SecWiki周刊(第193期)
2017/11/06-2017/11/12
安全资讯
威胁景观再添新型勒索软件——GIBON
http://www.4hou.com/info/news/8352.html
http://www.4hou.com/info/news/8352.html
真假WhatsApp,连谷歌应用商店也分不清
http://www.4hou.com/info/news/8327.html
http://www.4hou.com/info/news/8327.html
CCF NASAC 2017原型系统竞赛奖正式颁发
https://mp.weixin.qq.com/s/6tj4lh0ej7aNkQy0DdfWjg
https://mp.weixin.qq.com/s/6tj4lh0ej7aNkQy0DdfWjg
2017年第三季度网络诈骗趋势研究报告
http://www.freebuf.com/articles/paper/153282.html
http://www.freebuf.com/articles/paper/153282.html
安全技术
BurpSuite_Pro 1.7.27 Pro 破解版
https://xianzhi.aliyun.com/forum/topic/1548/
https://xianzhi.aliyun.com/forum/topic/1548/
Apache服务器安全配置
http://foreversong.cn/archives/789
http://foreversong.cn/archives/789
auxblog CMS 1.0.6 审计记录
https://ch1st.github.io/2017/11/04/auxblog-CMS-1-0-6-%E5%AE%A1%E8%AE%A1%E8%AE%B0%E5%BD%95/
https://ch1st.github.io/2017/11/04/auxblog-CMS-1-0-6-%E5%AE%A1%E8%AE%A1%E8%AE%B0%E5%BD%95/
Creating a Simple Free Malware Analysis Environment | MalwareTech
https://www.malwaretech.com/2017/11/creating-a-simple-free-malware-analysis-environment.html
https://www.malwaretech.com/2017/11/creating-a-simple-free-malware-analysis-environment.html
Featuretools:自动特征工程开源框架
https://www.featuretools.com/
https://www.featuretools.com/
小白思考一道简单anti sql题的过程
http://myndtt.com/2017/11/09/%E4%BB%8E%E4%B8%80%E9%81%93anti-sql%E9%A2%98%E8%AE%B2%E8%B5%B7/
http://myndtt.com/2017/11/09/%E4%BB%8E%E4%B8%80%E9%81%93anti-sql%E9%A2%98%E8%AE%B2%E8%B5%B7/
T-Pot 17.10 - Multi-Honeypot Platform rEvolution
http://dtag-dev-sec.github.io//mediator/feature/2017/11/07/t-pot-17.10.html
http://dtag-dev-sec.github.io//mediator/feature/2017/11/07/t-pot-17.10.html
极棒GeekPwn工控CTF Writeup
http://bobao.360.cn/ctf/detail/213.html
http://bobao.360.cn/ctf/detail/213.html
node.js + postgres 从注入到Getshell
https://www.leavesongs.com/PENETRATION/node-postgres-code-execution-vulnerability.html
https://www.leavesongs.com/PENETRATION/node-postgres-code-execution-vulnerability.html
ARM assembly basics cheatsheet
https://azeria-labs.com/downloads/cheatsheetv1-1920x1080.png
https://azeria-labs.com/downloads/cheatsheetv1-1920x1080.png
EIS CTF 2017 Web Write-up
http://momomoxiaoxi.com/2017/11/05/EISCTF/
http://momomoxiaoxi.com/2017/11/05/EISCTF/
第三届上海市大学生网络安全大赛 流量分析 WriteUp
https://imlonghao.com/51.html
https://imlonghao.com/51.html
挖掘漏洞的高级方法和思维(Part.1)
http://www.4hou.com/vulnerable/8376.html
http://www.4hou.com/vulnerable/8376.html
精华篇之webshell在php方向的研究
https://bbs.ichunqiu.com/thread-28862-1-1.html?from=sec
https://bbs.ichunqiu.com/thread-28862-1-1.html?from=sec
域名关联模型:让恶意软件自我暴露
https://zhuanlan.zhihu.com/p/30780842
https://zhuanlan.zhihu.com/p/30780842
黑镜调查——深渊背后的真相之「薅羊毛产业」报告
http://image.3001.net/uploads/pdf/4aa87c46888173995c295a873c2aa682.pdf
http://image.3001.net/uploads/pdf/4aa87c46888173995c295a873c2aa682.pdf
Linux下billgates木马查杀
http://www.nuanyue.com/linux-xiabillgates-mu-ma-cha-sha-2-2-2/
http://www.nuanyue.com/linux-xiabillgates-mu-ma-cha-sha-2-2-2/
Python3编写的CMS漏洞检测工具(含300POC)
