SecWiki周刊(第156期)
2017/02/20-2017/02/26
安全资讯
360《2016中国网络安全报告》内容解读
http://www.mottoin.com/96419.html
http://www.mottoin.com/96419.html
密码学大事件!研究人员公布第一例SHA-1哈希碰撞实例
https://zhuanlan.zhihu.com/p/25401383
https://zhuanlan.zhihu.com/p/25401383
军机训练遭黑电台干扰 指挥通话插播祖传秘方
http://news.sina.com.cn/o/2017-02-21/doc-ifyarrcc8309141.shtml
http://news.sina.com.cn/o/2017-02-21/doc-ifyarrcc8309141.shtml
枪支零售商Airsoft GI被黑泄露65000个用户信息
http://www.mottoin.com/96847.html
http://www.mottoin.com/96847.html
阿里巴巴安全第一人肖力:网络安全的五个洞见
http://www.leiphone.com/news/201702/4NzX5SLlEv5kUqLG.html
http://www.leiphone.com/news/201702/4NzX5SLlEv5kUqLG.html
瑞星推出全新Linux整体解决方案 打造国内最全防护功能
http://www.mottoin.com/96849.html
http://www.mottoin.com/96849.html
2016年中国网络安全大事件
http://weibo.com/ttarticle/p/show?id=2309351000124078280734029495&u=3216881963&m=4078280719821362&cu=3216881963
http://weibo.com/ttarticle/p/show?id=2309351000124078280734029495&u=3216881963&m=4078280719821362&cu=3216881963
纽约州网络安全规则将于3月1日生效
http://www.mottoin.com/96492.html
http://www.mottoin.com/96492.html
安全技术
武装win10,打造子系统下的kali linux
http://www.secist.com/archives/2732.html
http://www.secist.com/archives/2732.html
黑手之kali_Nethuner---HID攻击
http://www.ggsec.cn/2017/02/05/nethuner-HID/
http://www.ggsec.cn/2017/02/05/nethuner-HID/
这个破DNS咋就总搞不好?
http://mp.weixin.qq.com/s/Q0yvt9a-VmN9k-ikLXZzGQ
http://mp.weixin.qq.com/s/Q0yvt9a-VmN9k-ikLXZzGQ
暗网买信用卡纪实:亲测盗刷无门槛
http://mp.weixin.qq.com/s?__biz=MTM2ODM0ODYyMQ==&mid=2651420682&idx=1&sn=a75446f83064b44b9a45db3f0f09eb42&scene=0#wechat_redirect
http://mp.weixin.qq.com/s?__biz=MTM2ODM0ODYyMQ==&mid=2651420682&idx=1&sn=a75446f83064b44b9a45db3f0f09eb42&scene=0#wechat_redirect
github代码泄露扫描工具初探
https://www.yanxiuer.com/githubscan.html
https://www.yanxiuer.com/githubscan.html
DIY 制作(黑苹果)渗透系统—第二更
http://www.secist.com/archives/1718.html
http://www.secist.com/archives/1718.html
Metasploit后门免杀模块之绕过360
http://www.ggsec.cn/2017/01/27/msf-web-delivery/
http://www.ggsec.cn/2017/01/27/msf-web-delivery/
针对蒙古政府的攻击所使用的钓鱼技术
http://www.mottoin.com/97113.html
http://www.mottoin.com/97113.html
免杀后门venom 和Metasploit 完美绕过360
http://www.ggsec.cn/2017/01/15/venom/
http://www.ggsec.cn/2017/01/15/venom/
Find Security Bugs:Java应用和Android应用审计工具
http://www.mottoin.com/97036.html
http://www.mottoin.com/97036.html
新一代子域名爆破工具brutedns
http://www.freebuf.com/sectool/127099.html
http://www.freebuf.com/sectool/127099.html
我是如何通过网络摄像头分析wifi密码的
http://paper.seebug.org/225/
http://paper.seebug.org/225/
一个用于CTF PWN的docker容器
http://skysider.com/?p=470
http://skysider.com/?p=470
Russian APT - APT28 collection of samples including OSX XAgent
http://contagiodump.blogspot.com/2017/02/russian-apt-apt28-collection-of-samples.html
http://contagiodump.blogspot.com/2017/02/russian-apt-apt28-collection-of-samples.html
Android 渗透测试学习手册(一)Android 安全入门
http://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458282048&idx=1&sn=e17505bda5734a97e869cca787020dd7&scene=0#wechat_redirect
