixproject/commix
Powershell-Github-Shell:利用Github来做控制端的Powershell版本的Shell
http://www.mottoin.com/94685.html
http://www.mottoin.com/94685.html
PHPMailer < 5.2.18 - Remote Code Execution (Python)
https://www.exploit-db.com/exploits/40974/?rss
https://www.exploit-db.com/exploits/40974/?rss
115 Browser 7.2.5 RCE Vulnerability
http://linux.im/2016/12/26/115Browser-725-rce-vuln.html
http://linux.im/2016/12/26/115Browser-725-rce-vuln.html
-----微信ID:SecWiki-----
SecWiki,13年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第148期)
