SecWiki周刊(第205期)
2018/01/29-2018/02/04
安全资讯
恶意安卓组件致游戏传播恶意广告,450万用户受影响
http://www.4hou.com/info/news/10122.html
http://www.4hou.com/info/news/10122.html
Ransomware Hero to Receive FBI Award
https://www.bleepingcomputer.com/news/security/ransomware-hero-to-receive-fbi-award/
https://www.bleepingcomputer.com/news/security/ransomware-hero-to-receive-fbi-award/
数据跨境流动政策认知与建议
https://mp.weixin.qq.com/s/97MFf8-ZtJzz_D6zkYGbrw
https://mp.weixin.qq.com/s/97MFf8-ZtJzz_D6zkYGbrw
安全技术
千倍速一句话密码爆破工具
https://github.com/theLSA/awBruter
https://github.com/theLSA/awBruter
Cisco Adaptive Security Appliance Remote Code Execution and Denial of Service Vu
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1
APTSimulator: APT 受害者环境模拟工具
https://github.com/Neo23x0/APTSimulator
https://github.com/Neo23x0/APTSimulator
Android平台挖矿木马研究报告
http://www.freebuf.com/articles/paper/161741.html
http://www.freebuf.com/articles/paper/161741.html
injectify: Perform advanced MiTM attacks on websites 中间人脚本攻击
https://github.com/samdenty99/injectify
https://github.com/samdenty99/injectify
kDriver-Fuzzer:基于ioctlbf框架编写的驱动漏洞挖掘工具
https://github.com/k0keoyo/kDriver-Fuzzer
https://github.com/k0keoyo/kDriver-Fuzzer
web-traffic-forecasting: Kaggle 网站流量预测比赛代码
https://github.com/sjvasquez/web-traffic-forecasting
https://github.com/sjvasquez/web-traffic-forecasting
SigKill: 一键绕过App签名验证
https://github.com/xxxyanchenxxx/SigKill
https://github.com/xxxyanchenxxx/SigKill
谁动了我的金矿:深扒黑产挖矿进阶之路
https://www.leiphone.com/news/201801/GLmAX9VzPhN17cpr.html
https://www.leiphone.com/news/201801/GLmAX9VzPhN17cpr.html
CrossRat远程控制软件的分析
http://www.4hou.com/technology/10131.html
http://www.4hou.com/technology/10131.html
DedeCMS最新版(20180109)任意用户密码修改漏洞分析
https://blog.formsec.cn/2018/01/11/DedeCMS-password-reset/
https://blog.formsec.cn/2018/01/11/DedeCMS-password-reset/
冷门知识 — NoSQL注入知多少
https://www.anquanke.com/post/id/97211
https://www.anquanke.com/post/id/97211
Flash 0 Day In The Wild: Group 123 At The Controls
http://blog.talosintelligence.com/2018/02/group-123-goes-wild.html
http://blog.talosintelligence.com/2018/02/group-123-goes-wild.html
Automating Apache mod_rewrite and Cobalt Strike Malleable C2 Profiles
https://posts.specterops.io/automating-apache-mod-rewrite-and-cobalt-strike-malleable-c2-profiles-d45266ca642
https://posts.specterops.io/automating-apache-mod-rewrite-and-cobalt-strike-malleable-c2-profiles-d45266ca642
Python安全和代码审计相关资料收集
https://github.com/bit4woo/python_sec
https://github.com/bit4woo/python_sec
Reviving DDE: Using OneNote and Excel for Code Execution
https://posts.specterops.io/reviving-dde-using-onenote-and-excel-for-code-execution-d7226864caee
https://posts.specterops.io/reviving-dde-using-onenote-and-excel-for-code-execution-d7226864caee
Lotus Blossom 团伙对东南亚国家联盟的攻击的分析
https://community.rsa.com/community/products/netwitness/blog/2018/01/30/apt32-continues-asean-targeting
https://community.rsa.com/community/products/netwitness/blog/2018/01/30/apt32-continues-asean-targeting
Operation PZChao: a possible return of the Iron Tiger APT