http://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458282048&idx=1&sn=e17505bda5734a97e869cca787020dd7&scene=0#wechat_redirect
FuzzDomain域名爆破工具发布以及开源
http://www.freebuf.com/sectool/127400.html
http://www.freebuf.com/sectool/127400.html
CVE-2017-6074:Linux内核中存在11年的特权提升漏洞
http://www.mottoin.com/96940.html
http://www.mottoin.com/96940.html
Discuz ssrf漏洞利用的几个python脚本
https://phpinfo.me/2017/02/23/1438.html
https://phpinfo.me/2017/02/23/1438.html
MobSF框架及源代码分析
http://cryin.startblog.cc/Articles/article/42
http://cryin.startblog.cc/Articles/article/42
Google基础设施安全设计概述翻译和导读
https://security.tencent.com/index.php/blog/msg/114
https://security.tencent.com/index.php/blog/msg/114
《谷歌安全白皮书》2017中文版
http://mp.weixin.qq.com/s?__biz=MzI4MjA1MzkyNA==&mid=2655294955&idx=1&sn=ea316572c9f9f5a6839f03e4eaf42645&scene=0#wechat_redirect
http://mp.weixin.qq.com/s?__biz=MzI4MjA1MzkyNA==&mid=2655294955&idx=1&sn=ea316572c9f9f5a6839f03e4eaf42645&scene=0#wechat_redirect
多台虚拟机搭建模拟网络环境
http://whatbeg.com/2016/09/24/vmnetconstruction.html
http://whatbeg.com/2016/09/24/vmnetconstruction.html
域名背后的真相,一个黑产团伙的沦陷
http://www.freebuf.com/articles/terminal/127228.html
http://www.freebuf.com/articles/terminal/127228.html
RSA 2017 IoT 专题
https://www.iotvillage.org/
https://www.iotvillage.org/
Mt-Falcon——Open-Falcon在美团点评的应用与实践
http://tech.meituan.com/Mt-Falcon_Monitoring_System.html
http://tech.meituan.com/Mt-Falcon_Monitoring_System.html
Android 渗透测试学习手册(二)准备实验环境
http://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458282050&idx=1&sn=b65d1266cfbc2afdc912b97065fb6780&scene=0#wechat_redirect
http://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458282050&idx=1&sn=b65d1266cfbc2afdc912b97065fb6780&scene=0#wechat_redirect
指纹识别原理和万能指纹攻击猜想
http://mp.weixin.qq.com/s?__biz=MTM2ODM0ODYyMQ==&mid=2651420718&idx=4&sn=aca97331c25739af0b84349aea153215&scene=0#wechat_redirect
http://mp.weixin.qq.com/s?__biz=MTM2ODM0ODYyMQ==&mid=2651420718&idx=4&sn=aca97331c25739af0b84349aea153215&scene=0#wechat_redirect
find-sec-bugs: FindBugs plugin for security audits of Java applications
https://github.com/find-sec-bugs/find-sec-bugs
https://github.com/find-sec-bugs/find-sec-bugs
另类PHP安全漏洞:利用弱类型和对象注入进行SQLi
http://www.4hou.com/technology/3327.html
http://www.4hou.com/technology/3327.html
模型学习全面概述:利用机器学习查找软件漏洞
http://mp.weixin.qq.com/s?__biz=MzA3MzI4MjgzMw==&mid=2650723383&idx=1&sn=a7146db5966a949b63bb02f3ab0f3f02&scene=0#wechat_redirect
http://mp.weixin.qq.com/s?__biz=MzA3MzI4MjgzMw==&mid=2650723383&idx=1&sn=a7146db5966a949b63bb02f3ab0f3f02&scene=0#wechat_redirect
如何防范被高精度IP定位采集数据
http://blog.csdn.net/cuitang1031/article/details/55507004
http://blog.csdn.net/cuitang1031/article/details/55507004
我的MITRE物联网挑战赛之旅
http://bobao.360.cn/learning/detail/3524.html?from=timeline
http://bobao.360.cn/learning/detail/3524.html?from=timeline
京东从OpenStack切换到Kubernetes的经验之谈
http://mp.weixin.qq.com/s?__biz=MjM5MDE0Mjc4MA==&mid=2650995488&idx=1&sn=5103cb99753238484c9159692ea91f7b&scene=0#wechat_redirect
