SecWiki周刊(第219期)
2018/05/07-2018/05/13
安全资讯
[新闻]  
2017年网络安全公司营业收入排行  点击率 481 
https://mp.weixin.qq.com/s/OaMoKelLkkElNUcxJyL2-Q
[人物]  
黑客蒸米:一个大V的生活意见  点击率 325 
https://mp.weixin.qq.com/s/AwhvVEAMtWUl65_8bN54iQ
[新闻]  
从到乌克兰电网到德国钢厂:攻击工控系统五大真实案例  点击率 245 
http://www.aqniu.com/news-views/33857.html
安全技术
[文档]  
xKungfoo 2018 信息安全交流大会 PPT下载  点击率 501 
http://www.4hou.com/info/news/11370.html
[Web安全]  
手机验证码常见漏洞总结  点击率 463 
https://mp.weixin.qq.com/s/jtJl2GFacMyRCQsBUiTVSA
[比赛]  
Defcon China 靶场题 - 内网渗透Writeup  点击率 431 
http://www.cnblogs.com/iamstudy/articles/2018_defcon_china_pentest_writeup.html
[Web安全]  
渗透测试实战-BSides靶机入侵  点击率 413 
https://www.anquanke.com/post/id/113020
[Web安全]  
Burp Suite API学习思路  点击率 398 
https://bbs.ichunqiu.com/thread-40003-1-1.html?from=sec
[工具]  
改机工具在黑灰产中的应用  点击率 363 
https://mp.weixin.qq.com/s/53VwKco-DcHIcBb62dk50A
[Web安全]  
CVE-2018-1260|Spring-security-oauth2远程命令执行  点击率 360 
https://mp.weixin.qq.com/s/g2d34avm-H_nhBqQFUF7hw
[Web安全]  
PHP 一句话木马检测绕过研究  点击率 355 
https://mp.weixin.qq.com/s/LytVSOt81UpRyetMh6twnw
[Web安全]  
RCE with spring-security-oauth2 分析-CVE-2018-1260  点击率 330 
https://xz.aliyun.com/t/2330
[漏洞分析]  
CVE-2017-14322 登录认证绕过分析  点击率 285 
https://mp.weixin.qq.com/s/GWdKiwWf8Eiy5ee8B-D5Dw
[漏洞分析]  
图文教程:无限刷BEC币与漏洞分析(多图预警)  点击率 284 
https://mp.weixin.qq.com/s/CLq9jkHon8QJgO_rnBA9Yw
[运维安全]  
docker-security: docker 安全基线规范  点击率 275 
https://github.com/Kutim/docker-security
[取证分析]  
使用hashcat破解加密office文件  点击率 271 
https://evi1cg.me/archives/hashcat_crack_office.html
[Web安全]  
Bug-Project-Framework: 漏洞利用框架模块分享仓库  点击率 267 
https://github.com/Fplyth0ner-Combie/Bug-Project-Framework
[运维安全]  
2017中国企业邮箱安全性研究报告  点击率 267 
https://mp.weixin.qq.com/s/1My9bwN2BLbCwcqEIP-xeA
[其它]  
区块链安全生存指南  点击率 266 
https://chaitin.cn/cn/download/blockchain_security_guide_20180507.pdf
[其它]  
区块链安全分析报告  点击率 260 
https://bcsec.org/
[恶意分析]  
The-Axer:一款自动化地用 msfvenom 生成 payload 的工具  点击率 258 
https://github.com/ceh-tn/The-Axer
[杂志]  
SecWiki周刊(第218期)  点击率 251 
https://www.sec-wiki.com/weekly/218
[Web安全]  
PeDoll开源及使用教程  点击率 241 
https://bbs.ichunqiu.com/thread-39930-1-1.html?from=sec
[取证分析]  
linux_information: 自动化收集linux信息  点击率 236 
https://github.com/l3m0n/linux_information
[运维安全]  
JPCERT/CC漏洞协调与披露指南(中文版)  点击率 234 
http://www.shuziguanxing.com/guide.pdf
[Web安全]  
如何用Powershell PE注入弹你一脸计算器  点击率 221 
https://bbs.ichunqiu.com/thread-39788-1-1.html?from=sec
[取证分析]  
情报分析之图片挖掘  点击率 211 
https://mp.weixin.qq.com/s/ZG5d_Hs7W3mQ0xgGI4YgDA
[恶意分析]  
GPON 漏洞的在野利用(一)—muhstik 僵尸网络  点击率 195 
http://blog.netlab.360.com/gpon-exploit-in-the-wild-i-muhstik-botnet-among-others/
[Web安全]  
如何滥用DCOM实现横向渗透  点击率 193 
https://www.anquanke.com/post/id/107097
[运维安全]  
GoKu-API-Gateway:悟空API网关开源版  点击率 193 
https://github.com/eolinker/GoKu-API-Gateway
[恶意分析]  
JavaScript 恶意代码样本收集仓库  点击率 189 
https://github.com/HynekPetrak/javascript-malware-collection
[工具]  
Python exploit for Remote Code Executuion on GPON home routers (CVE-2018-10562).  点击率 185 
https://github.com/f3d0x0/GPON
[Web安全]  
struts2 命令/代码执行漏洞分析系列 S2-003和S3-005   点击率 178 
https://xz.aliyun.com/t/2323
[运维安全]  
