SecWiki周刊(第183期)
2017/08/28-2017/09/03
安全资讯
Top 10-2017 渗透测试Linux发行版本
https://www.520waf.com/2017/08/top-10-penetration-testing-ethical-hacking-linux-distributions/
https://www.520waf.com/2017/08/top-10-penetration-testing-ethical-hacking-linux-distributions/
2017腾讯安全国际技术峰会首日议题全记录
http://www.freebuf.com/fevents/146073.html
http://www.freebuf.com/fevents/146073.html
NIAC发布报告《保护基础设施,应对网络攻击》
http://mp.weixin.qq.com/s/r0RKAfxnct1PFmjMAu3qUA
http://mp.weixin.qq.com/s/r0RKAfxnct1PFmjMAu3qUA
FBI 如何识别中国黑客身份
http://www.solidot.org/story?sid=53613
http://www.solidot.org/story?sid=53613
维基解密CIA泄露盘点:骇人听闻的攻击部门和全方位黑客工具
http://www.freebuf.com/special/145818.html
http://www.freebuf.com/special/145818.html
安全技术
信息安全知识库全站资源打包 下载
http://pan.baidu.com/s/1gf4Brb1
http://pan.baidu.com/s/1gf4Brb1
台灣駭客年會 HITCON CMT 2017 部分PPT
https://hitcon.org/2017/CMT/agenda
https://hitcon.org/2017/CMT/agenda
物联网防护新思路:软件定义访问控制
http://blog.nsfocus.net/iot-techworld2017/
http://blog.nsfocus.net/iot-techworld2017/
An iOS kernel exploit designated to work on all iOS devices <= 10.3.1
https://github.com/doadam/ziVA
https://github.com/doadam/ziVA
Wireshark如何捕获网络流量数据包
http://www.4hou.com/web/7465.html
http://www.4hou.com/web/7465.html
TLS握手协议分析与理解——某HTTPS请求流量包分析
http://mp.weixin.qq.com/s/hor6DLFrEQw582DyAffoZA
http://mp.weixin.qq.com/s/hor6DLFrEQw582DyAffoZA
Software-Security-Learning: 软件安全的一些资料
https://github.com/CHYbeta/Software-Security-Learning
https://github.com/CHYbeta/Software-Security-Learning
12 Great Technical Talks at SHA2017
http://blog.ptsecurity.com/2017/08/12-great-technical-talks-at-sha2017.html
http://blog.ptsecurity.com/2017/08/12-great-technical-talks-at-sha2017.html
ISS 2017网络生态峰会PPT
http://pan.baidu.com/s/1pL7cDbt
http://pan.baidu.com/s/1pL7cDbt
先知XSS挑战赛 - Writeup
https://mp.weixin.qq.com/s/d_UCJusUdWCRTo3Vutsk_A
https://mp.weixin.qq.com/s/d_UCJusUdWCRTo3Vutsk_A
CTF-pwn-tips: Here records some tips about pwn that I have learned
https://github.com/Naetw/CTF-pwn-tips
https://github.com/Naetw/CTF-pwn-tips
基于ASM的java字符串混淆工具实现
http://mp.weixin.qq.com/s/8pIcsRbVPj1EBgSC961gDA
http://mp.weixin.qq.com/s/8pIcsRbVPj1EBgSC961gDA
阿里XSS挑战赛思路及PoC
http://phantom0301.cc/2017/08/30/alixss/
http://phantom0301.cc/2017/08/30/alixss/
Inside the Massive 711 Million Record Onliner Spambot Dump
https://nosec.org/my/threats/1538
https://nosec.org/my/threats/1538
构建基于社交图谱关系的反欺诈产品应用
https://www.youtube.com/watch?v=ruTO4BOh5qQ
https://www.youtube.com/watch?v=ruTO4BOh5qQ
Mac下的破解软件真的安全吗?
