SecWiki周刊(第231期)
2018/07/30-2018/08/05
安全资讯
[其它]  “网鼎杯”网络安全大赛正式启动
http://tech.huanqiu.com/net/2018-07/12590992.html
[观点]  美司法部对12名俄罗斯情报人员的起诉书里证明了什么
https://mp.weixin.qq.com/s/0KO-P-himo_AHeDJIQB8iw
[新闻]  DARPA推出人工智能探索计划(AIE)
https://mp.weixin.qq.com/s/foTtmnNwNavEIvb_6t7G1A
安全技术
[比赛]  金融业网络安全攻防比赛热身赛writeup
https://mp.weixin.qq.com/s/gwtdAeBy6dKViiZJbgKMSA
[会议]  入选 BlackHat USA 2018 中国议题解读
https://www.anquanke.com/post/id/153621
[恶意分析]  基于Docker的蜜罐平台搭建:T-Pot 17.10
http://www.freebuf.com/sectool/178998.html
[数据挖掘]  百度安全开源大规模图数据库HugeGraph
https://mp.weixin.qq.com/s/Pwwy3IrE-iGH_iU4zfwNnA
[Web安全]  Web渗透测试笔记
https://xz.aliyun.com/t/2516
[恶意分析]  全球高级持续性威胁(APT)2018年中报告
https://mp.weixin.qq.com/s/6XeIadXDXlY0ATgJyXl8Rw
[Web安全]  SSL/TLS协议详解(上):密码套件,哈希,加密,密钥交换算法
https://xz.aliyun.com/t/2526
[漏洞分析]  OpenTSDB远程命令执行漏洞分析 -CVE-2018-12972
https://xz.aliyun.com/t/2511
[Web安全]  基于反序列化的Oracle提权
https://xz.aliyun.com/t/2506
[恶意分析]  腾讯安全2018上半年高级持续性威胁(APT)研究报告
https://mp.weixin.qq.com/s/UfsiyPz02h2KhsY-C5l2qQ
[比赛]  ISITDTU CTF 2018 部分Web题目Writeup
https://www.anquanke.com/post/id/153258
[恶意分析]  Escaping the Sandbox – Microsoft Office on MacOS
https://www.mdsec.co.uk/2018/08/escaping-the-sandbox-microsoft-office-on-macos/
[数据挖掘]  基于GRU和am-softmax的句子相似度模型
https://kexue.fm/archives/5743
[比赛]  RealWorld CTF Writeup by r3kapig
https://xz.aliyun.com/t/2513
[恶意分析]  中国香港地区 DDoS-botnet 分析报告
https://xz.aliyun.com/t/2515
[恶意分析]  论高级威胁的本质和攻击力量化研究
http://www.vxjump.net/files/aptr/aptr.txt
[工具]  RIPS源码精读(一):逻辑流程及lib文件夹大致说明
https://xz.aliyun.com/t/2502
[Web安全]  记一次Java反序列化漏洞的发现和修复
http://www.polaris-lab.com/index.php/archives/567/
[漏洞分析]  seacms v6.61 审计深入思考
https://www.anquanke.com/post/id/153402
[恶意分析]  On the Hunt for FIN7: Pursuing an Enigmatic and Evasive Global Criminal Operatio
https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html
[Web安全]  ISITDTU CTF-Web
https://xz.aliyun.com/t/2500
[取证分析]  威胁情报的艺术
http://www.4hou.com/info/attitude/12876.html
[Web安全]  CVE-2015-1641 Office类型混淆漏洞及shellcode分析
https://bbs.ichunqiu.com/thread-43546-1-1.html?from=sec
[取证分析]  Metadata Investigation : Inside Hacking Team
https://labs.rs/en/metadata/
[移动安全]  是什么“生物探针技术”?
https://mp.weixin.qq.com/s/xe9xVOYKJkvkHGtJpwcWJw
[恶意分析]  Ropnn: Detection of ROP Payloads Using Deep Neural Networks
https://arxiv.org/pdf/1807.11110.pdf
[数据挖掘]  机器学习为恶意软件加密流量的分类:考虑有噪音的标签和非平稳性
https://www.jianshu.com/p/47b5b6f3a244
[恶意分析]  lets-learn-in-depth-reversing-of-qakbot
https://www.vkremez.com/2018/07/lets-learn-in-depth-reversing-of-qakbot.html
[取证分析]  大数据时代下的隐私保护(三)
https://mp.weixin.qq.com/s/oB9fcXX2nwEHDN6po1p3fQ
[恶意分析]  Malware Analysis using Osquery Part 1
https://www.alienvault.com/blogs/labs-research/malware-analysis-using-osquery-part-1
[文档]  Quick, how do I find all user accounts on a Windows PC and their login count
https://boncaldoforensics.wordpress.com/2018/08/01/4n6-quick-01-windows-users-list-login-count/
[取证分析]  物联网设备固件的安全性分析
http://blog.nsfocus.net/security-analysis-of-the-firmware-of-iot/
[恶意分析]  分析一个有趣的蜜罐合约
https://www.anquanke.com/post/id/153109
[设备安全]  工控安全现场实施经验谈之工控系统如何加强主机防护
http://www.freebuf.com/articles/network/178251.html
[论文]  ICWSM 2018 论文录用列表
https://mp.weixin.qq.com/s/-wnTQ5KEIuGrviQOQBiS6g
[比赛]  Real World CTF 2018 ccls-fringe命題報告
http://maskray.me/blog/2018-07-31-real-world-ctf-2018-ccls-fringe
[漏洞分析]  Attacking the ARM's TrustZone
https://blog.quarkslab.com/attacking-the-arms-trustzone.html
[恶意分析]  威胁情报杂谈— IOC情报评测
https://www.jianshu.com/p/874911058406
[论文]  工业移动物联网恶意软件威胁和检测
https://mp.weixin.qq.com/s/XS1igbmVxCW6KokSaOS3ew
[恶意分析]  MalAnalyzer: 基于docker虚拟化的恶意代码沙箱
https://github.com/felicitychou/MalAnalyzer
[恶意分析]  解密LockCrypt勒索软件
https://xz.aliyun.com/t/2498
[恶意分析]  应用归因溯源方法分析网络政治干预行动—Facebook的实践尝试
https://mp.weixin.qq.com/s/aMsAvZOF8WOWpVmyqQNrcQ
-----微信ID:SecWiki-----
SecWiki,5年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第231期)