Yearning: 基于Inception的可视化Web端SQL审核平台  点击率 178 
https://github.com/cookieY/Yearning
[Web安全]  
$4500 Bounty — How I got lucky  点击率 177 
https://medium.com/bugbountywriteup/4500-bounty-how-i-got-lucky-99d8bc933f75
[Web安全]  
suPHP安全那点事儿  点击率 176 
https://mp.weixin.qq.com/s/mTHmagQaRttUrYLVtCzVTA
[恶意分析]  
Hiding Metasploit Shellcode to Evade Windows Defender  点击率 175 
https://blog.rapid7.com/2018/05/03/hiding-metasploit-shellcode-to-evade-windows-defender/?from=timeline
[取证分析]  
Logpara: 一个对常见的Web日志进行解析处理的粗糙DEMO  点击率 173 
https://github.com/0xa-saline/Logpara
[恶意分析]  
GPON Home Gateway 远程命令执行漏洞被利用情况  点击率 172 
https://paper.seebug.org/595/
[运维安全]  
初探新版 Elasticsearch 中的强悍插件 X-pack   点击率 170 
https://mp.weixin.qq.com/s/2SFJUFgb_e3cKP6eOKS4jw
[Web安全]  
一起玩蛇-Nodejs代码审计中的器  点击率 168 
https://mp.weixin.qq.com/s/97whUiR5v0URQ7QT0CQ6bg
[其它]  
Off the Chain: Observing Bitcoin Nodes on the Public Internet  点击率 160 
https://www.rapid7.com/globalassets/_pdfs/research/rapid7-block-chain-research-report.pdf
[恶意分析]  
一个Linux平台的门罗币挖矿木马的查杀与分析  点击率 155 
http://www.freebuf.com/articles/system/170211.html
[Web安全]  
Bypass ngx_lua_waf SQL注入防御(多姿势)  点击率 155 
https://mp.weixin.qq.com/s/tOf66FGINaO9oVv2pDcxcQ
[取证分析]  
python-iocextract: Advanced Indicator of Compromise (IOC) extractor  点击率 154 
https://github.com/InQuest/python-iocextract
[其它]  
nbns-spoofing  点击率 148 
https://pentestlab.blog/2018/05/08/nbns-spoofing/
[Web安全]  
Google YOLO  点击率 142 
https://blog.innerht.ml/google-yolo/
[Web安全]  
Unsafe Unzip with spring-integration-zip 分析-CVE-2018-1261  点击率 138 
https://xz.aliyun.com/t/2334
[工具]  
ShellPop:generate easy and sofisticated reverse or bind shell commands  点击率 132 
https://github.com/0x00-0x00/ShellPop
[漏洞分析]  
禁用import的情况下绕过python沙箱  点击率 130 
https://www.anquanke.com/post/id/107000
[恶意分析]  
RansomwareDetector 勒索软件检测工具  点击率 121 
https://github.com/remyLucas/RansomwareDetector
[恶意分析]  
VirusShare Malware Collection: A-Z 恶意样本数据集  点击率 117 
https://archive.org/details/virusshare_malware_collection_aaa
[恶意分析]  
Malware Analysis Tools  点击率 109 
http://malwareanalysis.tools/
[恶意分析]  
DarkHotel APT团伙新近活动的样本分析  点击率 109 
https://mp.weixin.qq.com/s/LC_udciIifrJBt-abuEUaA
[其它]  
Blue Team fundamentals Part Two: Windows Processes.  点击率 107 
https://securitybytes.io/blue-team-fundamentals-part-two-windows-processes-759fe15965e2
[其它]  
Debugging Windows Services  点击率 105 
https://musings.konundrum.org/2018/05/03/debugging-windows-services.html
[Web安全]  
GitLab web hooks SSRF(CVE-2018-8801) Patch analysis and How to safely fix SSRF  点击率 102 
https://github.com/Cryin/Paper/blob/master/GitLab%20web%20hooks%20SSRF(CVE-2018-8801)%20Patch%20analysis%20and%20How%20to%20safely%20fix%20SSRF.md
[恶意分析]  
Analyzing Large Capture Files Part 1 – Colorizing Conversations in Wireshark  点击率 89 
http://chrissanders.org/2018/05/large-captures1-colorizing-wireshark/
[恶意分析]  
Study: Attack on KrebsOnSecurity Cost IoT Device Owners $323K  点击率 85 
https://krebsonsecurity.com/2018/05/study-attack-on-krebsonsecurity-cost-iot-device-owners-323k/
-----微信ID:SecWiki-----
SecWiki,5年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第219期)