http://www.freebuf.com/articles/terminal/145327.html
http://www.freebuf.com/articles/terminal/145327.html
卡巴斯基事件响应指南读后感
https://mp.weixin.qq.com/s/ciaEeH0jxoStHiTeWB51tg
https://mp.weixin.qq.com/s/ciaEeH0jxoStHiTeWB51tg
Pocms&&finecms注册会员越权getshell
https://bbs.ichunqiu.com/article-894-1.html?from=sec
https://bbs.ichunqiu.com/article-894-1.html?from=sec
卡巴斯基实验室对 WhiteBear APT 的分析与介绍
https://securelist.com/introducing-whitebear/81638/
https://securelist.com/introducing-whitebear/81638/
ERNW 对朝鲜的大规模监视技术的剖析
https://www.ernw.de/download/exploring_north_koreas_survelliance_technology_troopers17.pdf
https://www.ernw.de/download/exploring_north_koreas_survelliance_technology_troopers17.pdf
[我的KDD之行] 实体提取+TensorFlow+频繁模式(演讲PDF下载)
https://tianchi.aliyun.com/competition/new_articleDetail.html?&postsId=2464
https://tianchi.aliyun.com/competition/new_articleDetail.html?&postsId=2464
X-NUCA '17第一期靶场渗透赛最佳团队Writeup
https://mp.weixin.qq.com/s/92RfSObhnzITzZ_HzaKvgQ
https://mp.weixin.qq.com/s/92RfSObhnzITzZ_HzaKvgQ
Wordpresscan: WPScan rewritten in Python + some WPSeku ideas
https://github.com/swisskyrepo/Wordpresscan
https://github.com/swisskyrepo/Wordpresscan
weibospider: 新浪微博爬虫(分布式)
https://github.com/ResolveWang/weibospider
https://github.com/ResolveWang/weibospider
china_ip_list: 中国 IP 地址列表( IPIP&APNIC )
https://github.com/LisonFan/china_ip_list
https://github.com/LisonFan/china_ip_list
OpenStack:建立虚拟的渗透测试实验环境 – 网络篇
http://www.freebuf.com/articles/network/145947.html
http://www.freebuf.com/articles/network/145947.html
COM Object hijacking后门的实现思路——劫持explorer.exe
http://www.4hou.com/technology/7402.html
http://www.4hou.com/technology/7402.html
挖掘分布式系统——Hadoop的漏洞
https://mp.weixin.qq.com/s/JTZfaG6iG2XAmiCeBiKxwA
https://mp.weixin.qq.com/s/JTZfaG6iG2XAmiCeBiKxwA
Web-Security-Learning: Web安全的一些资料
https://github.com/CHYbeta/Web-Security-Learning
https://github.com/CHYbeta/Web-Security-Learning
文档扫描:深度神经网络在移动端的实践
http://techblog.youdao.com/?p=1237
http://techblog.youdao.com/?p=1237
pharos: Automated static analysis tools for binary programs
https://github.com/cmu-sei/pharos
https://github.com/cmu-sei/pharos
XXE DTD Cheat Sheet
https://web-in-security.blogspot.jp/2016/03/xxe-cheat-sheet.html
https://web-in-security.blogspot.jp/2016/03/xxe-cheat-sheet.html
看我如何用57行代码实现8600万美元的项目
https://medium.freecodecamp.org/how-i-replicated-an-86-million-project-in-57-lines-of-code-277031330ee9
https://medium.freecodecamp.org/how-i-replicated-an-86-million-project-in-57-lines-of-code-277031330ee9
Manual SQL injection discovery tips
https://gerbenjavado.com/manual-sql-injection-discovery-tips/
https://gerbenjavado.com/manual-sql-injection-discovery-tips/
两种利用COM劫持实现的后门方法
https://3gstudent.github.io/Use-COM-Object-hijacking-to-maintain-persistence-Hijack-explorer.exe/
https://3gstudent.github.io/Use-COM-Object-hijacking-to-maintain-persistence-Hijack-explorer.exe/
Command Injection/Shell Injection[PDF]
https://www.exploit-db.com/docs/42593.pdf
https://www.exploit-db.com/docs/42593.pdf
白帽黑客:如何用总裁的座机给你打的电话!
