SecWiki周刊(第220期)
2018/05/14-2018/05/20
安全资讯
谁偷了我的海淘额度,背后有怎样的黑色利益链
http://tech.qq.com/a/20180519/009660.htm
http://tech.qq.com/a/20180519/009660.htm
安全技术
MyBatis框架中常见的SQL注入
https://c0d3p1ut0s.github.io/MyBatis%E6%A1%86%E6%9E%B6%E4%B8%AD%E5%B8%B8%E8%A7%81%E7%9A%84SQL%E6%B3%A8%E5%85%A5/
https://c0d3p1ut0s.github.io/MyBatis%E6%A1%86%E6%9E%B6%E4%B8%AD%E5%B8%B8%E8%A7%81%E7%9A%84SQL%E6%B3%A8%E5%85%A5/
端口扫描器的几种代码实现方案
https://thief.one/
https://thief.one/
Suricata IDS 入门 -- 规则详解
https://mp.weixin.qq.com/s/4__p-St6PVmxHGF3CHG4ew
https://mp.weixin.qq.com/s/4__p-St6PVmxHGF3CHG4ew
红队网络基础设施建设
https://paper.seebug.org/599/
https://paper.seebug.org/599/
Acunetix11-API接口利用开发
https://mp.weixin.qq.com/s/UVdOPStSVM5-6ekj4BqJfQ
https://mp.weixin.qq.com/s/UVdOPStSVM5-6ekj4BqJfQ
vulstudy: 使用docker快速搭建各大漏洞学习平台
https://github.com/c0ny1/vulstudy
https://github.com/c0ny1/vulstudy
简单分析SQL注入语义分析库Libinjection
http://www.freebuf.com/articles/web/170930.html
http://www.freebuf.com/articles/web/170930.html
以太坊智能合约安全 Dasp Top10
https://paper.seebug.org/603/
https://paper.seebug.org/603/
Writeups: 国内各大CTF赛题及writeup整理
https://github.com/susers/Writeups
https://github.com/susers/Writeups
强网杯拟态防御赛ez_upload Writeup
https://xz.aliyun.com/t/2337
https://xz.aliyun.com/t/2337
微信赌场—H5棋牌游戏渗透之旅
https://bbs.ichunqiu.com/thread-40227-1-1.html?from=sec
https://bbs.ichunqiu.com/thread-40227-1-1.html?from=sec
PHP_Source_Audit_Tools: PHP 白盒分析工具
https://github.com/lcatro/PHP_Source_Audit_Tools
https://github.com/lcatro/PHP_Source_Audit_Tools
XSS钓鱼某网约车后台一探究竟,乘客隐私暴露引发思考
https://bbs.ichunqiu.com/thread-40408-1-1.html?from=sec
https://bbs.ichunqiu.com/thread-40408-1-1.html?from=sec
2018全国网络空间安全技术大赛web&misc&crypto题解
https://www.anquanke.com/post/id/144862
https://www.anquanke.com/post/id/144862
渗透技巧之资产探测与信息收集
https://mp.weixin.qq.com/s/bGAnZ7RASEN8IiyI4E8nog
https://mp.weixin.qq.com/s/bGAnZ7RASEN8IiyI4E8nog
路由器漏洞分析入门:D-Link Service.Cgi远程命令执行漏洞
http://blog.nsfocus.net/router-vulnerability/
http://blog.nsfocus.net/router-vulnerability/
CVE-2018-8120 Analysis and Exploit
https://paper.seebug.org/602/
https://paper.seebug.org/602/
Spring Security OAuth2 RCE(CVE-2018-1260)漏洞分析
https://mp.weixin.qq.com/s/5nTz6bexDFLkIT5EfDpnYA
https://mp.weixin.qq.com/s/5nTz6bexDFLkIT5EfDpnYA
2018 腾讯TP游戏安全技术竞赛-决赛进阶版write-up
https://blog.his.cat/a/mtp_competition_2018_1.cat
https://blog.his.cat/a/mtp_competition_2018_1.cat
端口转发流量操控工具总结
http://www.freebuf.com/articles/web/171589.html
http://www.freebuf.com/articles/web/171589.html
利用网络测绘深挖博彩平台的产业链
https://mp.weixin.qq.com/s/aOlZmdzzye2AsqGDa3hcbg
https://mp.weixin.qq.com/s/aOlZmdzzye2AsqGDa3hcbg
2017 年我国互联网网络安全态势综述
http://www.cert.org.cn/publish/main/upload/File/situation.pdf
http://www.cert.org.cn/publish/main/upload/File/situation.pdf
对深度学习系统的数据流攻击