http://mp.weixin.qq.com/s?__biz=MjM5MDE0Mjc4MA==&mid=2650995488&idx=1&sn=5103cb99753238484c9159692ea91f7b&scene=0#wechat_redirect
Web客户端追踪(下)—浏览器指纹追踪
http://www.arkteam.net/?p=1563
http://www.arkteam.net/?p=1563
启明星辰ADLab联合电信云堤追踪 Billgates僵尸网络大黑雀
http://mp.weixin.qq.com/s?__biz=MzA3NDQ0MzkzMA==&mid=2651674968&idx=1&sn=f84353990d34e22d2a6ebc7db7915748&scene=0#wechat_redirect
http://mp.weixin.qq.com/s?__biz=MzA3NDQ0MzkzMA==&mid=2651674968&idx=1&sn=f84353990d34e22d2a6ebc7db7915748&scene=0#wechat_redirect
低成本安全硬件(一)——BadUSB on Arduino
http://jia1s.info/lowcost-badUSB/
http://jia1s.info/lowcost-badUSB/
cloudflare: Cloudflare Reverse Proxies are Dumping Uninitialized Memory
https://bugs.chromium.org/p/project-zero/issues/detail?id=1139
https://bugs.chromium.org/p/project-zero/issues/detail?id=1139
32位程序对64位进程的远程注入实现
http://www.4hou.com/technology/3426.html
http://www.4hou.com/technology/3426.html
黑客小说:杀手(第十三章 无尽的黑暗 上)
http://www.jianshu.com/p/21312f0df2a8
http://www.jianshu.com/p/21312f0df2a8
PayloadsAllTheThings: 各种Web 漏洞测试用例及详解
https://github.com/swisskyrepo/PayloadsAllTheThings
https://github.com/swisskyrepo/PayloadsAllTheThings
BlackHat专题:Flash漏洞利用样本逆向分析艺术
http://paper.seebug.org/224/
http://paper.seebug.org/224/
Docker —— 从入门到实践
https://yeasy.gitbooks.io/docker_practice/content/
https://yeasy.gitbooks.io/docker_practice/content/
SecWiki周刊(第155期)
https://www.sec-wiki.com/weekly/155
https://www.sec-wiki.com/weekly/155
Analysis of MS16-104: .URL files Security Feature Bypass (CVE-2016-3353)
http://blog.quarkslab.com/analysis-of-ms16-104-url-files-security-feature-bypass-cve-2016-3353.html
http://blog.quarkslab.com/analysis-of-ms16-104-url-files-security-feature-bypass-cve-2016-3353.html
JAVA, PYTHON FTP INJECTION ATTACKS BYPASS FIREWALLS
https://threatpost.com/java-python-ftp-injection-attacks-bypass-firewalls/123858/
https://threatpost.com/java-python-ftp-injection-attacks-bypass-firewalls/123858/
Android 渗透测试学习手册(四)对 Android 设备进行流量分析
http://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458282091&idx=2&sn=fc3486b8df2249158b258e679758cbd4&scene=0#wechat_redirect
http://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458282091&idx=2&sn=fc3486b8df2249158b258e679758cbd4&scene=0#wechat_redirect
Android 渗透测试学习手册(五)Android 取证
http://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458282093&idx=1&sn=4f6272f90b0fdbf04a381d66f46d6c01&scene=0#wechat_redirect
http://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458282093&idx=1&sn=4f6272f90b0fdbf04a381d66f46d6c01&scene=0#wechat_redirect
MySQL Out-of-Band 攻击
http://www.mottoin.com/96463.html
http://www.mottoin.com/96463.html
Teemo:域名信息收集及爆破工具
http://www.mottoin.com/96408.html
http://www.mottoin.com/96408.html
阿里云快速部署Flask应用
http://www.92ez.com/?action=show&id=23439
http://www.92ez.com/?action=show&id=23439
A Great Vim Cheat Sheet
http://vimsheet.com/
http://vimsheet.com/
怎样写出优秀的研究论文?
