SecWiki周刊(第195期)
2017/11/20-2017/11/26
安全资讯
2016-2017年度欧盟网络空间安全综述
https://mp.weixin.qq.com/s/tE8p87ekOFStC5df5mVEEQ
https://mp.weixin.qq.com/s/tE8p87ekOFStC5df5mVEEQ
谷歌承认追踪用户基站定位数据:即便设置中已经关闭
http://www.cnbeta.com/articles/tech/672769.htm
http://www.cnbeta.com/articles/tech/672769.htm
亚马逊专为美情报机构推云计算服务 满足保密需求
http://www.cnbeta.com/articles/tech/672201.htm
http://www.cnbeta.com/articles/tech/672201.htm
工信部关于印发《公共互联网网络安全突发事件应急预案》的通知
https://www.easyaq.com/news/1831266218.shtml
https://www.easyaq.com/news/1831266218.shtml
诸葛建伟:给年轻人最好的土壤
https://mp.weixin.qq.com/s/Y-5_v6ECO9vmuiBnqkFO7Q
https://mp.weixin.qq.com/s/Y-5_v6ECO9vmuiBnqkFO7Q
网络安全“老熟人”胡洪涛:苹果资本的选择
https://mp.weixin.qq.com/s/EBwYMRBp8X9aXsaPm9uCBQ
https://mp.weixin.qq.com/s/EBwYMRBp8X9aXsaPm9uCBQ
安全技术
Linux 二进制安全学习笔记
https://github.com/JnuSimba/LinuxSecNotes
https://github.com/JnuSimba/LinuxSecNotes
CVE-2017-12149 JBOOS AS 6.X 反序列化漏洞利用
http://www.fr1sh.com/?post=16
http://www.fr1sh.com/?post=16
Apache HTTP Server 后门开发
http://www.jianshu.com/p/9d9248922508
http://www.jianshu.com/p/9d9248922508
Cobalt Strike 3.8破解版
http://lr3800.com/2017/11/22/cobalt-strike-3-8%e7%a0%b4%e8%a7%a3%e7%89%88/
http://lr3800.com/2017/11/22/cobalt-strike-3-8%e7%a0%b4%e8%a7%a3%e7%89%88/
Web 安全、渗透测试、安全建设等学习笔记
https://github.com/JnuSimba/MiscSecNotes
https://github.com/JnuSimba/MiscSecNotes
如何利用Java编写反弹工具?
https://zhuanlan.zhihu.com/p/31414601
https://zhuanlan.zhihu.com/p/31414601
tomcat后台弱口令扫描器,命令行版+图形界面版
https://github.com/magicming200/tomcat-weak-password-scanner
https://github.com/magicming200/tomcat-weak-password-scanner
“海莲花”团伙专用后门Denis最新版分析
https://mp.weixin.qq.com/s/UIV0YaIlSJLcYT32XJQPlg
https://mp.weixin.qq.com/s/UIV0YaIlSJLcYT32XJQPlg
Android 应用安全学习笔记
https://github.com/JnuSimba/AndroidSecNotes
https://github.com/JnuSimba/AndroidSecNotes
docker-cuckoo: Cuckoo Sandbox Dockerfile
https://github.com/blacktop/docker-cuckoo
https://github.com/blacktop/docker-cuckoo
drizzleDumper: 一款基于内存搜索的Android脱壳工具
https://github.com/DrizzleRisk/drizzleDumper
https://github.com/DrizzleRisk/drizzleDumper
深度 - Java 反序列化 Payload 之 JRE8u20
https://mp.weixin.qq.com/s/Daipik5qK6cIuYl49G-n4Q
https://mp.weixin.qq.com/s/Daipik5qK6cIuYl49G-n4Q
对AWVS一次简单分析
http://blog.wils0n.cn/archives/145/
http://blog.wils0n.cn/archives/145/
基于强化学习的关系抽取和文本分类#密码: kse6
https://pan.baidu.com/s/1i4JoDnB
https://pan.baidu.com/s/1i4JoDnB
Jdk7u21 反序列化漏洞Gadget原理
http://blog.csdn.net/u011721501/article/details/78607633
http://blog.csdn.net/u011721501/article/details/78607633
Proof-of-Concept exploits for CVE-2017-11882
https://github.com/embedi/CVE-2017-11882
https://github.com/embedi/CVE-2017-11882
大数据实时分析新神器出世-ClickHouse
http://www.jianshu.com/p/4b7d652317bb?from=timeline
http://www.jianshu.com/p/4b7d652317bb?from=timeline
The Art of Fuzzing – Slides and Demos
https://sec-consult.com/en/blog/2017/11/the-art-of-fuzzing-slides-and-demos/index.html
https://sec-consult.com/en/blog/2017/11/the-art-of-fuzzing-slides-and-demos/index.html
对攻击中东地区的 MuddyWater APT 的详细分析报告
https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
https://reaqta.com/2017/11/muddywater-apt-targeting-middle-east/
基于深度学习的二进制恶意样本检测
https://mp.weixin.qq.com/s/Bw8QuhSDDImgFWSO2-xUZQ
https://mp.weixin.qq.com/s/Bw8QuhSDDImgFWSO2-xUZQ
CVE-2017-11882利用
https://evi1cg.me/archives/CVE_2017_11882_exp.html
https://evi1cg.me/archives/CVE_2017_11882_exp.html
渗透测试工程师子域名收集指南
http://www.4hou.com/technology/8535.html
http://www.4hou.com/technology/8535.html
KDD2017最佳论文得主叶艳芳专访:AI时代的互联网安全
https://www.leiphone.com/news/201710/n8PxY0jifdIvfRaV.html
https://www.leiphone.com/news/201710/n8PxY0jifdIvfRaV.html
pydictor 爆破字典生成指南
http://mp.weixin.qq.com/s/mdgGqvxnnFRyvrrRy_5IkQ
http://mp.weixin.qq.com/s/mdgGqvxnnFRyvrrRy_5IkQ
使用Python3自动批量下载指定Tumblr博客的视频和图片
https://www.92ez.com/?action=show&id=23460
https://www.92ez.com/?action=show&id=23460
