SecWiki周刊(第216期)
2018/04/16-2018/04/22
安全资讯
黑客袁哥:寻原初之力 秉正义之剑 点击率 894
https://m.mp.oeeee.com/a/BAAFRD00002018041675442.html
https://m.mp.oeeee.com/a/BAAFRD00002018041675442.html
Weblogic反序列化命令执行漏洞_CVE-2018-2628 点击率 797
https://nosec.org/my/threats/1608
https://nosec.org/my/threats/1608
美军网络任务部队最新部署 点击率 744
https://mp.weixin.qq.com/s/M5Q_oV_7p04VwtUHho86vQ
https://mp.weixin.qq.com/s/M5Q_oV_7p04VwtUHho86vQ
全国医院信息化建设标准与规范 点击率 726
http://www.nhfpc.gov.cn/guihuaxxs/s10741/201804/5711872560ad4866a8f500814dcd7ddd.shtml
http://www.nhfpc.gov.cn/guihuaxxs/s10741/201804/5711872560ad4866a8f500814dcd7ddd.shtml
RSA 2018 全球高质量安全产品了解一下 点击率 558
https://www.anquanke.com/post/id/105379
https://www.anquanke.com/post/id/105379
习近平:自主创新推进网络强国建设 点击率 538
http://www.xinhuanet.com/politics/2018-04/18/c_1122704349.htm
http://www.xinhuanet.com/politics/2018-04/18/c_1122704349.htm
加速推动信息领域核心技术突破 点击率 536
https://mp.weixin.qq.com/s/S_HmemBo4wU22e6RJ_qDxw
https://mp.weixin.qq.com/s/S_HmemBo4wU22e6RJ_qDxw
安全技术
Weblogic反序列化漏洞(CVE-2018-2628) 点击率 1179
https://github.com/shengqi158/CVE-2018-2628
https://github.com/shengqi158/CVE-2018-2628
信息安全从业者入门(入职)指南 点击率 643
https://weibo.com/ttarticle/p/show?id=2309404229525654378347
https://weibo.com/ttarticle/p/show?id=2309404229525654378347
知识星球"灰袍技能" 2017 精华 点击率 600
https://chrislinn.gitbooks.io/greyhame-2017/
https://chrislinn.gitbooks.io/greyhame-2017/
CVE-2018-2628 简单复现与分析 点击率 561
https://mp.weixin.qq.com/s/nYY4zg2m2xsqT0GXa9pMGA
https://mp.weixin.qq.com/s/nYY4zg2m2xsqT0GXa9pMGA
狗子的XSS学习之旅 点击率 428
https://xz.aliyun.com/t/2296
https://xz.aliyun.com/t/2296
工作中如何做好技术积累 点击率 421
https://tech.meituan.com/study_vs_work.html
https://tech.meituan.com/study_vs_work.html
CISSP 2017资料 点击率 404
https://pan.baidu.com/s/1tr4hKWzeLj3bcdmdyJ7Iqw
https://pan.baidu.com/s/1tr4hKWzeLj3bcdmdyJ7Iqw
正方教务系统验证码识别 点击率 390
http://uknowsec.cn/posts/notes/%E6%AD%A3%E6%96%B9%E6%95%99%E5%8A%A1%E7%B3%BB%E7%BB%9F%E9%AA%8C%E8%AF%81%E7%A0%81%E8%AF%86%E5%88%AB.html
http://uknowsec.cn/posts/notes/%E6%AD%A3%E6%96%B9%E6%95%99%E5%8A%A1%E7%B3%BB%E7%BB%9F%E9%AA%8C%E8%AF%81%E7%A0%81%E8%AF%86%E5%88%AB.html
Bypass X-WAF SQL注入防御(多姿势) 点击率 376
https://mp.weixin.qq.com/s/5TQddrOqa8MmtsuHoCRu0Q
https://mp.weixin.qq.com/s/5TQddrOqa8MmtsuHoCRu0Q
DDCTF 2018 Web Writeup 点击率 348
http://sec2hack.com/ctf/ddctf-2018-web-writeup.html
http://sec2hack.com/ctf/ddctf-2018-web-writeup.html
AutoFuck: 自动识别cms并且加载相关poc自动攻击 点击率 346
https://github.com/fengxuangit/AutoFuck
https://github.com/fengxuangit/AutoFuck
Whatsapp user’s IP disclosure with Link Preview feature 点击率 329
https://medium.com/@kankrale.rahul/whatsapp-users-ip-disclosure-with-link-preview-feature-39a477f54fba
https://medium.com/@kankrale.rahul/whatsapp-users-ip-disclosure-with-link-preview-feature-39a477f54fba
Python反序列化漏洞的花式利用 点击率 327
https://xz.aliyun.com/t/2289
https://xz.aliyun.com/t/2289
解析卷积神经网络—深度学习实践手册 点击率 326
http://lamda.nju.edu.cn/weixs/book/CNN_book.html
http://lamda.nju.edu.cn/weixs/book/CNN_book.html
吃鸡辅助远控木马分析 点击率 318
https://www.anquanke.com/post/id/105670
