SecWiki周刊(第224期)
2018/06/11-2018/06/17
安全资讯
安全技术
PHP 源代码审计的Sublime插件
https://github.com/WangYihang/Find-PHP-Vulnerabilities
https://github.com/WangYihang/Find-PHP-Vulnerabilities
Shodan的http.favicon.hash语法详解与使用技巧
https://www.cnblogs.com/miaodaren/p/9177379.html
https://www.cnblogs.com/miaodaren/p/9177379.html
Ghost Tunnel
https://blog.sectown.cn/archives/360/
https://blog.sectown.cn/archives/360/
从EDR到威胁情报运营—浅谈终端化的情报部署
https://zhuanlan.zhihu.com/p/38009342
https://zhuanlan.zhihu.com/p/38009342
permeate: 渗透测试演练的 Web系统
https://github.com/78778443/permeate
https://github.com/78778443/permeate
how-i-found-cve-2018-8819-out-of-band-(oob)-xxe
https://www.coalfire.com/Solutions/Coalfire-Labs/The-Coalfire-LABS-Blog/june-2018/how-i-found-cve-2018-8819-out-of-band-(oob)-xxe
https://www.coalfire.com/Solutions/Coalfire-Labs/The-Coalfire-LABS-Blog/june-2018/how-i-found-cve-2018-8819-out-of-band-(oob)-xxe
通过Joe Sandbox Linux沙箱对VPNFilter的分析报告
https://mp.weixin.qq.com/s/MsLj0rNAVrXQYhf8x7dR1A
https://mp.weixin.qq.com/s/MsLj0rNAVrXQYhf8x7dR1A
phpMyAdmin 4.7.x CSRF 漏洞利用
https://bbs.ichunqiu.com/thread-41620-1-1.html?from=sec
https://bbs.ichunqiu.com/thread-41620-1-1.html?from=sec
How to accelerate Suricata, Bro, Snort with PF_RING FT
https://www.ntop.org/pf_ring/how-to-accelerate-suricata-bro-snort-with-pf_ring-ft/
https://www.ntop.org/pf_ring/how-to-accelerate-suricata-bro-snort-with-pf_ring-ft/
openzaly:私有聊天服务器源代码
https://github.com/akaxincom/openzaly
https://github.com/akaxincom/openzaly
STRIDE威胁建模漫谈
https://www.secrss.com/articles/3298
https://www.secrss.com/articles/3298
渗透技巧--浅析web暴力猜解
https://mp.weixin.qq.com/s/dSIFoBdr44BLc7TrPR8u8Q
https://mp.weixin.qq.com/s/dSIFoBdr44BLc7TrPR8u8Q
Use DNS Rebinding to Bypass SSRF in Java
https://bbs.ichunqiu.com/thread-41671-1-1.html?from=sec
https://bbs.ichunqiu.com/thread-41671-1-1.html?from=sec
打造高效研发团队 — 组织架构篇
https://mp.weixin.qq.com/s/P6bglKh7wsm483dPqXCjkQ
https://mp.weixin.qq.com/s/P6bglKh7wsm483dPqXCjkQ
MirageFox: APT15 Resurfaces With New Tools Based On Old Ones
https://www.intezer.com/miragefox-apt15-resurfaces-with-new-tools-based-on-old-ones/
https://www.intezer.com/miragefox-apt15-resurfaces-with-new-tools-based-on-old-ones/
permeate靶场漏洞挖掘思路分享
https://bbs.ichunqiu.com/thread-41523-1-1.html?from=sec
https://bbs.ichunqiu.com/thread-41523-1-1.html?from=sec
从零开始邮件服务器搭建
https://www.jianshu.com/p/610d9bf0ae8b
https://www.jianshu.com/p/610d9bf0ae8b
开源软件源代码安全缺陷分析报告—框架类软件专题
https://mp.weixin.qq.com/s/9zldhnbPYJy_YHPVXXk8ag
https://mp.weixin.qq.com/s/9zldhnbPYJy_YHPVXXk8ag
Powershell渗透测试系列–进阶篇
https://bbs.ichunqiu.com/thread-41561-1-1.html?from=sec
https://bbs.ichunqiu.com/thread-41561-1-1.html?from=sec
Android逆向——so反编译分析由浅入深
https://bbs.ichunqiu.com/thread-41629-1-1.html?from=sec
https://bbs.ichunqiu.com/thread-41629-1-1.html?from=sec
the-tale-of-settingcontent-ms-files
https://posts.specterops.io/the-tale-of-settingcontent-ms-files-f1ea253e4d39
https://posts.specterops.io/the-tale-of-settingcontent-ms-files-f1ea253e4d39
互联网安全小兵的日常:如何“体面”地与业务打交道
https://mp.weixin.qq.com/s/eHpKq3IZIz0RugBubFgUww
https://mp.weixin.qq.com/s/eHpKq3IZIz0RugBubFgUww
SecWiki周刊(第223期)
https://www.sec-wiki.com/weekly/223
https://www.sec-wiki.com/weekly/223
在空会话和用户枚举中的一个新视角
https://bbs.ichunqiu.com/thread-41680-1-1.html?from=sec
https://bbs.ichunqiu.com/thread-41680-1-1.html?from=sec
Tomcat Config Security
https://joychou.org/operations/tomcat-config-security.html
https://joychou.org/operations/tomcat-config-security.html
Chrome 扩展安全开发和审计指南
https://thehackerblog.com/kicking-the-rims-a-guide-for-securely-writing-and-auditing-chrome-extensions/
https://thehackerblog.com/kicking-the-rims-a-guide-for-securely-writing-and-auditing-chrome-extensions/
titus:the Netflix container management platform
https://github.com/Netflix/titus
https://github.com/Netflix/titus
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第224期)