https://labs.bitdefender.com/2018/02/operation-pzchao-a-possible-return-of-the-iron-tiger-apt/
https://labs.bitdefender.com/2018/02/operation-pzchao-a-possible-return-of-the-iron-tiger-apt/
Windows 提权命令指南
http://www.4hou.com/system/10212.html
http://www.4hou.com/system/10212.html
2017年度ITOT一体化的工业信息安全态势报告(2017)
http://zt.360.cn/dl.php?filename=2017%E5%B9%B4%E5%BA%A6ITOT%E4%B8%80%E4%BD%93%E5%8C%96%E7%9A%84%E5%B7%A5%E4%B8%9A%E4%BF%A1%E6%81%AF%E5%AE%89%E5%85%A8%E6%80%81%E5%8A%BF%E6%8A%A5%E5%91%8A%EF%BC%882017%EF%BC%89.pdf
http://zt.360.cn/dl.php?filename=2017%E5%B9%B4%E5%BA%A6ITOT%E4%B8%80%E4%BD%93%E5%8C%96%E7%9A%84%E5%B7%A5%E4%B8%9A%E4%BF%A1%E6%81%AF%E5%AE%89%E5%85%A8%E6%80%81%E5%8A%BF%E6%8A%A5%E5%91%8A%EF%BC%882017%EF%BC%89.pdf
Android Hook技术防范漫谈
https://tech.meituan.com/android_anti_hooking.html
https://tech.meituan.com/android_anti_hooking.html
深度学习PHP webshell查杀引擎demo
https://www.cdxy.me/?p=788
https://www.cdxy.me/?p=788
embedded-device-lab:利用qemu模拟物联网漏洞的测试环境
https://github.com/stayliv3/embedded-device-lab
https://github.com/stayliv3/embedded-device-lab
GPS欺骗(一)—无人机的劫持
http://www.freebuf.com/column/161795.html
http://www.freebuf.com/column/161795.html
xlog:轻量web日志扫描工具
http://www.freebuf.com/column/161765.html
http://www.freebuf.com/column/161765.html
TheMoon : 一个僵尸网络的老皇历和新变种
http://blog.netlab.360.com/themoon-botnet-a-review-and-new-features/
http://blog.netlab.360.com/themoon-botnet-a-review-and-new-features/
Web安全-逻辑漏洞讲解
https://xianzhi.aliyun.com/forum/topic/2011
https://xianzhi.aliyun.com/forum/topic/2011
DDG.Mining.Botnet:一个瞄准数据库服务器的挖矿僵尸网络
http://blog.netlab.360.com/ddg-a-mining-botnet-aiming-at-database-server/
http://blog.netlab.360.com/ddg-a-mining-botnet-aiming-at-database-server/
代码审计“吃鸡”辅助外挂黑色产业链
http://www.freebuf.com/articles/system/161518.html
http://www.freebuf.com/articles/system/161518.html
2017年安全行业年度报告汇总
https://mp.weixin.qq.com/s/guVljwZyvafts-SZY_Zwow
https://mp.weixin.qq.com/s/guVljwZyvafts-SZY_Zwow
VERMIN: Quasar RAT and Custom Malware Used In Ukraine
https://researchcenter.paloaltonetworks.com/2018/01/unit42-vermin-quasar-rat-custom-malware-used-ukraine/
https://researchcenter.paloaltonetworks.com/2018/01/unit42-vermin-quasar-rat-custom-malware-used-ukraine/
恶意软件逆向 - Burpsuite Keygen
https://0x00sec.org/t/malware-reversing-burpsuite-keygen/5167
https://0x00sec.org/t/malware-reversing-burpsuite-keygen/5167
开源HIDS OSSEC部署与扩展使用
https://xianzhi.aliyun.com/forum/topic/2003
https://xianzhi.aliyun.com/forum/topic/2003
SecWiki周刊(第204期)
https://www.sec-wiki.com/weekly/204
https://www.sec-wiki.com/weekly/204
2017年度安全报告––供应链
https://cert.360.cn/static/files/2017%E5%B9%B4%E5%BA%A6%E5%AE%89%E5%85%A8%E6%8A%A5%E5%91%8A--%E4%BE%9B%E5%BA%94%E9%93%BE.pdf
https://cert.360.cn/static/files/2017%E5%B9%B4%E5%BA%A6%E5%AE%89%E5%85%A8%E6%8A%A5%E5%91%8A--%E4%BE%9B%E5%BA%94%E9%93%BE.pdf
Drive-by Download Must Die 浏览器漏洞利用检测
https://github.com/nao-sec/jsac2018
https://github.com/nao-sec/jsac2018
FinSpy VM Part 2: VM Analysis and Bytecode Disassembly
http://www.msreverseengineering.com/blog/2018/1/31/finspy-vm-part-2-vm-analysis-and-bytecode-disassembly