http://whatbeg.com/2016/05/10/how2wtpaper.html
http://whatbeg.com/2016/05/10/how2wtpaper.html
xsec-ssh-firewall: 一个简易的ssh密码防暴力破解程序
https://github.com/netxfly/xsec-ssh-firewall
https://github.com/netxfly/xsec-ssh-firewall
美国DHS发布《“灰熊草原”网络攻击活动深入分析报告》
http://www.freebuf.com/special/126918.html
http://www.freebuf.com/special/126918.html
Android 渗透测试学习手册(三)Android 应用的逆向和审计
http://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458282069&idx=2&sn=c5c8392504600df207d2a59f750e0725&scene=0#wechat_redirect
http://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458282069&idx=2&sn=c5c8392504600df207d2a59f750e0725&scene=0#wechat_redirect
TEW-654TR路由器漏洞分析和挖掘
http://www.freebuf.com/vuls/126766.html#0-tsina-1-14513-397232819ff9a47a7b7e80a40613cfe1
http://www.freebuf.com/vuls/126766.html#0-tsina-1-14513-397232819ff9a47a7b7e80a40613cfe1
【漏洞演示视频】Windows SMBv3 Tree Connect响应拒绝服务漏洞
http://mp.weixin.qq.com/s?__biz=MzI4NjE2NjgxMQ==&mid=2650233023&idx=2&sn=6df48e6351b8f7a7e48049db4d859715&chksm=f3e2e2cbc4956bdd1f5e490bdcd3eb66e0abbb77a448c11b60d77719d34e0106a093500990c5#rd
http://mp.weixin.qq.com/s?__biz=MzI4NjE2NjgxMQ==&mid=2650233023&idx=2&sn=6df48e6351b8f7a7e48049db4d859715&chksm=f3e2e2cbc4956bdd1f5e490bdcd3eb66e0abbb77a448c11b60d77719d34e0106a093500990c5#rd
Google Security Whitepaper
https://cloud.google.com/security/whitepaper
https://cloud.google.com/security/whitepaper
Docker Remote api在安全中的应用杂谈
https://zhuanlan.zhihu.com/p/25364731
https://zhuanlan.zhihu.com/p/25364731
Injecting_SQLite_database_based_application.pdf
https://packetstormsecurity.com/files/141169/Injecting_SQLite_database_based_application.pdf
https://packetstormsecurity.com/files/141169/Injecting_SQLite_database_based_application.pdf
内网漫游之SOCKS代理大结局
https://xianzhi.aliyun.com/forum/read/735.html
https://xianzhi.aliyun.com/forum/read/735.html
浅谈Discuz插件代码安全(内附0day)
http://mp.weixin.qq.com/s/c2MIQnM9q9eMWaxUO9Pjjg
http://mp.weixin.qq.com/s/c2MIQnM9q9eMWaxUO9Pjjg
保护内网安全之提高Windows AD安全性 Part.1
http://www.4hou.com/technology/3280.html
http://www.4hou.com/technology/3280.html
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第156期)