https://www.anquanke.com/post/id/144837
https://www.anquanke.com/post/id/144837
Arbitrary Code Execution at Ring 0 using CVE-2018-8897
https://blog.can.ac/2018/05/11/arbitrary-code-execution-at-ring-0-using-cve-2018-8897/
https://blog.can.ac/2018/05/11/arbitrary-code-execution-at-ring-0-using-cve-2018-8897/
OWASP-Web-Checklist: OWASP Web Application Security Testing Checklist
https://github.com/0xRadi/OWASP-Web-Checklist
https://github.com/0xRadi/OWASP-Web-Checklist
SecWiki周刊(第219期)
https://www.sec-wiki.com/weekly/219
https://www.sec-wiki.com/weekly/219
A Deep Dive Into RIG Exploit Kit Delivering Grobios Trojan
https://www.fireeye.com/blog/threat-research/2018/05/deep-dive-into-rig-exploit-kit-delivering-grobios-trojan.html
https://www.fireeye.com/blog/threat-research/2018/05/deep-dive-into-rig-exploit-kit-delivering-grobios-trojan.html
利用LLMNR结合PDF文件获取PC Hashes
http://www.freebuf.com/articles/network/171634.html
http://www.freebuf.com/articles/network/171634.html
GPON 漏洞的在野利用(三)——Mettle、Hajime、Mirai、Omni、Imgay
http://blog.netlab.360.com/gpon-exploit-in-the-wild-iii-mettle-hajime-mirai-omni-imgay/
http://blog.netlab.360.com/gpon-exploit-in-the-wild-iii-mettle-hajime-mirai-omni-imgay/
LocationSmart API Vulnerability
https://www.robertxiao.ca/hacking/locationsmart/
https://www.robertxiao.ca/hacking/locationsmart/
Phantom-Evasion: Python AV evasion tool capable to generate FUD executable
https://github.com/oddcod3/Phantom-Evasion
https://github.com/oddcod3/Phantom-Evasion
kubernetes从入门到放弃1--(墙内安装+资源概念)
https://jiayi.space/post/kubernetescong-ru-men-dao-fang-qi-1-qiang-nei-an-zhuang-zi-yuan-gai-nian
https://jiayi.space/post/kubernetescong-ru-men-dao-fang-qi-1-qiang-nei-an-zhuang-zi-yuan-gai-nian
Facebook Bug Bounty:“Client-Side” CSRF
https://www.facebook.com/notes/facebook-bug-bounty/client-side-csrf/2056804174333798/
https://www.facebook.com/notes/facebook-bug-bounty/client-side-csrf/2056804174333798/
利用Java反射和类加载机制绕过JSP后门检测
https://xz.aliyun.com/t/2342
https://xz.aliyun.com/t/2342
kubernetes从入门到放弃3--(网络原理)
https://jiayi.space/post/kubernetescong-ru-men-dao-fang-qi-3-wang-luo-yuan-li
https://jiayi.space/post/kubernetescong-ru-men-dao-fang-qi-3-wang-luo-yuan-li
phonedata: 手机号码归属地信息库
https://github.com/xluohome/phonedata
https://github.com/xluohome/phonedata
kubernetes从入门到放弃2--(组件架构)
https://jiayi.space/post/kubernetescong-ru-men-dao-fang-qi-2-zu-jian-jia-gou
https://jiayi.space/post/kubernetescong-ru-men-dao-fang-qi-2-zu-jian-jia-gou
watermark: 网站的水印组件 降低数据泄密风险
https://github.com/saucxs/watermark
https://github.com/saucxs/watermark
针对恶意PowerShell后门PRB的分析
https://www.anquanke.com/post/id/144948
https://www.anquanke.com/post/id/144948
-----微信ID:SecWiki-----
SecWiki,13年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第220期)