http://www.msreverseengineering.com/blog/2018/1/31/finspy-vm-part-2-vm-analysis-and-bytecode-disassembly
2018中国区块链行业白皮书
https://36kr.com/p/5117525.html?from=timeline
https://36kr.com/p/5117525.html?from=timeline
Ransom Where? Malicious Cryptocurrency Miners Takeover, Generating Millions
http://blog.talosintelligence.com/2018/01/malicious-xmr-mining.html?m=1&from=timeline
http://blog.talosintelligence.com/2018/01/malicious-xmr-mining.html?m=1&from=timeline
Enumerating remote access policies through GPO
https://labs.mwrinfosecurity.com/blog/enumerating-remote-access-policies-through-gpo/
https://labs.mwrinfosecurity.com/blog/enumerating-remote-access-policies-through-gpo/
IEEE European Symposium on Security and Privacy 2018 (EuroS&P) 论文接收列表
http://www.ieee-security.org/TC/EuroSP2018/accepted.php
http://www.ieee-security.org/TC/EuroSP2018/accepted.php
IE沙箱拖拽安全策略解析
https://slab.qq.com/news/tech/1278.html
https://slab.qq.com/news/tech/1278.html
wget 缓冲区溢出漏洞分析(CVE-2017-13089)
https://mp.weixin.qq.com/s/KW9ROTCMJyJ-mBt8dwBmBg
https://mp.weixin.qq.com/s/KW9ROTCMJyJ-mBt8dwBmBg
Ver-observer: 探测框架及依赖版本的命令行工具
http://blog.neargle.com/2018/01/29/ver-observer-a-tool-about-version-detection/
http://blog.neargle.com/2018/01/29/ver-observer-a-tool-about-version-detection/
Very flexible Host IDS designed for Windows
https://github.com/0xrawsec/whids
https://github.com/0xrawsec/whids
比特币交易记录仍然能暴露你的身份[论文]
https://arxiv.org/pdf/1801.07501.pdf
https://arxiv.org/pdf/1801.07501.pdf
面向千万级用户的运维事件管理之路
https://mp.weixin.qq.com/s/iI0qRxzaLOk1xEpQ3XG-ew
https://mp.weixin.qq.com/s/iI0qRxzaLOk1xEpQ3XG-ew
A Walk-Through Tutorial, with Code, on Statically Unpacking the FinSpy VM
http://www.msreverseengineering.com/blog/2018/1/23/a-walk-through-tutorial-with-code-on-statically-unpacking-the-finspy-vm-part-one-x86-deobfuscation
http://www.msreverseengineering.com/blog/2018/1/23/a-walk-through-tutorial-with-code-on-statically-unpacking-the-finspy-vm-part-one-x86-deobfuscation
基于反病毒软件、代理、DNS和HTTP日志的威胁检测技术
https://xianzhi.aliyun.com/forum/topic/2001
https://xianzhi.aliyun.com/forum/topic/2001
全球云服务商 IP 地址分析报告 2H 2017
https://mp.weixin.qq.com/s/5XRz-inuBpTn_IGQLTAXpg
https://mp.weixin.qq.com/s/5XRz-inuBpTn_IGQLTAXpg
starc: Simple high-interactive client honeypot
https://github.com/nao-sec/starc
https://github.com/nao-sec/starc
mal_getter: Tool for dropping malware from EK 恶意网页提取样本程序
https://github.com/nao-sec/mal_getter
https://github.com/nao-sec/mal_getter
深入研究的套路之黑客与区块链
https://mp.weixin.qq.com/s/7F2-eLqIdSiNIHHJDzkwcg
https://mp.weixin.qq.com/s/7F2-eLqIdSiNIHHJDzkwcg
Deemon:自动化CSRF安全检测框架
http://www.arkteam.net/?p=3390
http://www.arkteam.net/?p=3390
2017年网络诈骗趋势研究报告(全文)
http://www.aqniu.com/industry/31297.html
http://www.aqniu.com/industry/31297.html
Malicious Traffic Collection 浏览器Exploit Packs恶意样本流量数据
https://traffic.moe/
https://traffic.moe/
A tool I have found incredibly useful whenever creating custom shellcode
https://github.com/wetw0rk/Sickle
https://github.com/wetw0rk/Sickle
-----微信ID:SecWiki-----
SecWiki,13年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第205期)
