SecWiki周刊(第244期)
2018/10/29-2018/11/04
安全资讯
2018年第一季度国外安全报告整合
https://mp.weixin.qq.com/s/ahrQdTt5SntctLhA04IEMw
https://mp.weixin.qq.com/s/ahrQdTt5SntctLhA04IEMw
卡巴斯基2018上半年物联网威胁的新趋势
https://mp.weixin.qq.com/s/afxYXUU2-iOhGpGhq00K1A
https://mp.weixin.qq.com/s/afxYXUU2-iOhGpGhq00K1A
Customer Portal opened to public
https://sissden.eu/blog/customer-portal-opened-to-public
https://sissden.eu/blog/customer-portal-opened-to-public
电信网络诈骗犯罪案件证据收集审查判断工作指引(浙江省)
https://mp.weixin.qq.com/s/lodWBnXkhAtCf4Rjv9liKA
https://mp.weixin.qq.com/s/lodWBnXkhAtCf4Rjv9liKA
解读-公安机关互联网安全监督检查规定
https://mp.weixin.qq.com/s/t19rT2_Hh1gg2gWL_Rdpvw
https://mp.weixin.qq.com/s/t19rT2_Hh1gg2gWL_Rdpvw
美国国防部扩展漏洞奖励工作 众测平台扩展到三家
https://mp.weixin.qq.com/s/YeKZEIXgVz_83jwkzyf-1g
https://mp.weixin.qq.com/s/YeKZEIXgVz_83jwkzyf-1g
特朗普政府网络安全政策走势及中国应对方略
https://mp.weixin.qq.com/s/FyqSNy7Up4vBbLrmRKFjbQ
https://mp.weixin.qq.com/s/FyqSNy7Up4vBbLrmRKFjbQ
安全技术
2018 京东 HITB 安全峰会议题 PPT 公布
https://paper.seebug.org/735/?from=timeline
https://paper.seebug.org/735/?from=timeline
iOS 12 / OS X *Remote Kernel Heap Overflow (CVE-2018-4407) POC
https://twitter.com/ihackbanme/status/1057811965945376768
https://twitter.com/ihackbanme/status/1057811965945376768
Mini_httpd组件漏洞影响257万IOT设备(CVE-2018-18778)
https://nosec.org/home/detail/1926.html
https://nosec.org/home/detail/1926.html
IAST-交互式应用安全测试简述
https://moonf1sh.github.io/2017/12/18/IAST%E7%AE%80%E8%BF%B0/
https://moonf1sh.github.io/2017/12/18/IAST%E7%AE%80%E8%BF%B0/
家居智能化背后,安全隐患顾虑只是顾虑吗?
https://www.kiwisec.com/news/detail/5bd914f7db30c341099f27ad.html
https://www.kiwisec.com/news/detail/5bd914f7db30c341099f27ad.html
CobaltStrike3.12 破解
https://www.cnblogs.com/ssooking/p/9825917.html
https://www.cnblogs.com/ssooking/p/9825917.html
preventing-mimikatz-attacks
https://medium.com/blue-team/preventing-mimikatz-attacks-ed283e7ebdd5
https://medium.com/blue-team/preventing-mimikatz-attacks-ed283e7ebdd5
企业安全建设技能树v1.0发布
https://mp.weixin.qq.com/s/JFWxsdnEPI5NEU1PlR-FjA
https://mp.weixin.qq.com/s/JFWxsdnEPI5NEU1PlR-FjA
CVE-2018-8453漏洞分析利用
https://www.anquanke.com/post/id/162894
https://www.anquanke.com/post/id/162894
基于异构图神经网络的恶意账户识别方法
https://mp.weixin.qq.com/s/oMFLtEULvIeX5Nu0K33lGw
https://mp.weixin.qq.com/s/oMFLtEULvIeX5Nu0K33lGw
Druid 与知乎数据分析平台
https://zhuanlan.zhihu.com/p/48046671
https://zhuanlan.zhihu.com/p/48046671
记一次省赛awd题目
http://foreversong.cn/archives/1326
http://foreversong.cn/archives/1326
威胁情报的上下文、标示及能够执行的建议
https://mp.weixin.qq.com/s/AZcCvYscVndYflaB8tTHeA
https://mp.weixin.qq.com/s/AZcCvYscVndYflaB8tTHeA
