SecWiki周刊(第248期)
2018/11/26-2018/12/02
安全资讯
ProofPoint 2018 Q3 季度威胁报告
https://mp.weixin.qq.com/s/8egpuHx5jVIpkLB_dby5SQ
https://mp.weixin.qq.com/s/8egpuHx5jVIpkLB_dby5SQ
安全技术
Awvs12破解版 Acunetix Scanner 12 cracked
https://www.52pojie.cn/thread-828827-1-1.html
https://www.52pojie.cn/thread-828827-1-1.html
第15届HITB SecConf安全大会 PPT
https://conference.hitb.org/hitbsecconf2018dxb/materials/
https://conference.hitb.org/hitbsecconf2018dxb/materials/
路由器漏洞分析集合(PAGalaxyLab )
https://github.com/PAGalaxyLab/VulInfo
https://github.com/PAGalaxyLab/VulInfo
dumping-decrypted-documents-from-a-north-korean-pdf-reader
https://insinuator.net/2018/11/dumping-decrypted-documents-from-a-north-korean-pdf-reader/
https://insinuator.net/2018/11/dumping-decrypted-documents-from-a-north-korean-pdf-reader/
从版本看核心,那些年我们做的Struts2 安全机制研究
https://www.secpulse.com/archives/82578.html
https://www.secpulse.com/archives/82578.html
2018勒索病毒全面分析报告
http://it.rising.com.cn/fanglesuo/19459.html
http://it.rising.com.cn/fanglesuo/19459.html
AXB-CTF: 2018 第一届安洵杯 题目环境/源码/WP
https://github.com/D0g3-Lab/AXB-CTF
https://github.com/D0g3-Lab/AXB-CTF
X-NUCA'2018 线上专题赛 Writeup By ROIS
https://xz.aliyun.com/t/3428
https://xz.aliyun.com/t/3428
一种通用Dll劫持技术研究
http://anhkgg.com/dllhijack/
http://anhkgg.com/dllhijack/
业务逻辑漏洞探索之绕过验证
https://bbs.ichunqiu.com/thread-47784-1-1.html
https://bbs.ichunqiu.com/thread-47784-1-1.html
Bochspwn漏洞挖掘技术深究(1):Double Fetches 检测
http://riusksk.me/2018/12/01/bochspwn1/
http://riusksk.me/2018/12/01/bochspwn1/
phpcms 2008 type.php 前台代码注入getshell漏洞分析
https://chybeta.github.io/2018/11/29/phpcms-2008-type-php-%E5%89%8D%E5%8F%B0%E4%BB%A3%E7%A0%81%E6%B3%A8%E5%85%A5getshell%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/#more
https://chybeta.github.io/2018/11/29/phpcms-2008-type-php-%E5%89%8D%E5%8F%B0%E4%BB%A3%E7%A0%81%E6%B3%A8%E5%85%A5getshell%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/#more
phpcms2008远程代码执行漏洞
https://bbs.ichunqiu.com/thread-48298-1-1.html
https://bbs.ichunqiu.com/thread-48298-1-1.html
一次基于Tensorflow+CNN的验证码识别之旅
https://blog.dyboy.cn/program/100.html
https://blog.dyboy.cn/program/100.html
DNSpionage Campaign Targets Middle East
https://blog.talosintelligence.com/2018/11/dnspionage-campaign-targets-middle-east.html
https://blog.talosintelligence.com/2018/11/dnspionage-campaign-targets-middle-east.html
黑客入侵与机器学习沙箱逃逸
https://mp.weixin.qq.com/s/fVKRYAvrAK3mX1nN6KIyhA
https://mp.weixin.qq.com/s/fVKRYAvrAK3mX1nN6KIyhA
djangohunter: identify incorrectly configured Django applications
https://github.com/6IX7ine/djangohunter
https://github.com/6IX7ine/djangohunter
SecWiki周刊(第247期)
https://www.sec-wiki.com/weekly/247
https://www.sec-wiki.com/weekly/247
新一代数据库TiDB在美团的实践
https://tech.meituan.com/MySQL_PingCAP_Practice.html
https://tech.meituan.com/MySQL_PingCAP_Practice.html
