SecWiki周刊(第225期)
2018/06/18-2018/06/24
安全资讯
[人物]  颜新兴:一个安全老兵眼里的中国信息安全技能竞赛
https://mp.weixin.qq.com/s/VQKyx-hQaqgwjzMm3NdszA
[人物]  姜开达:安全需要耐得住寂寞,日积月累地做下去
https://mp.weixin.qq.com/s/MbGGNZhnDk9s_29_NwPnEA
[新闻]  2018年以色列网络周内塔尼亚胡总理演讲实录
https://mp.weixin.qq.com/s/UVsGnhCaoMQv_snvXKx5xw
安全技术
[会议]  先知白帽大会2018 议题下载
https://paper.seebug.org/625/
[Web安全]  记一次初级渗透测试模拟过程
https://www.secpulse.com/archives/72738.html
[运维安全]  Fuxi-Scanner: 开源的网络安全检测工具
https://github.com/jeffzh3ng/Fuxi-Scanner
[文档]  信息安全知识库 2018全站离线打包
https://pan.baidu.com/s/1gf4Brb1#list/path=%2F
[Web安全]  我的WAF Bypass实战系列
https://mp.weixin.qq.com/s/3_l-Zi7EH6D_N1imY61nsg
[漏洞分析]  Struts-S2-xxx: 整理收集Struts2漏洞环境
https://github.com/sie504/Struts-S2-xxx
[运维安全]  mail_fishing: 甲方安全系统-内部钓鱼系统
https://github.com/MSG-maniac/mail_fishing
[杂志]  SecWiki周刊(第224期)
https://www.sec-wiki.com/weekly/224
[编程技术]  ip2region - 最自由的ip地址查询库
https://gitee.com/lionsoul/ip2region
[其它]  金融企业数据安全建设实践系列(一)
https://mp.weixin.qq.com/s/fiQqdARZ9NBeKI85mUPJOQ
[比赛]  天枢CTF线下赛-2018
http://momomoxiaoxi.com/awd/2018/06/11/TSCTF/
[Web安全]  GraphQL安全总结与测试技巧
https://www.anquanke.com/post/id/147455
[运维安全]  一次红队之旅
https://xz.aliyun.com/t/2389
[其它]  以太坊智能合约call注入攻击
https://mp.weixin.qq.com/s/l3QBZwacLjIzu6KlpUvuWw
[比赛]  Game-of-Thrones-CTF-1.0靶机实战演练
http://www.freebuf.com/articles/web/175048.html
[漏洞分析]  区块链安全思考
https://xz.aliyun.com/t/2395
[Web安全]  高级CORS利用技术
http://www.4hou.com/technology/12117.html
[漏洞分析]  以太坊智能合约call注入攻击
https://blog.csdn.net/u011721501/article/details/80757811
[Web安全]  SOCKS5代理-ew 正向、反向、多级级联
https://www.bodkin.ren/index.php/archives/677/
[漏洞分析]  Default passwords from CIRT website
https://gist.github.com/PaulSec/26251d56134c7fedb2176f2290202546
[数据挖掘]  一文概览机器学习面临的所有攻击类型
https://mp.weixin.qq.com/s/ixdE3ld0qOOpj7F_kLmmSg
[漏洞分析]  利用定时任务(Cronjobs)进行Linux提取
https://xz.aliyun.com/t/2401
[其它]  金融企业数据安全建设实践系列(二)
https://mp.weixin.qq.com/s/k1dmW2UBLYLrrOpmtaAoag
[Web安全]  Hash-Buster: 集成多API的hash查询工具
https://github.com/s0md3v/Hash-Buster
[恶意分析]  Beginner Malware Reversing Challenges
http://www.malwaretech.com/beginner-malware-reversing-challenges
[编程技术]  容器管理利器:Web Terminal 简介
https://mp.weixin.qq.com/s/zlHJTxDeHgjn9A9XuYp9fQ
[恶意分析]  MalwLess: MalwLess Simulation Tool (MST)
https://github.com/n0dec/MalwLess
[漏洞分析]  LFIboomCTF: 本地文件包含漏洞&&PHP利用协议&&实践源码
https://github.com/Go0s/LFIboomCTF
[漏洞分析]  CTF中格式化字符串漏洞快速利用
https://www.anquanke.com/post/id/147666
[比赛]  JIS-CTF_VulnUpload靶机攻略
http://www.freebuf.com/vuls/175057.html
[恶意分析]  Malware Analysis Report (AR18-165A)
https://www.us-cert.gov/ncas/analysis-reports/AR18-165A
[恶意分析]  Modern Linux Malware Exposed
http://s3.eurecom.fr/~invano/slides/recon18_linux_malware.pdf
[设备安全]  工业控制系统(ICS)安全专家必备的测试工具和安全资源
http://www.freebuf.com/sectool/174567.html
[运维安全]  SOC日志收集实践:企业邮件服务日志收集
http://www.freebuf.com/articles/es/174281.html
[取证分析]  honeytrap: Advanced Honeypot framework
https://github.com/honeytrap/honeytrap
[恶意分析]  Obscure-IP-Obfuscator: obscure any IP address
https://github.com/C-REMO/Obscure-IP-Obfuscator
[漏洞分析]  以太坊智能合约Owner相关CVE漏洞分析
http://0x48.pw/2018/06/19/0x43/
[漏洞分析]  先知议题 Java反序列化实战 解读
https://mp.weixin.qq.com/s/ohga7Husc9ke5UYuqR92og
[Web安全]  敏信审计系列之EOS开发框架
https://mp.weixin.qq.com/s/4Ejshk7x71L9INB0grj5mw
[数据挖掘]  auto_ml: Automated machine learning for analytics & production
https://github.com/ClimbsRocks/auto_ml
[数据挖掘]  Open Source Datasets with Kaggle
http://blog.kaggle.com/2018/06/21/open-source-datasets-with-kaggle/
[数据挖掘]  深度学习在文本领域的应用
https://tech.meituan.com/deep_learning_doc.html
[Web安全]  Pentester's Windows NTFS Tricks Collection
https://www.sec-consult.com/en/blog/2018/06/pentesters-windows-ntfs-tricks-collection/
[恶意分析]  Android Ransomware Dataset
http://csp.whu.edu.cn/RansomProber/
[恶意分析]   Open-Source Intelligence Gathering and Social Engineering
https://docs.google.com/presentation/d/1cYYg_VfG3pmTnQl9Ek4Pi5M9oK72vbHcEQOsfMb-bd8/edit#slide=id.p1
[论文]  EuroS&P 2018 论文录用列表
https://mp.weixin.qq.com/s/36DRLvoM0VyXKMbdIf1OLA
[漏洞分析]  ATN 抵御合约攻击的报告—基于ERC223与DS-AUTH的混合漏洞
https://paper.seebug.org/621/
[恶意分析]  Analyzing Shellcode of GrandSoft's CVE-2018-8174
https://www.nao-sec.org/2018/06/analyzing-shellcode-of-grandsofts-cve.html
[运维安全]  通过MySQL-Proxy实现MySQL数据库的认证、授权与审计
http://www.freebuf.com/articles/database/174712.html
[漏洞分析]  MEDIACODER 0.8.43.5852 - .M3U缓冲区溢出漏洞
http://whereisk0shl.top/post/2018-06-23
[无线安全]  PRISM-AP: An automated Wireless RogueAP MITM attack framework
https://github.com/1N3/PRISM-AP
-----微信ID:SecWiki-----
SecWiki,5年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第225期)