SecWiki周刊(第198期)
2017/12/11-2017/12/17
安全资讯
[新闻]  全国第三届工控系统信息安全攻防竞赛
https://mp.weixin.qq.com/s/QDdcrTw4nWf62-6__kCFuA
[新闻]  2017年中国网络安全富豪排行榜
https://mp.weixin.qq.com/s/L3t-CAOu7l46TSZdox880g
[人物]  从机器学习到机器创造——访AI安全专家李康
https://mp.weixin.qq.com/s/-YVA3FHXea-FK1MqL3DLSg
[新闻]  网络安全产业发展现状与展望
https://mp.weixin.qq.com/s/E7Iuri9G0RYOfv50yVLX_A
[人物]  李薛:三十岁,学习创业
https://mp.weixin.qq.com/s/YSHbzyPlhC2tYfxfMxtl6g
[新闻]  CB Insights全球最强AI创新公司Top100榜单
http://www.sohu.com/a/210427712_473283
[新闻]  《2018财年国防授权法案》(NDAA)中的网络安全部分
https://mp.weixin.qq.com/s/kJxKDeMkPnYc-F1EIuc2gA
[新闻]  国家网络安全产业园区建设总体思路介绍
https://mp.weixin.qq.com/s/QBtI7uMuReItCRbliBFwrA
[新闻]  工业和信息化部发布《促进新一代人工智能产业发展三年行动计划(2018-2020年)》
https://mp.weixin.qq.com/s/4CQKqL_kZzMTlu8W4WYrLg
[新闻]  网络素养标准评价体系正式发布
http://www.bj.xinhuanet.com/tt/2017-12/09/c_1122084931.htm
安全技术
[会议]  NDSS Symposium 2018 Accepted Papers
https://www.ndss-symposium.org/ndss2018/programme/?from=timeline
[编程技术]  Lua程序逆向之Luajit字节码与反汇编
https://www.anquanke.com/post/id/90241
[Web安全]  常规web渗透测试漏洞描述及修复建议
http://blog.51cto.com/eth10/2049721
[Web安全]  BurpUnlimited分析
https://c0d3p1ut0s.github.io/BurpUnlimited%E5%88%86%E6%9E%90/
[移动安全]  3D摩托飞车2内购破解思路
https://bbs.ichunqiu.com/thread-30248-1-1.html?from=sec
[漏洞分析]  IDA Pro 7.0 绿色版
https://www.52pojie.cn/thread-675251-1-1.html
[会议]  CODASPY 2018 Accepted Papers
http://www.ycheng.org/codaspy/2018/accepted.html
[漏洞分析]  Linux下pwn从入门到放弃
https://paper.seebug.org/481/
[比赛]  2017湖湘杯网络安全大赛Writeup
http://www.freebuf.com/articles/others-articles/155172.html
[设备安全]  Vivotek 摄像头远程栈溢出漏洞分析及利用
https://paper.seebug.org/480/?from=timeline&isappinstalled=0
[Web安全]  渗透技巧——从Admin权限切换到System权限
https://3gstudent.github.io/3gstudent.github.io/%E6%B8%97%E9%80%8F%E6%8A%80%E5%B7%A7-%E4%BB%8EAdmin%E6%9D%83%E9%99%90%E5%88%87%E6%8D%A2%E5%88%B0System%E6%9D%83%E9%99%90/
[漏洞分析]  CVE–2017–16943 Exim–UAF漏洞分析
https://cert.360.cn/report/detail?id=9efc77a68170170bc490e876d4087fb2
[数据挖掘]  通过预测API窃取机器学习模型
http://www.freebuf.com/news/156313.html
[恶意分析]  xsec-traffic: 恶意流量分析程序
https://github.com/netxfly/xsec-traffic
[Web安全]  业务安全那些洞
https://mp.weixin.qq.com/s?__biz=MzI3Njk2OTIzOQ==&mid=2247483773&idx=1&sn=956797ef94b1ebf3f70741bfa5c2b9e8&chksm=eb6c2305dc1baa1332c9c876938440993956da08f51355d9c8b08af4ab07c924239c3b136ab1#rd
[数据挖掘]  去哪儿客户端全业务线用户行为数据ETL介绍
https://mp.weixin.qq.com/s/qn8VAMoIk7rkhDL4BsCfcA
[编程技术]  Trip: 协程 Requests 实战,获取免费代理
https://www.v2ex.com/t/414753#reply9
[Web安全]  第三方组件安全剖析
http://insights.thoughtworks.cn/third-party-security-component/?hmsr=toutiao.io&utm_medium=toutiao.io&utm_source=toutiao.io
[取证分析]  如何使用QEMU和Volatility攻击全盘加密的系统
https://zhuanlan.zhihu.com/p/32038343
[漏洞分析]  栈溢出学习笔记
http://mp.weixin.qq.com/s/NDryKbhq3i40j3qiLrtEvQ
[杂志]  SecWiki周刊(第197期)
https://www.sec-wiki.com/weekly/197
[恶意分析]  malscan: A fully featured malware scanner for Linux desktops and servers.