Gartner:2018年十大安全项目详解
https://mp.weixin.qq.com/s/TAIfmDxkfYVZ4lz6UQjGGg
https://mp.weixin.qq.com/s/TAIfmDxkfYVZ4lz6UQjGGg
ACSAC 2018 论文录用列表
https://mp.weixin.qq.com/s/IA4nqQexMCGoj_pPcwbzaA
https://mp.weixin.qq.com/s/IA4nqQexMCGoj_pPcwbzaA
phdays-8-etherhack-contest-writeup
https://blog.positive.com/phdays-8-etherhack-contest-writeup-794523f01248
https://blog.positive.com/phdays-8-etherhack-contest-writeup-794523f01248
中通分布式被动安全扫描实践
https://mp.weixin.qq.com/s/n9N6Nkg_RYEvPM2WnlG45w
https://mp.weixin.qq.com/s/n9N6Nkg_RYEvPM2WnlG45w
自动化反弹Shell防御技术
https://www.freebuf.com/articles/system/187584.html
https://www.freebuf.com/articles/system/187584.html
GitHub关键字扫描开源工具推荐
https://www.freebuf.com/articles/es/187669.html
https://www.freebuf.com/articles/es/187669.html
Windows-Secure-Host-Baseline: Windows 主机安全基线
https://github.com/nsacyber/Windows-Secure-Host-Baseline
https://github.com/nsacyber/Windows-Secure-Host-Baseline
利用Excel 4.0宏躲避杀软检测的攻击技术分析
https://mp.weixin.qq.com/s/KVpO02KJWE6OVZDb0ungOA
https://mp.weixin.qq.com/s/KVpO02KJWE6OVZDb0ungOA
sqlmap 检测剖析
https://paper.seebug.org/729/?from=timeline
https://paper.seebug.org/729/?from=timeline
网络空间(Cyber)态势感知体系发展
https://mp.weixin.qq.com/s/1o_7bCyqKDVBqm8LRdDp6Q
https://mp.weixin.qq.com/s/1o_7bCyqKDVBqm8LRdDp6Q
机器学习与威胁情报的融合:一种基于AI检测恶意域名的方法
https://www.freebuf.com/articles/es/187451.html
https://www.freebuf.com/articles/es/187451.html
美团大脑:知识图谱的建模方法及其应用
https://tech.meituan.com/meituan_AI_NLP.html
https://tech.meituan.com/meituan_AI_NLP.html
邮件伪造技术与检测
http://www.4hou.com/web/14340.html
http://www.4hou.com/web/14340.html
DedeCMS V57 SQL注入
https://moonf1sh.github.io/2018/10/30/DedeCMS-V57-SQL%E6%B3%A8%E5%85%A5/
https://moonf1sh.github.io/2018/10/30/DedeCMS-V57-SQL%E6%B3%A8%E5%85%A5/
从机器学习在垂直领域的应用探索第三届阿里云安全算法挑战赛
https://xz.aliyun.com/t/3106
https://xz.aliyun.com/t/3106
php-fpm环境的一种后门实现
https://www.anquanke.com/post/id/163197?from=timeline
https://www.anquanke.com/post/id/163197?from=timeline
网站真实IP发现手段浅谈
https://www.anquanke.com/post/id/163348
https://www.anquanke.com/post/id/163348
SQL注入的两个小Trick与总结
https://www.anquanke.com/post/id/158674
https://www.anquanke.com/post/id/158674
基于Apache Pulsar打造企业级事件中心
https://zhuanlan.zhihu.com/p/47930541
https://zhuanlan.zhihu.com/p/47930541
浅谈BeyondCorp(一)-受管设备与分层访问
https://mp.weixin.qq.com/s/-Gw-xhS1URokFqaxW4k1lQ
https://mp.weixin.qq.com/s/-Gw-xhS1URokFqaxW4k1lQ
基础攻防场景下的AI对抗样本初探
https://www.cdxy.me/?p=798
https://www.cdxy.me/?p=798
SHODAN能力分析(一)
https://mp.weixin.qq.com/s/e6rsGPHw2XH1OZpiMQlaPA
https://mp.weixin.qq.com/s/e6rsGPHw2XH1OZpiMQlaPA