https://www.anquanke.com/post/id/105670
从一次溯源窥探地下YY直播洗号产业链 点击率 311
https://www.anquanke.com/post/id/105043
https://www.anquanke.com/post/id/105043
驭龙hids入侵检测功能初探 点击率 311
http://pirogue.org/2018/04/20/yulong-hids/
http://pirogue.org/2018/04/20/yulong-hids/
CVE-2018-0171 Cisco Smart Install远程代码执行漏洞分析 点击率 306
https://www.anquanke.com/post/id/105473
https://www.anquanke.com/post/id/105473
A tool for covert execution in Linux. 点击率 302
https://github.com/emptymonkey/mimic
https://github.com/emptymonkey/mimic
打破基于OpenResty的WEB安全防护(CVE-2018-9230) 点击率 302
https://www.anquanke.com/post/id/103771
https://www.anquanke.com/post/id/103771
180页PPT,讲解人工智能技术与产业发展 点击率 301
https://mp.weixin.qq.com/s/s8VLWjXrVCrTt4v2d3MoIQ
https://mp.weixin.qq.com/s/s8VLWjXrVCrTt4v2d3MoIQ
Drupal 7 - CVE-2018-7600 PoC Writeup 点击率 284
https://ricterz.me/posts/Drupal%207%20-%20CVE-2018-7600%20PoC%20Writeup
https://ricterz.me/posts/Drupal%207%20-%20CVE-2018-7600%20PoC%20Writeup
CVE申请的那些事 点击率 283
http://www.freebuf.com/articles/rookie/168362.html
http://www.freebuf.com/articles/rookie/168362.html
DDCTF2018 部分writeup 点击率 269
http://phantom0301.cc/2018/04/20/ddctf2018/
http://phantom0301.cc/2018/04/20/ddctf2018/
从0CTF一道题看move_uploaded_file的一个细节问题 点击率 267
https://www.anquanke.com/post/id/103784
https://www.anquanke.com/post/id/103784
SecWiki周刊(第215期) 点击率 264
https://www.sec-wiki.com/weekly/215
https://www.sec-wiki.com/weekly/215
记一次渗透测试过程中的Zabbix命令执行利用 点击率 261
http://www.freebuf.com/articles/web/168819.html
http://www.freebuf.com/articles/web/168819.html
检测攻击的基础日志服务器 Part2:日志聚合 点击率 254
https://www.anquanke.com/post/id/103348
https://www.anquanke.com/post/id/103348
生成式对抗网络GAN的研究进展与展望 点击率 248
https://mp.weixin.qq.com/s/QiIRIHiGv6u-4QfK8awKpw
https://mp.weixin.qq.com/s/QiIRIHiGv6u-4QfK8awKpw
浅谈如何建立互联网风控系统 点击率 247
http://mp.weixin.qq.com/s/_tTtWv5f-r2ihNysZz0LAw
http://mp.weixin.qq.com/s/_tTtWv5f-r2ihNysZz0LAw
利用Digital Ocean构建远控基础设施 点击率 247
http://www.4hou.com/technology/11107.html
http://www.4hou.com/technology/11107.html
nebula: "星云"业务风控系统 点击率 247
https://github.com/threathunterX/nebula
https://github.com/threathunterX/nebula
Steam新型盗号木马及产业链分析报告 点击率 246
https://cert.360.cn/static/files/Steam%E6%96%B0%E5%9E%8B%E7%9B%97%E5%8F%B7%E6%9C%A8%E9%A9%AC%E5%8F%8A%E4%BA%A7%E4%B8%9A%E9%93%BE%E5%88%86%E6%9E%90.pdf
https://cert.360.cn/static/files/Steam%E6%96%B0%E5%9E%8B%E7%9B%97%E5%8F%B7%E6%9C%A8%E9%A9%AC%E5%8F%8A%E4%BA%A7%E4%B8%9A%E9%93%BE%E5%88%86%E6%9E%90.pdf
MYSQL新特性secure_file_priv对读写文件的影响 点击率 236
https://xz.aliyun.com/t/2293
https://xz.aliyun.com/t/2293
shield: 基于Strom的日志实时流量分析主动防御(CCFirewall)系统 点击率 232
https://github.com/gy-games/shield
https://github.com/gy-games/shield
Abusing Linux's firewall: the hack that allowed us to build Spectrum 点击率 223
https://blog.cloudflare.com/how-we-built-spectrum/
https://blog.cloudflare.com/how-we-built-spectrum/
The IoT Hacker's Toolkit 点击率 217
https://systemoverlord.com/2018/04/16/the-iot-hackers-toolkit.html
https://systemoverlord.com/2018/04/16/the-iot-hackers-toolkit.html
