SecWiki周刊(第217期)
2018/04/23-2018/04/29
安全资讯
[新闻]  
外卖送餐信息被指在网上售卖  点击率 743 
http://www.bjnews.com.cn/inside/2018/04/23/484211.html
[新闻]  
公安部关于印发《网络安全等级保护测评机构管理办法》的通知  点击率 647 
https://mp.weixin.qq.com/s/HVPSSB_QtWle7GjJhJT_Ww
[新闻]  
黑客组织 Orangeworm 针对全球医疗保健行业发起间谍活动  点击率 456 
https://mp.weixin.qq.com/s/DhQAdkeXRW-22UPgB5iR6A
[会议]  
XKungfoo 2018精彩回顾-Day1  点击率 453 
http://www.4hou.com/xactivity/11228.html
[恶意分析]  
恶意软件分析之—勒索即服务(Raas)  点击率 439 
http://www.4hou.com/typ/11186.html
[会议]  
XKungfoo 2018精彩回顾-Day2  点击率 422 
http://www.4hou.com/xactivity/11242.html
[取证分析]  
ThaiCERT Seizes Hidden Cobra Server Linked to GhostSecret, Sony Attacks   点击率 343 
https://threatpost.com/thaicert-seizes-hidden-cobra-server-linked-to-ghostsecret-sony-attacks/131498/
安全技术
[会议]  
2018首席安全官(CSO)国际高峰论坛(干货PPT下载)  点击率 627 
https://www.anquanke.com/post/id/106707
[Web安全]  
听说你内网渗透遇到困难?—MSF的NAT映射技巧  点击率 515 
https://bbs.ichunqiu.com/thread-39238-1-1.html?from=sec
[漏洞分析]  
ssrf漏洞学习与利用  点击率 460 
http://www.zerokeeper.com/web-security/ssrf-vulnerability-learning-and-utilization.html
[恶意分析]  
记某司Linux服务器入侵事件  点击率 415 
https://secvul.com/topics/1142.html
[漏洞分析]  
一行代码蒸发了¥6,447,277,680 人民币!  点击率 372 
https://zhuanlan.zhihu.com/p/35989258
[编程技术]  
巡风风险扫描系统的一些演变  点击率 367 
http://www.freebuf.com/sectool/168977.html
[漏洞分析]  
Electron远程命令执行漏洞(CVE-2018-1000006)  点击率 354 
http://www.zerokeeper.com/vul-analysis/electron-remote-command-execution-vulnerability-cve20181000006.html
[比赛]  
渗透测试实战-BlackMarket靶机入侵  点击率 351 
https://www.anquanke.com/post/id/106855
[取证分析]  
构建高质量攻击指标的几条建议  点击率 350 
https://mp.weixin.qq.com/s/ZRiSi3bb-SkMc_54mWPgmw
[Web安全]  
Hash Finder 在线查询工具(支持多种类型)  点击率 335 
http://finder.insidepro.team/
[Web安全]  
代码审计之任意文件读取漏洞实例  点击率 328 
https://mp.weixin.qq.com/s/JG1PuHXvtt9sXM1r26uQ9g
[漏洞分析]  
Fireline: 360发布的一款免费静态代码分析工具  点击率 309 
http://magic.360.cn/zh/article_zh.html
[Web安全]  
记Discuz!的一个绕过技巧  点击率 304 
https://secvul.com/topics/1165.html
[运维安全]  
Windows security audit events  点击率 298 
https://www.microsoft.com/en-us/download/details.aspx?id=50034
[运维安全]  
金融企业网络安全应急响应之基础篇  点击率 280 
https://mp.weixin.qq.com/s/Ug2vImj8wB1_kbXLGUmouQ
[Web安全]  
利用文件包含漏洞和图片一句话getshell  点击率 273 
https://xz.aliyun.com/t/2311
[漏洞分析]  
Go语言任意代码执行漏洞 CVE-2018-6574  点击率 265 
http://blog.nsfocus.net/cve-2018-6574/
[Web安全]  
cheetah-gui:基于字典的webshell密码爆破工具  点击率 265 
https://github.com/sunnyelf/cheetah-gui/blob/master/README_zh.md
[工具]  
windows10_ntfs_crash_dos:PoC for a NTFS crash that I discovered, in various Wind  点击率 264 
https://github.com/mtivadar/windows10_ntfs_crash_dos
[恶意分析]  
APT团伙(APT-C-01)新利用漏洞样本分析及关联挖掘  点击率 261 
