SecWiki周刊(第208期)
2018/02/19-2018/02/25
安全资讯
我遇到了一位“黑客造梦师”:仙果
https://mp.weixin.qq.com/s/mF4D-MGM6_6QA3_7XZSj0w
https://mp.weixin.qq.com/s/mF4D-MGM6_6QA3_7XZSj0w
中国白帽黑客成长记 | 专访清华“蓝莲花”战队
https://mp.weixin.qq.com/s/jbJJyWjmW-h7SI0YmYkElg
https://mp.weixin.qq.com/s/jbJJyWjmW-h7SI0YmYkElg
2018年最需要关注的八大国家黑客组织
http://www.aqniu.com/news-views/31594.html
http://www.aqniu.com/news-views/31594.html
欧盟GDPR《一般数据保护法案》
https://mp.weixin.qq.com/s/JhylKtarrpvpZlP--ARBRw
https://mp.weixin.qq.com/s/JhylKtarrpvpZlP--ARBRw
用自然语言查询威胁情报的搜索引擎:Insight Engines
http://www.aqniu.com/learn/31665.html
http://www.aqniu.com/learn/31665.html
国家制造强国建设领导小组关于设立工业互联网专项工作组的通知
http://www.miit.gov.cn/n1146290/n4388791/c6067913/content.html
http://www.miit.gov.cn/n1146290/n4388791/c6067913/content.html
黑客正在销售合法的代码签名证书
https://www.solidot.org/story?sid=55590
https://www.solidot.org/story?sid=55590
俄罗斯利用网络助推特朗普入主白宫 司法部起诉13人
http://www.aqniu.com/news-views/31598.html
http://www.aqniu.com/news-views/31598.html
安全技术
代码审计之QCMS 3.0
http://foreversong.cn/archives/1092
http://foreversong.cn/archives/1092
Attacking Network Protocols 书籍
https://salttiger.com/attacking-network-protocols/
https://salttiger.com/attacking-network-protocols/
New bypass and protection techniques for ASLR on Linux
http://blog.ptsecurity.com/2018/02/new-bypass-and-protection-techniques.html
http://blog.ptsecurity.com/2018/02/new-bypass-and-protection-techniques.html
Dependency-Track:第三方库漏洞检测工具
https://github.com/stevespringett/dependency-track
https://github.com/stevespringett/dependency-track
CVE-2018-4878 Exploit生成器
http://py4.me/blog/?p=572
http://py4.me/blog/?p=572
CVE-2018-6947漏洞利用
https://www.fidusinfosec.com/nomachine-road-code-execution-without-fuzzing-cve-2018-6947/
https://www.fidusinfosec.com/nomachine-road-code-execution-without-fuzzing-cve-2018-6947/
Wafid: WAF指纹识别工具
https://github.com/CSecGroup/wafid
https://github.com/CSecGroup/wafid
路由器漏洞复现分析第二弹:CNVD-2018-01084
http://www.freebuf.com/vuls/162627.html
http://www.freebuf.com/vuls/162627.html
OWASP Automated Threat Handbook Web Applications
https://www.owasp.org/images/3/33/Automated-threat-handbook.pdf
https://www.owasp.org/images/3/33/Automated-threat-handbook.pdf
Hacking SinVR for fun and profit and free adult content
https://www.digitalinterruption.com/single-post/2018/02/22/Hacking-SinVR-for-fun-and-profit-and-free-adult-content
https://www.digitalinterruption.com/single-post/2018/02/22/Hacking-SinVR-for-fun-and-profit-and-free-adult-content
gitleaks: Searches full repo history for secrets and keys
https://github.com/zricethezav/gitleaks
https://github.com/zricethezav/gitleaks
用 javascript 框架绕过 XSS 防御
https://paper.seebug.org/533/
https://paper.seebug.org/533/
分析CVE-2018-6376 – Joomla!二阶SQL注入
http://www.freebuf.com/articles/web/162822.html
http://www.freebuf.com/articles/web/162822.html
如何通过人工智能技术构建自己的UBA引擎(上)
http://www.4hou.com/technology/10456.html
http://www.4hou.com/technology/10456.html
中间件安全-Tomcat安全测试概要
https://mp.weixin.qq.com/s/_-AtrbMNROUFRbaime3NrA
https://mp.weixin.qq.com/s/_-AtrbMNROUFRbaime3NrA
DDoS攻击新玩法之WebSocket
http://www.4hou.com/info/news/10425.html
http://www.4hou.com/info/news/10425.html
Analyzing Kelihos SPAM in CapLoader and NetworkMiner
http://www.netresec.com/?page=Blog&month=2018-02&post=Analyzing-Kelihos-SPAM-in-CapLoader-and-NetworkMiner
http://www.netresec.com/?page=Blog&month=2018-02&post=Analyzing-Kelihos-SPAM-in-CapLoader-and-NetworkMiner
华硕路由器AsusWRT局域网内未授权远程代码执行漏洞
http://www.freebuf.com/articles/terminal/161809.html
http://www.freebuf.com/articles/terminal/161809.html
企业安全项目-短信验证码安全
http://mp.weixin.qq.com/s/sy-ti0QzESnOKfg-WUCYWA
http://mp.weixin.qq.com/s/sy-ti0QzESnOKfg-WUCYWA
HITCTF2018-web全题解
http://www.freebuf.com/column/163191.html
http://www.freebuf.com/column/163191.html
SecGen: Generate vulnerable virtual machines on the fly
https://github.com/SecGen/SecGen
https://github.com/SecGen/SecGen
Microsoft Office内存损坏漏洞(CVE-2017-11882)实战
http://www.freebuf.com/vuls/161753.html
http://www.freebuf.com/vuls/161753.html
看我如何参加众测项目发现美国国防部网站的各类高危漏洞
http://www.freebuf.com/articles/others-articles/162579.html
http://www.freebuf.com/articles/others-articles/162579.html
Chrome extension and Express server that exploits keylogging abilities of CSS.
https://github.com/maxchehab/CSS-Keylogging
https://github.com/maxchehab/CSS-Keylogging
攻击LNMP架构Web应用的几个小Tricks
https://www.leavesongs.com/PENETRATION/some-tricks-of-attacking-lnmp-web-application.html
https://www.leavesongs.com/PENETRATION/some-tricks-of-attacking-lnmp-web-application.html
Edge Type Confusion利用:从type confused到内存读写
https://www.anquanke.com/post/id/98774
https://www.anquanke.com/post/id/98774
Bug Bounty Toolkit – BugBountyHunting
https://medium.com/bugbountyhunting/bug-bounty-toolkit-aa36f4365f3f
https://medium.com/bugbountyhunting/bug-bounty-toolkit-aa36f4365f3f
2017年度蜜计划(蜜罐工作)总结
https://mp.weixin.qq.com/s/SIBGnMc-XIqy2Ohj1ni_fg
https://mp.weixin.qq.com/s/SIBGnMc-XIqy2Ohj1ni_fg
利用无监督对抗生成网络(GANs)的破译密码算法
https://www.anquanke.com/post/id/98497
https://www.anquanke.com/post/id/98497
Java反序列化漏洞从入门到深入
https://xianzhi.aliyun.com/forum/topic/2041
https://xianzhi.aliyun.com/forum/topic/2041
Phishing on Twitter
https://github.com/omergunal/PoT
https://github.com/omergunal/PoT
Hacking Tinder Accounts using Facebook Accountkit
https://medium.com/appsecure/hacking-tinder-accounts-using-facebook-accountkit-d5cc813340d1
https://medium.com/appsecure/hacking-tinder-accounts-using-facebook-accountkit-d5cc813340d1
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第208期)
