SecWiki周刊(第162期)
2017/04/03-2017/04/09
安全资讯
[事件]  APT10:中国黑客组织攻击全球IT服务供应商
http://www.mottoin.com/99776.html
[新闻]  换用iPhone后 特朗普仍然可能遭到黑客攻击
https://www.t00ls.net/articles-39021.html
[人物]  Know your community – Stefan Esser
https://blogs.securiteam.com/index.php/archives/3037
安全技术
[论文]  2017 AsiaCSS 会议论文列表
http://dl.acm.org/citation.cfm?id=3052973&CFID=748511376
[运维安全]  CentOS 7 主机加固实践(共三篇)
http://www.cnblogs.com/xiaoxiaoleo/p/6678727.html
[无线安全]  wifi渗透流程整理-合天网安新闻
http://www.hetianlab.com/html/news/news-2017040501.html
[Web安全]  常见 WEB 安全漏洞_网站安全_i春秋社区-分享你的技术,为安全加点温度
https://bbs.ichunqiu.com/thread-21386-1-1.html
[取证分析]  ThreatHuner-Playbook: 从Windows事件和Sysmon日志分析取证
https://github.com/VVard0g/ThreatHunter-Playbook
[无线安全]  Over The Air: Exploiting Broadcom’s Wi-Fi Stack (Part 1)
http://googleprojectzero.blogspot.ae/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html
[运维安全]  从Google白皮书看企业安全最佳实践
http://tech.meituan.com/GoogleSecurity_ayazero.html
[恶意分析]  有趣的二进制读书笔记
http://www.mottoin.com/99834.html
[其它]  Dissecting One of APT29’s Fileless WMI and PowerShell Backdoors (POSHSPY)
https://www.fireeye.com/blog/threat-research/2017/03/dissecting_one_ofap.html
[Web安全]  AI-Driven-WAF: Artificial intelligence-driven Web Firewall
https://github.com/exp-db/AI-Driven-WAF
[数据挖掘]  淘宝文胸商品评论内容爬取与简单分析
https://github.com/nladuo/taobao_bra_crawler
[漏洞分析]  How we exploited a remote code execution vulnerability in math.js
https://capacitorset.github.io/mathjs/
[Web安全]  setting-up-an-email-honeypot-spamtrap-malware-malspam-trap
https://myonlinesecurity.co.uk/setting-up-an-email-honeypot-spamtrap-malware-malspam-trap/
[恶意分析]  在线恶意软件和URL分析集成框架 – MalSub
http://www.freebuf.com/sectool/130199.html
[数据挖掘]  写给白帽子的数据科学手册
https://github.com/phunterlau/data_science_for_whitehat
[运维安全]  The 2016-2017 iCTF DDoS
https://ictf.cs.ucsb.edu/pages/the-2016-2017-ictf-ddos.html
[Web安全]  mimipenguin: Linux 下密码抓取工具
https://github.com/huntergregal/mimipenguin
[取证分析]  OG-Miner : Data Crawling on Steroids
https://umbrella.cisco.com/blog/2017/04/04/og-miner-data-crawling-steroids/
[运维安全]  金融企业安全建设探索之四个安全建设问题
http://mp.weixin.qq.com/s/-tVQSJ1dyHleBAj9YFE_Xw
[杂志]  SecWiki周刊(第161期)
https://www.sec-wiki.com/weekly/161
[恶意分析]  一键无文件感染
http://www.mottoin.com/99735.html
[恶意分析]  ATMitch: remote administration of ATMs
https://securelist.com/blog/sas/77918/atmitch-remote-administration-of-atms/
[数据挖掘]  wesome-sentiment-analysis: A curated list of Sentiment Analysis methods
https://github.com/xiamx/awesome-sentiment-analysis
[其它]  黑客小说杀手 (第十五章 真相)
http://www.jianshu.com/p/b31af11b0fd6
[移动安全]  瑞星提醒:短信拦截马病毒近期活跃并大肆偷取用户钱财
http://www.mottoin.com/99933.html
[移动安全]  OS X 逆向实例(二)- BetterZip 3.1.2
https://and-rev.blogspot.com/2017/04/os-x-betterzip-312.html
[取证分析]  Microsoft Edge:插件检测
http://paper.seebug.org/266/
-----微信ID:SecWiki-----
SecWiki,10年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第162期)