https://mp.weixin.qq.com/s/Rj0diLq9w6qiyQSA-CJHGQ
[Web安全]  
PentesterLab新手教程(一):代码注入  点击率 261 
http://www.freebuf.com/sectool/168653.html
[比赛]  
429线下赛write-up  点击率 256 
http://momomoxiaoxi.com/2018/04/27/4292018/
[运维安全]  
金融企业网络安全应急响应之技术篇  点击率 256 
https://mp.weixin.qq.com/s/W3_klh02SsMrRyH3UcYGNw
[漏洞分析]  
Drupal CVE-2018-7600 漏洞利用和攻击  点击率 255 
https://xz.aliyun.com/t/2312
[恶意分析]  
从 CVE-2016-0165 说起:分析、利用和检测(上)  点击率 254 
https://xiaodaozhi.com/exploit/32.html
[Web安全]  
DomLink:一款自动化的域发现工具  点击率 252 
http://www.freebuf.com/sectool/169734.html
[运维安全]  
DB_BaseLine: 数据库基线检查工具  点击率 250 
https://github.com/wstart/DB_BaseLine
[工具]  
HackBox is the combination of awesome techniques.  点击率 249 
https://github.com/samhaxr/hackbox
[Web安全]  
一次特殊场景下的鸡肋XSS  点击率 248 
https://secvul.com/topics/1159.html
[设备安全]  
智能汽车安全研究报告  点击率 247 
https://www.computest.nl/wp-content/uploads/2018/04/connected-car-rapport.pdf
[Web安全]  
TrunPortForward: Web管理的、多节点、多端口、高度自定义定向转发工具  点击率 245 
https://github.com/cytvictor/TrunPortForward
[漏洞分析]  
A bunch of Red Pills: VMware Escapes  点击率 243 
https://keenlab.tencent.com/en/2018/04/23/A-bunch-of-Red-Pills-VMware-Escapes/
[Web安全]  
PentesterLab新手教程(二):XML注入  点击率 235 
http://www.freebuf.com/sectool/169122.html
[取证分析]  
STIX 2.0 示例剖析  点击率 233 
https://mp.weixin.qq.com/s/B88yOz9UWRm5WhWY6zAyUA
[运维安全]  
360:基于 AI 的网络运维  点击率 232 
https://mp.weixin.qq.com/s/1toUOKq_80pyM8AmCNb8Ww
[漏洞分析]  
Small mistakes lead to big problems  点击率 229 
http://k3research.outerhaven.de/posts/small-mistakes-lead-to-big-problems.html
[漏洞分析]  
Infer:Facebook开源的一个静态分析工具  点击率 226 
https://infer.liaohuqiu.net/
[漏洞分析]  
Google Inbox spoofing vulnerability  点击率 224 
https://eligrey.com/blog/google-inbox-spoofing-vulnerability/
[Web安全]  
YY直播洗号产业链如何运作?戳进来看看!  点击率 223 
https://bbs.ichunqiu.com/thread-39419-1-1.html?from=sec
[漏洞分析]  
谈escapeshellarg绕过与参数注入漏洞   点击率 222 
https://www.leavesongs.com/PENETRATION/escapeshellarg-and-parameter-injection.html
[Web安全]  
基于Service Worker 的XSS攻击面拓展  点击率 219 
https://lorexxar.cn/2018/04/20/SW-xss/
[Web安全]  
读取型CSRF-需要交互的内容劫持  点击率 217 
https://bbs.ichunqiu.com/thread-36314-1-1.html
[杂志]  
SecWiki周刊(第216期)  点击率 208 
https://www.sec-wiki.com/weekly/216
[恶意分析]  
CVE-2017–11882 RTF  点击率 204 
https://medium.com/@__fastcall/cve-2017-11882-rtf-44d671dc0fce
[恶意分析]  
Energetic Bear/Crouching Yeti: attacks on servers  点击率 203 
https://securelist.com/energetic-bear-crouching-yeti/85345/
[工具]  
TDL:Driver loader for bypassing Windows x64 Driver Signature Enforcement  点击率 199 
https://github.com/hfiref0x/TDL
[比赛]  
DDCTF 2018 逆向 baby_mips Writeup   点击率 199 
