SecWiki周刊(第222期)
2018/05/28-2018/06/03
安全资讯
[新闻]  基于RISC-V的安全芯片方案
https://www.solidot.org/story?sid=56661
安全技术
[Web安全]  side-channel-attacking-browsers-through-css3-features
https://www.evonide.com/side-channel-attacking-browsers-through-css3-features/
[工具]  史上最强内网渗透知识点总结
https://mp.weixin.qq.com/s/U2MqcjA_YmMlajJzvDCZZw
[漏洞分析]  Gitlab远程代码执行漏洞分析
http://blackwolfsec.cc/2018/05/30/Gitlab_rce/
[工具]  w8fuckcdn:扫描全网获得真实IP自动化程序
https://github.com/boy-hack/w8fuckcdn
[Web安全]  对某Flask应用的简单审计
http://foreversong.cn/archives/1206
[比赛]  2018信息安全铁人三项数据赛题解
https://www.anquanke.com/post/id/146704
[漏洞分析]  syzkaller: unsupervised, coverage-guided kernel fuzzer
https://github.com/google/syzkaller
[数据挖掘]  scylla:一款高质量的免费代理 IP 池工具
https://github.com/imWildCat/scylla
[运维安全]  SecurityManageFramwork:企业内网安全管理平台
https://github.com/qianniaoge/-SecurityManageFramwork
[比赛]  SUCTF 2018 Web Writeup
http://sec2hack.com/ctf/suctf-2018-web-writeup.html
[恶意分析]  SideWinder“响尾蛇”APT组织(T-APT-04):针对南亚的定向攻击威胁
http://www.freebuf.com/articles/paper/172628.html
[编程技术]  爬虫调度篇[Web 漏洞扫描器]
https://mp.weixin.qq.com/s/MO40KHt7cAMg5HPpydJgOg
[Web安全]  Bypass 360主机卫士SQL注入防御(多姿势)
https://mp.weixin.qq.com/s/rfc9tOkKT3gGHwRSrRbtGQ
[其它]  eos-bp-nodes-security-checklist: EOS超级节点安全执行指南
https://github.com/slowmist/eos-bp-nodes-security-checklist
[漏洞分析]  RCE with Git submodule分析-CVE-2018-11235
https://xz.aliyun.com/t/2371
[运维安全]  Docker容器安全最佳实践白皮书V1.0
http://www.dosec.cn/dosecwp.pdf
[漏洞分析]  serianalyzer: A static byte code analyzer for Java deserialization gadget
https://github.com/mbechler/serianalyzer
[编程技术]  jackfrued/Python-100-Days: Python
https://github.com/jackfrued/Python-100-Days
[设备安全]  360 Marvel Team IOT安全系列第一篇dji mavic破解
https://www.anquanke.com/post/id/146478
[Web安全]  AssassinGo: 基于Go的高并发可拓展式Web渗透框架
https://xz.aliyun.com/t/2362
[数据挖掘]  用Python对用户评论典型意见进行数据挖掘
https://mp.weixin.qq.com/s/37Ufu4ENqtYONoul2jK7uA
[运维安全]  insight: 洞察-应用系统资产/漏洞全生命周期/安全知识库平台
https://github.com/creditease-sec/insight?from=timeline&isappinstalled=0
[恶意分析]  Phorpiex malware spreads GandCrab phishing emails
http://blog.inquest.net/blog/2018/05/29/phorpiex-spreads-gandcrab/
[Web安全]  Web安全研究人员是如何炼成的?
https://xz.aliyun.com/t/2358
[漏洞分析]  从Ethernaut学习智能合约审计(二)
https://www.bubbles966.cn/blog/2018/05/07/analyse_dapp_by_ethernaut_2/
[Web安全]  渗透技巧--XSS三重URL编码绕过实例
https://mp.weixin.qq.com/s/27_ElU2oqsv9Wu6yvZ-7DQ
[数据挖掘]  Kaggle 项目实战(教程) = 文档 + 代码 + 视频
https://github.com/apachecn/kaggle
[Web安全]  如何渗透测试以太坊dApps
https://www.anquanke.com/post/id/146602
[Web安全]  Mysql UDF BackDoor
https://xz.aliyun.com/t/2365
[取证分析]  snare: Super Next generation Advanced Reactive honEypot
https://github.com/mushorg/snare
[恶意分析]  DNS-Analysis: 非法域名挖掘与画像系统
https://github.com/Shallownight/DNS-Analysis
[漏洞分析]  从Ethernaut学习智能合约审计(一)
https://www.bubbles966.cn/blog/2018/05/05/analyse_dapp_by_ethernaut/
[Web安全]  GyoiThon: growing penetration test tool using Machine Learning
https://github.com/gyoisamurai/GyoiThon
[设备安全]  IoTSecurity101: From IoT Pentesting to IoT Security
https://github.com/V33RU/IoTSecurity101
[恶意分析]  VPNFilter-新型IoT Botnet深度解析
https://mp.weixin.qq.com/s/SnchceLdNX7JYiWfSH2Hmw
[Web安全]  利用Java反射和类加载机制绕过JSP后门检测
https://mp.weixin.qq.com/s/6a0t7qs1Wf7_Qq71ZrqH5Q
[Web安全]  phpMyadmin提权那些事
https://bbs.ichunqiu.com/thread-41091-1-1.html?from=sec
[漏洞分析]  EOS节点远程代码执行漏洞细节
http://blogs.360.cn/blog/eos-node-remote-code-execution-vulnerability/
[杂志]  SecWiki周刊(第221期)
https://www.sec-wiki.com/weekly/221
[Web安全]  暴破助攻提权:ruadmin
https://github.com/yangyangwithgnu/ruadmin
[运维安全]  PublicMonitors: 公网IP列表端口服务及弱口令周期扫描
https://github.com/grayddq/PublicMonitors
[编程技术]  图说设计模式 — Graphic Design Patterns
http://design-patterns.readthedocs.io/zh_CN/latest/index.html
[取证分析]  远程身份验证地理位置分析工具—GeoLogonalyzer
http://www.4hou.com/tools/11890.html
[Web安全]  GraphQL - Security Overview and Testing Tips
https://blog.doyensec.com/2018/05/17/graphql-security-overview.html
[恶意分析]  JavaScript based Bot using Github C&C
http://www.pwncode.club/2018/05/javascript-based-bot-using-github-c.html
[恶意分析]  Quick analysis of malware created with NSIS
https://isc.sans.edu/diary/rss/23703
[论文]  基于用户数据改变检测并阻止勒索软件
http://www.arkteam.net/?p=3676
[数据挖掘]  用分布式深度森林算法检测套现欺诈
https://mp.weixin.qq.com/s/dWVPLd3T5uEnCANdDa1Qfw
[恶意分析]  优化更新 php backdoor for Windows
https://micropoor.blogspot.jp/2018/05/php-backdoor-for-windows.html
[数据挖掘]  数字金融反欺诈白皮书
http://finance.qq.com/original/caijingzhiku/yzzk12.html
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第222期)