bug-monitor: Seebug、structs、cve漏洞实时监控推送系统 点击率 215
https://github.com/FortuneC00kie/bug-monitor
https://github.com/FortuneC00kie/bug-monitor
Bypass CSP by Abusing XSS Filter in Edge 点击率 207
https://medium.com/bugbountywriteup/bypass-csp-by-abusing-xss-filter-in-edge-43e9106a9754
https://medium.com/bugbountywriteup/bypass-csp-by-abusing-xss-filter-in-edge-43e9106a9754
weblogger: 针对ctf线下赛流量抓取(php)、真实环境流量抓取分析的工具 点击率 207
https://github.com/wupco/weblogger
https://github.com/wupco/weblogger
WebExtension security - Part 1 点击率 207
http://leucosite.com/WebExtension-Security/
http://leucosite.com/WebExtension-Security/
APT Trends report Q1 2018 点击率 206
https://securelist.com/apt-trends-report-q1-2018/85280/
https://securelist.com/apt-trends-report-q1-2018/85280/
基于机器学习的家用物联网设备DDoS检测 点击率 205
https://xz.aliyun.com/t/2285
https://xz.aliyun.com/t/2285
how-to-become-a-cyber-forensics-expert 点击率 204
https://www.peerlyst.com/posts/how-to-become-a-cyber-forensics-expert-abhinav-singh
https://www.peerlyst.com/posts/how-to-become-a-cyber-forensics-expert-abhinav-singh
宜信防火墙自动化运维之路 点击率 204
http://www.freebuf.com/articles/security-management/166895.html
http://www.freebuf.com/articles/security-management/166895.html
Pam-Python实现SSH的短信双因素认证 点击率 203
http://www.freebuf.com/articles/web/165139.html
http://www.freebuf.com/articles/web/165139.html
Ember: An Open Source Classifier And Dataset 点击率 202
https://github.com/endgameinc/ember
https://github.com/endgameinc/ember
写在“软件基因技术”分论坛之后(一) 点击率 199
https://mp.weixin.qq.com/s/qpVmvTuq6cIl2rQFclX4Yw
https://mp.weixin.qq.com/s/qpVmvTuq6cIl2rQFclX4Yw
iOS应用逆向工程资料汇总 点击率 197
https://everettjf.github.io/2018/01/15/ios-app-reverse-engineering-stuff/
https://everettjf.github.io/2018/01/15/ios-app-reverse-engineering-stuff/
Windows: WLDP CLSID policy .NET COM Instantiation UMCI Bypass 点击率 196
https://bugs.chromium.org/p/project-zero/issues/detail?id=1514
https://bugs.chromium.org/p/project-zero/issues/detail?id=1514
用零宽度字符水印揭露泄密者身份 点击率 188
http://www.freebuf.com/articles/web/167903.html
http://www.freebuf.com/articles/web/167903.html
WordPress hacked site – forensics report 点击率 186
https://www.glenscott.co.uk/wordpress-hacked-site-forensics-report/
https://www.glenscott.co.uk/wordpress-hacked-site-forensics-report/
$5k Service dependencies 点击率 186
https://sites.google.com/site/testsitehacking/-5k-service-dependencies
https://sites.google.com/site/testsitehacking/-5k-service-dependencies
毕业设计之php RASP(一) hook函数 点击率 182
http://www.cnblogs.com/iamstudy/articles/php_code_rasp_1.html
http://www.cnblogs.com/iamstudy/articles/php_code_rasp_1.html
Go AST Scanner:Inspects source code for security problems 点击率 181
https://github.com/GoASTScanner/gas
https://github.com/GoASTScanner/gas
Vultr Domain Hijacking 点击率 178
https://vincentyiu.co.uk/vultr-domain-hijacking/
https://vincentyiu.co.uk/vultr-domain-hijacking/
Polymorph: A Real-Time Network Packet Manipulation Framework 点击率 178
https://www.exploit-db.com/docs/english/44457-polymorph-a-real-time-network-packet-manipulation-framework.pdf