https://blog.formsec.cn/2018/04/29/DDCTF-2018-%e9%80%86%e5%90%91-baby-mips-Writeup/
[Web安全]  
关于Powershell对抗安全软件  点击率 197 
https://micropoor.blogspot.jp/2018/04/powershell.html
[Web安全]  
Subdomain enumeration  点击率 193 
http://10degres.net/subdomain-enumeration/
[移动安全]  
Bypassing Android Anti-Emulation, Part (I)  点击率 192 
http://www.juanurs.com/Bypassing-Android-Anti-Emulation-Part-I/
[Web安全]  
Stored XSS in Yahoo!  点击率 190 
https://steemit.com/bugbounty/@theshahzada/stored-xss-in-yahoo
[Web安全]  
Exploiting misconfigured CORS Null Origin  点击率 185 
https://www.soffensive.com/2018/04/exploiting-misconfigured-cors-null.html
[恶意分析]  
GravityRAT - The Two-Year Evolution Of An APT Targeting India  点击率 185 
https://blog.talosintelligence.com/2018/04/gravityrat-two-year-evolution-of-apt.html
[数据挖掘]  
机器学习之垃圾信息过滤  点击率 178 
http://www.freebuf.com/articles/network/168850.html
[Web安全]  
JWT common pitfalls, attacks, and mitigations  点击率 176 
https://auth0.com/blog/a-look-at-the-latest-draft-for-jwt-bcp/
[运维安全]  
用Apache mod_rewrite来保护你的Empire C2  点击率 176 
https://www.anquanke.com/post/id/104784
[Web安全]  
毕业设计之php RASP(三) 收尾  点击率 174 
http://www.cnblogs.com/iamstudy/articles/php_code_rasp_3.html
[漏洞分析]  
为何 shadowsocks 要弃用一次性验证 (OTA)  点击率 173 
https://blessing.studio/why-do-shadowsocks-deprecate-ota/
[恶意分析]  
Summary of APT33 MD5  点击率 171 
https://pastebin.com/uGUF4SHJ
[恶意分析]  
Debugging Windows Services For Malware Analysis / Reverse Engineering  点击率 171 
https://secrary.com/Random/WindowsServiceDebugging/
[移动安全]  
Bypassing Android Anti-Emulation, Part (III)  点击率 170 
http://www.juanurs.com/Bypassing-Android-Anti-Emulation-Part-III/
[恶意分析]  
Uncovering Unknown Threats With Human-Readable Machine Learning  点击率 168 
https://blog.trendmicro.com/trendlabs-security-intelligence/uncovering-unknown-threats-with-human-readable-machine-learning/
[取证分析]  
揭秘第三方跟踪器是如何利用Facebook登录页面跟踪用户的  点击率 167 
http://www.4hou.com/technology/11208.html
[数据挖掘]  
第二届阿里云安全算法挑战赛 MJ_3DSUN 队解题方法  点击率 164 
https://github.com/frank6696/tianchi-aliyun-security-competition
[取证分析]  
使用Apache mod_rewrite实现http流量分发  点击率 164 
https://mp.weixin.qq.com/s/SIFrdP-w3kvIhQGaAjhV-Q
[编程技术]  
picojs:A face detection library in 200 lines of JavaScript  点击率 162 
https://github.com/tehnokv/picojs
[漏洞分析]  
Jira-Scan: CVE-2017-9506 POC  点击率 162 
https://github.com/random-robbie/Jira-Scan
[运维安全]  
Endpoint Isolation with the Windows Firewall  点击率 159 
https://medium.com/@cryps1s/endpoint-isolation-with-the-windows-firewall-462a795f4cfb
[比赛]  
Reverse Engineering challenges  点击率 158 
about:blank
[恶意分析]  
TPLINK TLWR740N ROUTER REMOTE CODE EXECUTION  点击率 157 
