SecWiki周刊(第227期)
2018/07/02-2018/07/08
安全资讯
[观点]  兰德报告-与中国开战
https://mp.weixin.qq.com/s/hKz9HNmt49av5I0teKIFHg
[人物]  杨卿自述:关于黑客男神的下一个十年
https://mp.weixin.qq.com/s/4DskkWpuvzEPgxRNrZrt2w
[新闻]  WCTF,一场属于黑客的世界杯狂欢
https://mp.weixin.qq.com/s/JUbs4wPBDSGUIEjORjvXCw
[新闻]  白宫或将启动全球APT黑客组织全面调查
https://mp.weixin.qq.com/s/8cOywyuewCknJ_D5wqwFzg
[新闻]  安全学术圈招募队友
https://mp.weixin.qq.com/s/96Ke7gQGhQ8xoMDzhlqPZg
[新闻]  法律合规视角下的等级保护条例
http://www.freebuf.com/articles/security-management/176208.html
[新闻]  26个字母带你了解DARPA
https://mp.weixin.qq.com/s/vl6OcqS5v7oP-8PrW95Pww
安全技术
[Web安全]  微信支付SDK存在XXE漏洞
https://xz.aliyun.com/t/2426
[Web安全]  渗透技巧之内网渗透思路
https://mp.weixin.qq.com/s/SfSXcb0J-hGSyNEaxKfNXQ
[Web安全]  onlinetools: 线上工具箱开源
https://github.com/iceyhexman/onlinetools
[其它]  中国网络安全产品分类及全景图2018.7
https://mp.weixin.qq.com/s/VTuUh2Fy2KYhMycqHWi38g
[其它]  金融企业安全从业者的未来
https://mp.weixin.qq.com/s/1Gpt5mRMEOkxXvd3ciHuqA
[Web安全]  sql注入fuzz bypass waf
https://xz.aliyun.com/t/2418
[编程技术]  Elasticsearch史上最全最常用工具清单
https://mp.weixin.qq.com/s/s2ema4tIXKcqTNUUhjGt1w
[Web安全]  fortify漏洞的学习途径
https://mp.weixin.qq.com/s/WYpLsML33xQBmRkDx3V52Q
[漏洞分析]  PublicCMS 任意目录文件写入漏洞分析与利用
https://mp.weixin.qq.com/s/bbEMrUkD5ItQAeiBj4mErw
[其它]  信息安全规划文档的编写
https://xz.aliyun.com/t/2424
[Web安全]  weixin:// 跳转研究
https://liball.me/jump-to-weixin/
[运维安全]  知乎十万级容器规模的分布式镜像仓库实践
https://zhuanlan.zhihu.com/p/39004143
[Web安全]  Mysql实时监控脚本
http://foreversong.cn/archives/1263
[设备安全]  IoTSecurityNAT: IoT安全测试系统
https://github.com/3rdbody/IoTSecurityNAT
[观点]  从FireEye发展看产品规划
https://www.jianshu.com/p/e78a869c7f8c
[恶意分析]  蓝宝菇-核危机行动揭露
https://mp.weixin.qq.com/s/BmHQsiNIRdgmGBtsAPdjTQ
[漏洞分析]  HDwiki二次注入案例分享
http://www.freebuf.com/vuls/175911.html
[Web安全]  Linux pwn入门教程(0)——环境配置
https://bbs.ichunqiu.com/thread-42239-1-1.html?from=sec
[Web安全]  登录框之另类思考:来自客户端的欺骗
http://www.freebuf.com/vuls/175884.html
[数据挖掘]  使用 Apache Spark 和 Elasticsearch 构建一个推荐系统
https://github.com/IBM/elasticsearch-spark-recommender/blob/master/README-cn.md
[漏洞分析]  以太坊学习—从私有链、交易到智能合约
http://phantom0301.cc/2018/06/29/ether/
[恶意分析]  灰熊矿业?BearMiner的创业之路
https://mp.weixin.qq.com/s/NEvX_Od3dgQrk9fHHV62Mw
[Web安全]  分布式Web漏洞扫描服务建设实践—衡量指标及解决实践(2)
https://mp.weixin.qq.com/s/P9LJe2ZFbgdB2FkD2km5WA
[比赛]  CTF PWN堆溢出总结
http://www.freebuf.com/articles/system/171261.html
[取证分析]  AccessLogAnylast: 支持Nginx、Apache、Tomcat等标准WEB日志的分析
https://github.com/cisp/AccessLogAnylast
[Web安全]  Bypassing Web-Application Firewalls by abusing SSL/TLS
https://0x09al.github.io/waf/bypass/ssl/2018/07/02/web-application-firewall-bypass.html
[设备安全]  物联网安全硬件修改系列-硬改
https://future-sec.com/iot-security-hardware-modification.html
[Web安全]  PHP使用流包装器实现WebShell
http://www.freebuf.com/articles/web/176571.html
[数据挖掘]  使用PaddleFluid和TensorFlow训练RNN语言模型
https://mp.weixin.qq.com/s/JULU6bO7sPUbEJZ9tUDqiQ
[恶意分析]  Delving deep into VBScript: Analysis of CVE-2018-8174 exploitation
https://securelist.com/delving-deep-into-vbscript-analysis-of-cve-2018-8174-exploitation/86333/
[恶意分析]  Taking apart a double zero-day sample discovered in joint hunt with ESET
https://cloudblogs.microsoft.com/microsoftsecure/2018/07/02/taking-apart-a-double-zero-day-sample-discovered-in-joint-hunt-with-eset/
[运维安全]  基于Tor网络的钓鱼邮件分析
http://www.freebuf.com/articles/system/175721.html
[恶意分析]  RANCOR: 针对东南亚的APT攻击
https://mp.weixin.qq.com/s/n75EFy-2f_8FdxURzGU45g
[取证分析]  Log-killer: Clear all your logs in [linux/windows] servers
https://github.com/Rizer0/Log-killer
[数据挖掘]  UAS-点评侧用户行为检索系统
https://tech.meituan.com/dp_user_action_system.html
[恶意分析]  从M-Trends 报告的两个指标谈起
https://mp.weixin.qq.com/s/_eVf8RZgHGsMTo-jsCGGJQ
[漏洞分析]  BlockChain-Security-List Repo
https://github.com/im-bug/BlockChain-Security-List
[取证分析]  dftimewolf: A framework for orchestrating forensic
https://github.com/log2timeline/dftimewolf
[设备安全]  嵌入式系统的安全技术分析(一)
https://mp.weixin.qq.com/s/At93VzqqDtAV7mhyRY7lfw
[数据挖掘]  Mastering Machine Learning for Penetration Testing
https://github.com/PacktPublishing/Mastering-Machine-Learning-for-Penetration-Testing
[漏洞分析]  IoT安全测试之通信测试环境及方法
https://mp.weixin.qq.com/s/yPNxqzQ0qHtQarNBUPBzQg
[Web安全]  HTTP Evader - Automate Firewall Evasion Tests
https://noxxi.de/research/http-evader.html
-----微信ID:SecWiki-----
SecWiki,5年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第227期)