https://bbs.ichunqiu.com/thread-26530-1-1.html?from=sec
https://bbs.ichunqiu.com/thread-26530-1-1.html?from=sec
Oracle Advanced Support系统SQL注入漏洞挖掘经验分享
http://bobao.360.cn/learning/detail/4340.html
http://bobao.360.cn/learning/detail/4340.html
MaliciousMacroBot: classify and cluster Microsoft office document
https://github.com/egaus/MaliciousMacroBot
https://github.com/egaus/MaliciousMacroBot
如何在Linux下管理webshell
https://bbs.ichunqiu.com/thread-26447-1-1.html?from=sec
https://bbs.ichunqiu.com/thread-26447-1-1.html?from=sec
Pentest: 一些实用的渗透脚本和代码
https://github.com/Ridter/Pentest
https://github.com/Ridter/Pentest
无线渗透(下)—企业级WPA破解
http://mp.weixin.qq.com/s/88c4q6gNpy6LsM11T4rkYg
http://mp.weixin.qq.com/s/88c4q6gNpy6LsM11T4rkYg
基于Paramiko的高交互SSH蜜罐
http://www.freebuf.com/sectool/145527.html
http://www.freebuf.com/sectool/145527.html
Windows Lnk远程代码执行漏洞(CVE-2017-8464)利用测试
https://3gstudent.github.io/3gstudent.github.io/Windows-Lnk%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E(CVE-2017-8464)%E5%88%A9%E7%94%A8%E6%B5%8B%E8%AF%95/
https://3gstudent.github.io/3gstudent.github.io/Windows-Lnk%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E(CVE-2017-8464)%E5%88%A9%E7%94%A8%E6%B5%8B%E8%AF%95/
Gartner: 2017年11大信息安全技术(解读版)
http://yepeng.blog.51cto.com/3101105/1962301
http://yepeng.blog.51cto.com/3101105/1962301
HITB CTF 2017 Pwn题研究
http://0x48.pw/2017/08/29/0x49/
http://0x48.pw/2017/08/29/0x49/
实现 macOS 内核监控的几种方法
http://weibo.com/ttarticle/p/show?id=2309404147420605875697
http://weibo.com/ttarticle/p/show?id=2309404147420605875697
使用request merging bypass referer(jsonp) 检测
https://threathunter.org/topic/59a9329cec721b1f1966ea2e
https://threathunter.org/topic/59a9329cec721b1f1966ea2e
无线渗透(中)--WPS破解
https://mp.weixin.qq.com/s/8lVoUfyHu_jllRoYZmKF8Q
https://mp.weixin.qq.com/s/8lVoUfyHu_jllRoYZmKF8Q
ThinkPHP3.2.3框架实现安全数据库操作分析
http://mp.weixin.qq.com/s/q6RuLi7dQSMc8vwOIQ0JeA
http://mp.weixin.qq.com/s/q6RuLi7dQSMc8vwOIQ0JeA
Installing a crafted gem package may create or overwrite files
https://hackerone.com/reports/243156
https://hackerone.com/reports/243156
为什么“纵深防御”雷声大雨点小?
https://mp.weixin.qq.com/s/B5n8wpLDy1rGchrySpBNUQ
https://mp.weixin.qq.com/s/B5n8wpLDy1rGchrySpBNUQ
CyberThreatHunting: A collection of resources for Threat Hunters
https://github.com/A3sal0n/CyberThreatHunting
https://github.com/A3sal0n/CyberThreatHunting
SecWiki周刊(第182期)
https://www.sec-wiki.com/weekly/182
https://www.sec-wiki.com/weekly/182
Deploy a global, private CDN on your lunch break 部署全球私有CDN
https://blog.edgemesh.com/deploy-a-global-private-cdn-on-your-lunch-break-7550e9a9ad7e
https://blog.edgemesh.com/deploy-a-global-private-cdn-on-your-lunch-break-7550e9a9ad7e
Cheat Sheet for Analyzing Malicious Software
https://zeltser.com/malware-analysis-cheat-sheet/
https://zeltser.com/malware-analysis-cheat-sheet/
-----微信ID:SecWiki-----
SecWiki,13年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第183期)
