SecWiki周刊(第220期)
2018/05/14-2018/05/20
安全资讯
[取证分析]  谁偷了我的海淘额度,背后有怎样的黑色利益链
http://tech.qq.com/a/20180519/009660.htm
[人物]  李均:我眼中的黑客精神
https://mp.weixin.qq.com/s/ZCloN0DrsfFU7DeEYogwpg
安全技术
[运维安全]  Suricata IDS 入门 -- 规则详解
https://mp.weixin.qq.com/s/4__p-St6PVmxHGF3CHG4ew
[Web安全]  vulstudy: 使用docker快速搭建各大漏洞学习平台
https://github.com/c0ny1/vulstudy
[运维安全]  红队网络基础设施建设
https://paper.seebug.org/599/
[Web安全]  简单分析SQL注入语义分析库Libinjection
http://www.freebuf.com/articles/web/170930.html
[Web安全]   端口扫描器的几种代码实现方案
https://thief.one/
[Web安全]  Acunetix11-API接口利用开发
https://mp.weixin.qq.com/s/UVdOPStSVM5-6ekj4BqJfQ
[漏洞分析]  以太坊智能合约安全 Dasp Top10
https://paper.seebug.org/603/
[比赛]  强网杯拟态防御赛ez_upload Writeup
https://xz.aliyun.com/t/2337
[移动安全]  微信赌场—H5棋牌游戏渗透之旅
https://bbs.ichunqiu.com/thread-40227-1-1.html?from=sec
[比赛]  Writeups: 国内各大CTF赛题及writeup整理
https://github.com/susers/Writeups
[比赛]  2018全国网络空间安全技术大赛web&misc&crypto题解
https://www.anquanke.com/post/id/144862
[Web安全]  PHP_Source_Audit_Tools: PHP 白盒分析工具
https://github.com/lcatro/PHP_Source_Audit_Tools
[Web安全]  渗透技巧之资产探测与信息收集
https://mp.weixin.qq.com/s/bGAnZ7RASEN8IiyI4E8nog
[移动安全]  XSS钓鱼某网约车后台一探究竟,乘客隐私暴露引发思考
https://bbs.ichunqiu.com/thread-40408-1-1.html?from=sec
[设备安全]  路由器漏洞分析入门:D-Link Service.Cgi远程命令执行漏洞
http://blog.nsfocus.net/router-vulnerability/
[漏洞分析]  CVE-2018-8120 Analysis and Exploit
https://paper.seebug.org/602/
[漏洞分析]  Spring Security OAuth2 RCE(CVE-2018-1260)漏洞分析
https://mp.weixin.qq.com/s/5nTz6bexDFLkIT5EfDpnYA
[比赛]  2018 腾讯TP游戏安全技术竞赛-决赛进阶版write-up
https://blog.his.cat/a/mtp_competition_2018_1.cat
[取证分析]  利用网络测绘深挖博彩平台的产业链
https://mp.weixin.qq.com/s/aOlZmdzzye2AsqGDa3hcbg
[文档]  2017 年我国互联网网络安全态势综述
http://www.cert.org.cn/publish/main/upload/File/situation.pdf
[Web安全]  端口转发流量操控工具总结
http://www.freebuf.com/articles/web/171589.html
[漏洞分析]  Arbitrary Code Execution at Ring 0 using CVE-2018-8897
https://blog.can.ac/2018/05/11/arbitrary-code-execution-at-ring-0-using-cve-2018-8897/
[数据挖掘]  对深度学习系统的数据流攻击
https://www.anquanke.com/post/id/144837
[其它]  以太坊智能合约安全入门了解一下(上)
http://rickgray.me/2018/05/17/ethereum-smart-contracts-vulnerabilites-review/
[文档]  区块链产业安全分析报告
https://www.bcsec.org/blockchainsecurity_v1.pdf
[恶意分析]  GPON 漏洞的在野利用(三)——Mettle、Hajime、Mirai、Omni、Imgay
http://blog.netlab.360.com/gpon-exploit-in-the-wild-iii-mettle-hajime-mirai-omni-imgay/
[Web安全]  LocationSmart API Vulnerability
https://www.robertxiao.ca/hacking/locationsmart/
[杂志]  SecWiki周刊(第219期)
https://www.sec-wiki.com/weekly/219
[恶意分析]  Phantom-Evasion: Python AV evasion tool capable to generate FUD executable
https://github.com/oddcod3/Phantom-Evasion
[恶意分析]  A Deep Dive Into RIG Exploit Kit Delivering Grobios Trojan
https://www.fireeye.com/blog/threat-research/2018/05/deep-dive-into-rig-exploit-kit-delivering-grobios-trojan.html
[取证分析]  利用LLMNR结合PDF文件获取PC Hashes
http://www.freebuf.com/articles/network/171634.html
[Web安全]  OWASP-Web-Checklist: OWASP Web Application Security Testing Checklist
https://github.com/0xRadi/OWASP-Web-Checklist
[编程技术]  kubernetes从入门到放弃1--(墙内安装+资源概念)
https://jiayi.space/post/kubernetescong-ru-men-dao-fang-qi-1-qiang-nei-an-zhuang-zi-yuan-gai-nian
[编程技术]  kubernetes从入门到放弃3--(网络原理)
https://jiayi.space/post/kubernetescong-ru-men-dao-fang-qi-3-wang-luo-yuan-li
[Web安全]  Facebook Bug Bounty:“Client-Side” CSRF
https://www.facebook.com/notes/facebook-bug-bounty/client-side-csrf/2056804174333798/
[运维安全]  利用Java反射和类加载机制绕过JSP后门检测
https://xz.aliyun.com/t/2342
[数据挖掘]  phonedata: 手机号码归属地信息库
https://github.com/xluohome/phonedata
[编程技术]  kubernetes从入门到放弃2--(组件架构)
https://jiayi.space/post/kubernetescong-ru-men-dao-fang-qi-2-zu-jian-jia-gou
[恶意分析]  针对恶意PowerShell后门PRB的分析
https://www.anquanke.com/post/id/144948
[取证分析]  watermark: 网站的水印组件 降低数据泄密风险
https://github.com/saucxs/watermark
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第220期)