SecWiki周刊(第217期)
2018/04/23-2018/04/29
安全资讯
[新闻]  公安部关于印发《网络安全等级保护测评机构管理办法》的通知
https://mp.weixin.qq.com/s/HVPSSB_QtWle7GjJhJT_Ww
[新闻]  外卖送餐信息被指在网上售卖
http://www.bjnews.com.cn/inside/2018/04/23/484211.html
[会议]  XKungfoo 2018精彩回顾-Day2
http://www.4hou.com/xactivity/11242.html
[恶意分析]  恶意软件分析之—勒索即服务(Raas)
http://www.4hou.com/typ/11186.html
[新闻]  黑客组织 Orangeworm 针对全球医疗保健行业发起间谍活动
https://mp.weixin.qq.com/s/DhQAdkeXRW-22UPgB5iR6A
[取证分析]  ThaiCERT Seizes Hidden Cobra Server Linked to GhostSecret, Sony Attacks
https://threatpost.com/thaicert-seizes-hidden-cobra-server-linked-to-ghostsecret-sony-attacks/131498/
[会议]  XKungfoo 2018精彩回顾-Day1
http://www.4hou.com/xactivity/11228.html
安全技术
[会议]  2018首席安全官(CSO)国际高峰论坛(干货PPT下载)
https://www.anquanke.com/post/id/106707
[比赛]  渗透测试实战-BlackMarket靶机入侵
https://www.anquanke.com/post/id/106855
[Web安全]  听说你内网渗透遇到困难?—MSF的NAT映射技巧
https://bbs.ichunqiu.com/thread-39238-1-1.html?from=sec
[运维安全]  DB_BaseLine: 数据库基线检查工具
https://github.com/wstart/DB_BaseLine
[漏洞分析]  Drupal CVE-2018-7600 漏洞利用和攻击
https://xz.aliyun.com/t/2312
[编程技术]  巡风风险扫描系统的一些演变
http://www.freebuf.com/sectool/168977.html
[Web安全]  cheetah-gui:基于字典的webshell密码爆破工具
https://github.com/sunnyelf/cheetah-gui/blob/master/README_zh.md
[恶意分析]  记某司Linux服务器入侵事件
https://secvul.com/topics/1142.html
[运维安全]  金融企业网络安全应急响应之基础篇
https://mp.weixin.qq.com/s/Ug2vImj8wB1_kbXLGUmouQ
[漏洞分析]  一行代码蒸发了¥6,447,277,680 人民币!
https://zhuanlan.zhihu.com/p/35989258
[漏洞分析]  A bunch of Red Pills: VMware Escapes
https://keenlab.tencent.com/en/2018/04/23/A-bunch-of-Red-Pills-VMware-Escapes/
[比赛]  429线下赛write-up
http://momomoxiaoxi.com/2018/04/27/4292018/
[漏洞分析]  Fireline: 360发布的一款免费静态代码分析工具
http://magic.360.cn/zh/article_zh.html
[恶意分析]  APT团伙(APT-C-01)新利用漏洞样本分析及关联挖掘
https://mp.weixin.qq.com/s/Rj0diLq9w6qiyQSA-CJHGQ
[工具]  windows10_ntfs_crash_dos:PoC for a NTFS crash that I discovered, in various Wind
https://github.com/mtivadar/windows10_ntfs_crash_dos
[Web安全]  记Discuz!的一个绕过技巧
https://secvul.com/topics/1165.html
[Web安全]  Hash Finder 在线查询工具(支持多种类型)
http://finder.insidepro.team/
[Web安全]  代码审计之任意文件读取漏洞实例
https://mp.weixin.qq.com/s/JG1PuHXvtt9sXM1r26uQ9g
[漏洞分析]  Go语言任意代码执行漏洞 CVE-2018-6574
http://blog.nsfocus.net/cve-2018-6574/
[工具]  HackBox is the combination of awesome techniques.