https://github.com/jgrancell/malscan
[Web安全]  漏洞根源在于人——业务技巧篇
https://bbs.ichunqiu.com/thread-30137-1-1.html?from=sec
[Web安全]  Anubis: Subdomain enumeration and information gathering tool
https://github.com/jonluca/Anubis
[取证分析]  一个电信劫持案例的简要分析
https://www.92ez.com/?action=show&id=23464
[其它]  安全从业人员的“奖状”
http://mp.weixin.qq.com/s/nj_LIX7IVatwIRmItb-8gA
[Web安全]  XPath注入:攻击与防御技术
http://mp.weixin.qq.com/s/iaOIweU_Oom-sZWfVjNp1Q
[比赛]  SECCON 2017 Web Write Up
http://www.melodia.pw/?p=929
[取证分析]  Mirai IoT Botnet Co-Authors Plead Guilty
https://krebsonsecurity.com/2017/12/mirai-iot-botnet-co-authors-plead-guilty/
[漏洞分析]  JBOOS反序列化漏洞复现
http://mp.weixin.qq.com/s/PAwsAvSdVBIzpsGMmeSqmA
[Web安全]  SQL和NoSQL注入原理剖析(上)
https://mp.weixin.qq.com/s/LsqQo_04ROuf2_wLrBRRZQ
[数据挖掘]  scikit-learn: 中文文档
http://sklearn.apachecn.org/cn/0.19.0/index.html
[工具]  巡风源码浅析之 Vulscan 分析篇
http://www.myh0st.cn/index.php/archives/903/
[恶意分析]  A Year in Review: Ransomware
http://www.cyberdefensemagazine.com/a-year-in-review-ransomware/
[恶意分析]  Avast open-sources its machine-code decompiler
https://blog.avast.com/avast-open-sources-its-machine-code-decompiler
[运维安全]  Monitoring for Windows Event Logs and the Untold Story of proper ELK Integration
http://www.ubersec.com/2017/12/03/monitoring-for-windows-event-logs-and-the-untold-story-of-proper-elk-integration/
[数据挖掘]  机器学习和web安全交叉的一些脑洞
https://zhuanlan.zhihu.com/p/31963829?group_id=924219934821687296
[取证分析]  美国中情局是如何做风投的?
https://mp.weixin.qq.com/s/XpymxwqqVPZZDRvY2CGSpg
[Web安全]  Web Exploit-Framework
https://github.com/WangYihang/Exploit-Framework
[编程技术]  Decrypt php VoiceStar encryption extension
http://blog.th3s3v3n.xyz/2017/12/12/web/Decrypt_php_VoiceStar_encryption_extension/
[Web安全]  游戏安全系列教程-植物大战僵尸
https://bbs.ichunqiu.com/thread-30298-1-1.html?from=sec
[漏洞分析]  阿里旺旺ActiveX控件imageMan.dll栈溢出漏洞研究
https://bbs.ichunqiu.com/thread-30357-1-1.html?from=sec
[取证分析]  Tracking Newly Registered Domains
https://isc.sans.edu/forums/diary/Tracking+Newly+Registered+Domains/23127/
[Web安全]  层层抽丝——GlobeImposter勒索病毒分析
https://bbs.ichunqiu.com/thread-30152-1-1.html?from=sec
[漏洞分析]  XDiFF: Extended Differential Fuzzing Framework
https://github.com/IOActive/XDiFF
[漏洞分析]  Exploiting Word: CVE-2017-11826
https://www.tarlogic.com/en/blog/exploiting-word-cve-2017-11826/
[数据挖掘]  CVE监控之Python代码实现
https://mp.weixin.qq.com/s/u6ANBF45fOv3CqJOdkNAQA
[恶意分析]  对Gaza网络犯罪组织2018年新动向的分析
http://www.freebuf.com/articles/network/156740.html
-----微信ID:SecWiki-----
SecWiki,13年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第198期)