http://www.freebuf.com/sectool/149883.html
http://www.freebuf.com/sectool/149883.html
ARM exploitation for IoT – Episode 3
https://quequero.org/2017/11/arm-exploitation-iot-episode-3/
https://quequero.org/2017/11/arm-exploitation-iot-episode-3/
fame: 恶意软件分析平台 FAME
https://github.com/certsocietegenerale/fame
https://github.com/certsocietegenerale/fame
利用Metasploit渗透Mysql的多种方式
https://bbs.ichunqiu.com/thread-28745-1-1.html?from=sec
https://bbs.ichunqiu.com/thread-28745-1-1.html?from=sec
一类PHP RASP实现
https://paper.seebug.org/449/
https://paper.seebug.org/449/
CERT-BDF/Cortex: Powerful Observable Analysis Engine
https://github.com/CERT-BDF/Cortex
https://github.com/CERT-BDF/Cortex
系统安全监控DIY:动手做Osquery Agent
http://www.freebuf.com/sectool/152402.html
http://www.freebuf.com/sectool/152402.html
“盲”逆向:iOS 应用 Blind 寻踪
https://paper.seebug.org/440/
https://paper.seebug.org/440/
HITCON2017-writeup整理
https://lorexxar.cn/2017/11/10/hitcon2017-writeup/
https://lorexxar.cn/2017/11/10/hitcon2017-writeup/
一些Nmap NSE脚本推荐
http://www.polaris-lab.com/index.php/archives/390/
http://www.polaris-lab.com/index.php/archives/390/
FingerScan:网站服务识别工具
https://github.com/jasonsheh/FingerScan
https://github.com/jasonsheh/FingerScan
EternalBlue工具漏洞利用细节分析
https://mp.weixin.qq.com/s/-G2BjW05xAcx16piGSZhAA
https://mp.weixin.qq.com/s/-G2BjW05xAcx16piGSZhAA
对于Php Shell Bypass思路总结(送给还在迷茫bypass的初学者)
https://bbs.ichunqiu.com/thread-28883-1-1.html?from=sec
https://bbs.ichunqiu.com/thread-28883-1-1.html?from=sec
DNS-Persist: 利用 DNS 协议进行远程控制通信
https://github.com/0x09AL/DNS-Persist
https://github.com/0x09AL/DNS-Persist
NTT Security 2017 威胁情报报告解读
https://zhuanlan.zhihu.com/p/30888595?group_id=911984549982990336
https://zhuanlan.zhihu.com/p/30888595?group_id=911984549982990336
工业系统虚拟化测试平台搭建
http://icsmaster.com/security/virtual_platform.html
http://icsmaster.com/security/virtual_platform.html
ANDROID勒索软件黑产研究 ——恶意软件一键生成器
http://blogs.360.cn/blog/analysis_of_mobile_malware_factories/
http://blogs.360.cn/blog/analysis_of_mobile_malware_factories/
利用Freeradius和Django双因子认证,快速搭建统一认证平台指南
http://www.freebuf.com/articles/es/152236.html
http://www.freebuf.com/articles/es/152236.html
TP-LINK WR941N路由器研究
https://paper.seebug.org/448/
https://paper.seebug.org/448/
Windows server2012 隐藏用户建立(Powershell)
https://evi1cg.me/archives/UserClone.html
https://evi1cg.me/archives/UserClone.html
php_bugs: PHP代码审计分段讲解
https://github.com/bowu678/php_bugs
https://github.com/bowu678/php_bugs
scan_kill_php_shell: 针对PHP网马的正则查杀
https://github.com/Huseck/scan_kill_php_shell
https://github.com/Huseck/scan_kill_php_shell
CIA网络武器Vault8系列之Hive介绍
http://www.freebuf.com/column/153784.html
http://www.freebuf.com/column/153784.html
软件基因提取工具、原理、实现与应用
https://mp.weixin.qq.com/s/mF_KTr7Z30g3EwfDDcA6Rw
https://mp.weixin.qq.com/s/mF_KTr7Z30g3EwfDDcA6Rw
SecWiki周刊(第192期)
https://www.sec-wiki.com/weekly/192
https://www.sec-wiki.com/weekly/192
-----微信ID:SecWiki-----
SecWiki,13年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第193期)