https://www.fidusinfosec.com/a-curious-case-of-code-reuse-tplink-cve-2017-13772-v2
[Web安全]  
Linkedin Autofill Vulnerability  点击率 156 
https://amisafe.secops.in/linkedin-autofill-vulnerability/
[恶意分析]  
从 CVE-2016-0165 说起:分析、利用和检测(下)  点击率 154 
https://xiaodaozhi.com/exploit/56.html
[移动安全]  
Bypassing Android Anti-Emulation, Part (II)  点击率 154 
http://www.juanurs.com/Bypassing-Android-Anti-Emulation-Part-II/
[漏洞分析]  
ShofEL2, a Tegra X1 and Nintendo Switch exploit  点击率 153 
https://fail0verflow.com/blog/2018/shofel2/
[比赛]  
格式化字符串hijack retaddr及三个白帽-pwnme_k0 writeup  点击率 152 
https://www.anquanke.com/post/id/105989
[文档]  
establishing-a-baseline-for-remote-desktop-protocol  点击率 151 
https://www.fireeye.com/blog/threat-research/2018/04/establishing-a-baseline-for-remote-desktop-protocol.html
[Web安全]  
DOM Based Cross-Site Scripting in Google VRView library  点击率 150 
http://blog.mindedsecurity.com/2018/04/dom-based-cross-site-scripting-in.html
[运维安全]  
欧洲最严合规GDPR影响众多企业  点击率 150 
https://mp.weixin.qq.com/s/nEMHu33qfO8GvDqStpVVuQ
[恶意分析]  
Loading Kernel Shellcode  点击率 147 
https://www.fireeye.com/blog/threat-research/2018/04/loading-kernel-shellcode.html
[设备安全]  
First glance on OS VRP by Huawei   点击率 147 
https://embedi.com/blog/first-glance-on-os-vrp-by-huawei/
[恶意分析]  
毕业设计之php RASP(二) 威胁判断  点击率 144 
http://www.cnblogs.com/iamstudy/articles/php_code_rasp_2.html
[移动安全]  
Frida-Python-Binding:Easy to use Frida python binding script  点击率 142 
https://github.com/Mind0xP/Frida-Python-Binding
[移动安全]  
Android Applications Reversing 101   点击率 131 
https://www.evilsocket.net/2017/04/27/Android-Applications-Reversing-101/
[运维安全]  
Red-Teaming-Toolkit: A collection of open source and commercial tools  点击率 130 
https://github.com/infosecn1nja/Red-Teaming-Toolkit
[恶意分析]  
Interactive bindshell over HTTP   点击率 128 
http://blog.secu.dk/blog/Tunnels_in_a_hard_filtered_network/
[其它]  
金融企业IT内控合规管理建设与实践  点击率 125 
https://mp.weixin.qq.com/s/vxvZAfXRqYDVmdqEXJfUUA
[取证分析]  
Gitmails: An information gathering tool to colect git commit emails  点击率 119 
https://github.com/giovanifss/Gitmails
[漏洞分析]  
HooToo TripMate Routers are Cute But Insecure  点击率 117 
http://blog.ioactive.com/2018/04/hootoo-tripmate-routers-are-cute-but.html
[恶意分析]  
从 CVE-2016-0165 说起:分析、利用和检测(中)  点击率 113 
https://xiaodaozhi.com/exploit/42.html
[取证分析]  
Integrating PRE-ATT&CK Techniques Into ATT&CK   点击率 99 
https://www.mitre.org/capabilities/cybersecurity/overview/cybersecurity-blog/integrating-pre-attck-techniques-into-attck
-----微信ID:SecWiki-----
SecWiki,5年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第217期)