https://github.com/samhaxr/hackbox
[Web安全]  TrunPortForward: Web管理的、多节点、多端口、高度自定义定向转发工具
https://github.com/cytvictor/TrunPortForward
[Web安全]  利用文件包含漏洞和图片一句话getshell
https://xz.aliyun.com/t/2311
[漏洞分析]  Jira-Scan: CVE-2017-9506 POC
https://github.com/random-robbie/Jira-Scan
[取证分析]  构建高质量攻击指标的几条建议
https://mp.weixin.qq.com/s/ZRiSi3bb-SkMc_54mWPgmw
[Web安全]  一次特殊场景下的鸡肋XSS
https://secvul.com/topics/1159.html
[漏洞分析]  谈escapeshellarg绕过与参数注入漏洞
https://www.leavesongs.com/PENETRATION/escapeshellarg-and-parameter-injection.html
[Web安全]  PentesterLab新手教程(一):代码注入
http://www.freebuf.com/sectool/168653.html
[Web安全]  DomLink:一款自动化的域发现工具
http://www.freebuf.com/sectool/169734.html
[Web安全]  读取型CSRF-需要交互的内容劫持
https://bbs.ichunqiu.com/thread-36314-1-1.html
[移动安全]  Bypassing Android Anti-Emulation, Part (II)
http://www.juanurs.com/Bypassing-Android-Anti-Emulation-Part-II/
[Web安全]  毕业设计之php RASP(三) 收尾
http://www.cnblogs.com/iamstudy/articles/php_code_rasp_3.html
[运维安全]  360:基于 AI 的网络运维
https://mp.weixin.qq.com/s/1toUOKq_80pyM8AmCNb8Ww
[运维安全]  金融企业网络安全应急响应之技术篇
https://mp.weixin.qq.com/s/W3_klh02SsMrRyH3UcYGNw
[Web安全]  YY直播洗号产业链如何运作?戳进来看看!
https://bbs.ichunqiu.com/thread-39419-1-1.html?from=sec
[设备安全]  First glance on OS VRP by Huawei
https://embedi.com/blog/first-glance-on-os-vrp-by-huawei/
[恶意分析]  Summary of APT33 MD5
https://pastebin.com/uGUF4SHJ
[移动安全]  Bypassing Android Anti-Emulation, Part (I)
http://www.juanurs.com/Bypassing-Android-Anti-Emulation-Part-I/
[恶意分析]  GravityRAT - The Two-Year Evolution Of An APT Targeting India
https://blog.talosintelligence.com/2018/04/gravityrat-two-year-evolution-of-apt.html
[杂志]  SecWiki周刊(第216期)
https://www.sec-wiki.com/weekly/216
[恶意分析]  Energetic Bear/Crouching Yeti: attacks on servers
https://securelist.com/energetic-bear-crouching-yeti/85345/
[Web安全]  PentesterLab新手教程(二):XML注入
http://www.freebuf.com/sectool/169122.html
[漏洞分析]  为何 shadowsocks 要弃用一次性验证 (OTA)
https://blessing.studio/why-do-shadowsocks-deprecate-ota/
[移动安全]  Bypassing Android Anti-Emulation, Part (III)
http://www.juanurs.com/Bypassing-Android-Anti-Emulation-Part-III/
[漏洞分析]  ShofEL2, a Tegra X1 and Nintendo Switch exploit
https://fail0verflow.com/blog/2018/shofel2/
[取证分析]  STIX 2.0 示例剖析
https://mp.weixin.qq.com/s/B88yOz9UWRm5WhWY6zAyUA
[Web安全]  基于Service Worker 的XSS攻击面拓展
https://lorexxar.cn/2018/04/20/SW-xss/
[恶意分析]  Interactive bindshell over HTTP
http://blog.secu.dk/blog/Tunnels_in_a_hard_filtered_network/
[漏洞分析]  Google Inbox spoofing vulnerability
https://eligrey.com/blog/google-inbox-spoofing-vulnerability/
[数据挖掘]  机器学习之垃圾信息过滤
http://www.freebuf.com/articles/network/168850.html
[Web安全]  关于Powershell对抗安全软件
https://micropoor.blogspot.jp/2018/04/powershell.html
[工具]  TDL:Driver loader for bypassing Windows x64 Driver Signature Enforcement
https://github.com/hfiref0x/TDL
[数据挖掘]  第二届阿里云安全算法挑战赛 MJ_3DSUN 队解题方法
https://github.com/frank6696/tianchi-aliyun-security-competition