NodeJS沙箱逃逸分析
https://www.anquanke.com/post/id/166747
https://www.anquanke.com/post/id/166747
Linux下的Rootkit驻留技术分析
https://mp.weixin.qq.com/s/tvl4W7gg8Y6i8b_LFfTdpA
https://mp.weixin.qq.com/s/tvl4W7gg8Y6i8b_LFfTdpA
Java代码审计手书(三)
https://xz.aliyun.com/t/3416
https://xz.aliyun.com/t/3416
Java代码审计手书(二)
https://xz.aliyun.com/t/3372
https://xz.aliyun.com/t/3372
中文语义依存分析语料库
http://www.hankcs.com/nlp/sdp-corpus.html
http://www.hankcs.com/nlp/sdp-corpus.html
trape: People tracker on the Internet: OSINT analysis and research tool
https://github.com/jofpin/trape
https://github.com/jofpin/trape
Generic Unpacking Detection
https://www.joesecurity.org/blog/8506317946374998489
https://www.joesecurity.org/blog/8506317946374998489
利用Docker容器的不安全部署获取宿主机权限
https://www.freebuf.com/articles/system/189419.html
https://www.freebuf.com/articles/system/189419.html
How To Threat Hunt For PsExec, Other Lateral Movement Tools
https://www.redcanary.com/blog/threat-hunting-psexec-lateral-movement/
https://www.redcanary.com/blog/threat-hunting-psexec-lateral-movement/
rev.ng: suite of tools for binary analysis based on QEMU and LLVM
https://rev.ng/
https://rev.ng/
搭建Selenium 集群
https://www.03sec.com/3233.shtml
https://www.03sec.com/3233.shtml
First Round of MITRE ATT&CK™ Evaluations Released
https://medium.com/mitre-attack/first-round-of-mitre-att-ck-evaluations-released-15db64ea970d
https://medium.com/mitre-attack/first-round-of-mitre-att-ck-evaluations-released-15db64ea970d
使用RSA加密在Python中逆向shell
https://bbs.ichunqiu.com/thread-48300-1-1.html
https://bbs.ichunqiu.com/thread-48300-1-1.html
以色列网络舆论攻防的发展历程及特点
https://mp.weixin.qq.com/s/NDYOW0vDWRsIJS7pI7pK3g
https://mp.weixin.qq.com/s/NDYOW0vDWRsIJS7pI7pK3g
SQL注入常规Fuzz全记录
https://www.freebuf.com/articles/web/190019.html
https://www.freebuf.com/articles/web/190019.html
ruCTFe 2018 WriteUp Radiowave
https://saarsec.rocks/2018/11/24/Radiowave.html
https://saarsec.rocks/2018/11/24/Radiowave.html
区块链安全—详谈合约攻击(五)
https://xz.aliyun.com/t/3413
https://xz.aliyun.com/t/3413
微信PC端技术研究-消息防撤销
https://mp.weixin.qq.com/s/E7N6LzAH4p88Gu4f_qwGlg
https://mp.weixin.qq.com/s/E7N6LzAH4p88Gu4f_qwGlg
清华博导给出的学术论文写作方法和技巧
https://mp.weixin.qq.com/s/_TbySBSoS8uZj1r5mvkNbA
https://mp.weixin.qq.com/s/_TbySBSoS8uZj1r5mvkNbA
Java RMI 利用入门学习
http://phantom0301.cc/2018/11/30/java-rmi-windows/
http://phantom0301.cc/2018/11/30/java-rmi-windows/
BASE64编码原理分析脚本实现及逆向案例
https://bbs.ichunqiu.com/thread-48290-1-1.html
https://bbs.ichunqiu.com/thread-48290-1-1.html
HCTF逆向题目详析
https://www.anquanke.com/post/id/165036
https://www.anquanke.com/post/id/165036
业务威胁之细说网盘泄露风险
https://mp.weixin.qq.com/s/TeXdjDcWLmLi4iw8ff9XvA
https://mp.weixin.qq.com/s/TeXdjDcWLmLi4iw8ff9XvA
-----微信ID:SecWiki-----
SecWiki,13年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第248期)