Linux下一种rootkit的分析和检测
http://www.freebuf.com/articles/system/154039.html
http://www.freebuf.com/articles/system/154039.html
BinCAT:一款可整合进IDA的二进制静态代码分析工具包
http://www.freebuf.com/column/154871.html
http://www.freebuf.com/column/154871.html
Java JSON反序列化之殇-看雪安全开发者峰会
http://xxlegend.com/2017/11/23/Java%20JSON%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E4%B9%8B%E6%AE%87-%E7%9C%8B%E9%9B%AA%E5%AE%89%E5%85%A8%E5%BC%80%E5%8F%91%E8%80%85%E5%B3%B0%E4%BC%9A/
http://xxlegend.com/2017/11/23/Java%20JSON%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E4%B9%8B%E6%AE%87-%E7%9C%8B%E9%9B%AA%E5%AE%89%E5%85%A8%E5%BC%80%E5%8F%91%E8%80%85%E5%B3%B0%E4%BC%9A/
手把手教你用JS写XSS cookie stealer来窃取密码
http://www.4hou.com/web/8527.html
http://www.4hou.com/web/8527.html
快速构建基于BeEF的钓鱼平台
https://mp.weixin.qq.com/s/dRHv_wq2pflfle6H5ugKiw
https://mp.weixin.qq.com/s/dRHv_wq2pflfle6H5ugKiw
Windows渗透常用命令
http://www.myh0st.cn/index.php/archives/261/
http://www.myh0st.cn/index.php/archives/261/
Cobalt Strikes Again: Spam Runs Use Macros and CVE-2017-8759 Exploit Against Rus
http://blog.trendmicro.com/trendlabs-security-intelligence/cobalt-spam-runs-use-macros-cve-2017-8759-exploit/
http://blog.trendmicro.com/trendlabs-security-intelligence/cobalt-spam-runs-use-macros-cve-2017-8759-exploit/
Web网页爬虫对抗指南 Part.1
http://www.4hou.com/technology/8482.html
http://www.4hou.com/technology/8482.html
2017安卓应用第三方SDK威胁概况
http://appscan.360.cn/blog/?p=210
http://appscan.360.cn/blog/?p=210
物联网硬件安全分析基础-硬件分析初探
https://paper.seebug.org/460/
https://paper.seebug.org/460/
OWASP_Top_10-2017_(en) pdf
https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf
https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf
openrasp-testcases: OpenRASP 漏洞测试环境
https://github.com/baidu-security/openrasp-testcases
https://github.com/baidu-security/openrasp-testcases
nao_sec: Analyzing KaiXin Exploit Kit
http://www.nao-sec.org/2017/11/analyzing-kaixin-exploit-kit.html
http://www.nao-sec.org/2017/11/analyzing-kaixin-exploit-kit.html
一些关于Android应用安全的众测报告列表
https://github.com/B3nac/Android-Reports-and-Resources
https://github.com/B3nac/Android-Reports-and-Resources
Office文件内容关键字提取脚本实践
https://mp.weixin.qq.com/s/QiY07p9C5mqa8bqS1Xi2Pw
https://mp.weixin.qq.com/s/QiY07p9C5mqa8bqS1Xi2Pw
CVE-2017-11882复现及防御
http://www.myh0st.cn/index.php/archives/329/
http://www.myh0st.cn/index.php/archives/329/
新的mirai僵尸网络变种正在端口23和2323上积极传播
http://blog.netlab.360.com/early-warning-a-new-mirai-variant-is-spreading-quickly-on-port-23-and-2323-2/
http://blog.netlab.360.com/early-warning-a-new-mirai-variant-is-spreading-quickly-on-port-23-and-2323-2/
开源密码破解及分析工具Hashview
http://www.freebuf.com/articles/database/153628.html
http://www.freebuf.com/articles/database/153628.html
基于统计学的Hashcat密码生成规则:Hob0Rules
http://www.freebuf.com/sectool/154586.html
http://www.freebuf.com/sectool/154586.html
看我如何利用OSINT技术黑掉加密货币挖矿工具
http://www.freebuf.com/articles/system/154424.html
http://www.freebuf.com/articles/system/154424.html
Elasticsearch全文搜索的使用和原理
https://jiayi.space/post/elasticsearchquan-wen-sou-suo-de-shi-yong-he-yuan-li
https://jiayi.space/post/elasticsearchquan-wen-sou-suo-de-shi-yong-he-yuan-li
0xB4 企业安全建设中评估业务潜在风险的思路
https://zhuanlan.zhihu.com/p/31263844?group_id=916355317818970112
https://zhuanlan.zhihu.com/p/31263844?group_id=916355317818970112
SecWiki周刊(第194期)
https://www.sec-wiki.com/weekly/194
https://www.sec-wiki.com/weekly/194
2017 MIAC移动安全赛第三场WEB300 PokeMongo
http://www.freebuf.com/articles/others-articles/153798.html
http://www.freebuf.com/articles/others-articles/153798.html
再谈SIEM和安全管理平台项目的失败因素(1)
http://yepeng.blog.51cto.com/3101105/1983449
http://yepeng.blog.51cto.com/3101105/1983449
安天365安全研究第7期 #密码:ps81
http://pan.baidu.com/s/1dEQOqrv
http://pan.baidu.com/s/1dEQOqrv
-----微信ID:SecWiki-----
SecWiki,13年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第195期)