[漏洞分析]  Small mistakes lead to big problems
http://k3research.outerhaven.de/posts/small-mistakes-lead-to-big-problems.html
[Web安全]  DOM Based Cross-Site Scripting in Google VRView library
http://blog.mindedsecurity.com/2018/04/dom-based-cross-site-scripting-in.html
[比赛]  格式化字符串hijack retaddr及三个白帽-pwnme_k0 writeup
https://www.anquanke.com/post/id/105989
[漏洞分析]  Infer:Facebook开源的一个静态分析工具
https://infer.liaohuqiu.net/
[运维安全]  Red-Teaming-Toolkit: A collection of open source and commercial tools
https://github.com/infosecn1nja/Red-Teaming-Toolkit
[运维安全]  用Apache mod_rewrite来保护你的Empire C2
https://www.anquanke.com/post/id/104784
[Web安全]  JWT common pitfalls, attacks, and mitigations
https://auth0.com/blog/a-look-at-the-latest-draft-for-jwt-bcp/
[漏洞分析]  HooToo TripMate Routers are Cute But Insecure
http://blog.ioactive.com/2018/04/hootoo-tripmate-routers-are-cute-but.html
[Web安全]  Linkedin Autofill Vulnerability
https://amisafe.secops.in/linkedin-autofill-vulnerability/
[比赛]  Reverse Engineering challenges
about:blank
[恶意分析]  Debugging Windows Services For Malware Analysis / Reverse Engineering
https://secrary.com/Random/WindowsServiceDebugging/
[运维安全]  Windows security audit events
https://www.microsoft.com/en-us/download/details.aspx?id=50034
[运维安全]  Endpoint Isolation with the Windows Firewall
https://medium.com/@cryps1s/endpoint-isolation-with-the-windows-firewall-462a795f4cfb
[Web安全]  Subdomain enumeration
http://10degres.net/subdomain-enumeration/
[Web安全]  Exploiting misconfigured CORS Null Origin
https://www.soffensive.com/2018/04/exploiting-misconfigured-cors-null.html
[运维安全]  欧洲最严合规GDPR影响众多企业
https://mp.weixin.qq.com/s/nEMHu33qfO8GvDqStpVVuQ
[取证分析]  Gitmails: An information gathering tool to colect git commit emails
https://github.com/giovanifss/Gitmails
[编程技术]  picojs:A face detection library in 200 lines of JavaScript
https://github.com/tehnokv/picojs
[取证分析]  使用Apache mod_rewrite实现http流量分发
https://mp.weixin.qq.com/s/SIFrdP-w3kvIhQGaAjhV-Q
[恶意分析]  从 CVE-2016-0165 说起:分析、利用和检测(上)
https://xiaodaozhi.com/exploit/32.html
[取证分析]  揭秘第三方跟踪器是如何利用Facebook登录页面跟踪用户的
http://www.4hou.com/technology/11208.html
[恶意分析]  毕业设计之php RASP(二) 威胁判断
http://www.cnblogs.com/iamstudy/articles/php_code_rasp_2.html
[移动安全]  Frida-Python-Binding:Easy to use Frida python binding script
https://github.com/Mind0xP/Frida-Python-Binding
[恶意分析]  TPLINK TLWR740N ROUTER REMOTE CODE EXECUTION
https://www.fidusinfosec.com/a-curious-case-of-code-reuse-tplink-cve-2017-13772-v2
[移动安全]  Android Applications Reversing 101
https://www.evilsocket.net/2017/04/27/Android-Applications-Reversing-101/
[其它]  金融企业IT内控合规管理建设与实践
https://mp.weixin.qq.com/s/vxvZAfXRqYDVmdqEXJfUUA
[恶意分析]  从 CVE-2016-0165 说起:分析、利用和检测(下)
https://xiaodaozhi.com/exploit/56.html
[恶意分析]  从 CVE-2016-0165 说起:分析、利用和检测(中)
https://xiaodaozhi.com/exploit/42.html
-----微信ID:SecWiki-----
SecWiki,5年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第217期)