https://www.exploit-db.com/docs/english/44457-polymorph-a-real-time-network-packet-manipulation-framework.pdf
XSS in pastebin.com via unsanitized markdown output 点击率 177
https://github.com/Nhoya/PastebinMarkdownXSS
https://github.com/Nhoya/PastebinMarkdownXSS
SMB Protocol Bruteforce 点击率 176
https://github.com/m4ll0k/SMBrute
https://github.com/m4ll0k/SMBrute
创新沙盒初探 (2) - RSAC2018之二 点击率 173
https://mp.weixin.qq.com/s/KEF458q-88jzrpRq6JpCUA
https://mp.weixin.qq.com/s/KEF458q-88jzrpRq6JpCUA
Golang for Security Professionals 点击率 169
https://github.com/parsiya/Hacking-with-Go
https://github.com/parsiya/Hacking-with-Go
Lateral Attacks Between IoT Devices: The Technical Details 点击率 169
http://blog.senr.io/blog/lateral-attacks-between-iot-devices-the-technical-details
http://blog.senr.io/blog/lateral-attacks-between-iot-devices-the-technical-details
Virtual Machine for Adversary Emulation and Threat Hunting 点击率 169
https://github.com/redhuntlabs/RedHunt-OS/
https://github.com/redhuntlabs/RedHunt-OS/
写在“软件基因分论”之后(二) 点击率 166
https://mp.weixin.qq.com/s/_cStfXSfXII8m5ary4fzWg
https://mp.weixin.qq.com/s/_cStfXSfXII8m5ary4fzWg
Windows Exploitation Tricks: Exploiting Arbitrary File Writes for Local Elevatio 点击率 166
https://googleprojectzero.blogspot.in/2018/04/windows-exploitation-tricks-exploiting.html
https://googleprojectzero.blogspot.in/2018/04/windows-exploitation-tricks-exploiting.html
Hardening Script for Linux Servers/ Secure LAMP-LEMP Deployer 点击率 159
https://github.com/Jsitech/JShielder
https://github.com/Jsitech/JShielder
Awesome Firmware Security & Other Helpful Documents 点击率 149
https://github.com/PreOS-Security/awesome-firmware-security
https://github.com/PreOS-Security/awesome-firmware-security
CVE-2018-4121 - Safari Wasm Sections POC RCE Exploit 点击率 147
https://github.com/mwrlabs/CVE-2018-4121
https://github.com/mwrlabs/CVE-2018-4121
Firefox 56.0 302 Redirect URL Spoofing Vulnerability 点击率 142
http://rm-rf.gg/2018/04/19/Firefox_302_Redirect_URL_Spoofing_Vulnerability.html
http://rm-rf.gg/2018/04/19/Firefox_302_Redirect_URL_Spoofing_Vulnerability.html
Damn Vulnerable iOS App (DVIA) is an iOS application that is damn vulnerable. 点击率 131
https://github.com/prateek147/DVIA-v2
https://github.com/prateek147/DVIA-v2
Source code about machine learning and security. 点击率 124
https://github.com/13o-bbr-bbq/machine_learning_security
https://github.com/13o-bbr-bbq/machine_learning_security
Automotive Industry Guidelines for Secure Over-the-Air Updates 点击率 119
https://fastr.org/wp-content/uploads/2018/04/FASTR_AutomotiveIndustry_Guidelines_SecureOver-the-Air_Updates_v2.pdf
https://fastr.org/wp-content/uploads/2018/04/FASTR_AutomotiveIndustry_Guidelines_SecureOver-the-Air_Updates_v2.pdf
An Empirical Analysis of Traceability in the Monero Blockchain 点击率 101
https://www.andrew.cmu.edu/user/nicolasc/publications/Moeser-PETS18.pdf
https://www.andrew.cmu.edu/user/nicolasc/publications/Moeser-PETS18.pdf
-----微信ID:SecWiki-----
SecWiki,5年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第216期)