kafka原理及Docker环境部署
http://kekefund.com/2018/10/26/kafka-docker/
http://kekefund.com/2018/10/26/kafka-docker/
2018web安全测试秋季预选赛Writeup
https://xz.aliyun.com/t/3089
https://xz.aliyun.com/t/3089
百万IP,千万暴利:追溯黑产最上游的掘金之地
https://mp.weixin.qq.com/s/kiF-HPg_bfgd6RGFF3sBtw
https://mp.weixin.qq.com/s/kiF-HPg_bfgd6RGFF3sBtw
Phishing credentials via Basic Authentication(phishery)利用测试
https://www.secpulse.com/archives/78455.html
https://www.secpulse.com/archives/78455.html
GPlayed's younger brother is a banker — and it's after Russian banks
https://blog.talosintelligence.com/2018/10/gplayerbanker.html
https://blog.talosintelligence.com/2018/10/gplayerbanker.html
GoogleCTF18 Finals - BOBNEEDSHELP
https://github.com/yannayl/ctf-writeups/blob/master/2018/google_finals/bobneedshelp/README.md
https://github.com/yannayl/ctf-writeups/blob/master/2018/google_finals/bobneedshelp/README.md
towards an open ,shareable,contributor-friendly model of speeding infosec learni
https://onedrive.live.com/view.aspx?resid=F32A9F4F1477E49!119&ithint=file%2cpptx&app=PowerPoint&authkey=!ADhCid9lGr1esps
https://onedrive.live.com/view.aspx?resid=F32A9F4F1477E49!119&ithint=file%2cpptx&app=PowerPoint&authkey=!ADhCid9lGr1esps
如何使用Windows Library文件进行持久化
https://www.freebuf.com/articles/system/187021.html
https://www.freebuf.com/articles/system/187021.html
从群体电脑蓝屏到反黑幕后黑手
https://aq.mk/index.php/archives/8/
https://aq.mk/index.php/archives/8/
机器学习:未来十年研究热点
https://mp.weixin.qq.com/s/prVHa1vFHYUMWAS2QDRpXg
https://mp.weixin.qq.com/s/prVHa1vFHYUMWAS2QDRpXg
SecWiki周刊(第243期)
https://www.sec-wiki.com/weekly/243
https://www.sec-wiki.com/weekly/243
Emotet Awakens With New Campaign of Mass Email Exfiltration
https://blog.kryptoslogic.com/malware/2018/10/31/emotet-email-theft.html
https://blog.kryptoslogic.com/malware/2018/10/31/emotet-email-theft.html
PHP代码审计实战思路浅析
https://www.freebuf.com/articles/web/187244.html
https://www.freebuf.com/articles/web/187244.html
SECCON 2018 - Web Ghostkingdom 题解
https://xz.aliyun.com/t/3075
https://xz.aliyun.com/t/3075
TiDB at 丰巢:尝鲜分布式数据库
https://mp.weixin.qq.com/s/xFv90_VB7B9m2o6jvQ13Iw
https://mp.weixin.qq.com/s/xFv90_VB7B9m2o6jvQ13Iw
记一次对WebScan的Bypass
https://www.freebuf.com/articles/web/187537.html
https://www.freebuf.com/articles/web/187537.html
利用机器学习检测恶意活动
http://www.4hou.com/technology/13987.html
http://www.4hou.com/technology/13987.html
Emailscanner: 针对邮件协议POP3、SMTP、IMAP进行账户安全性测试
https://github.com/se55i0n/Emailscanner
https://github.com/se55i0n/Emailscanner
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第244期)
