SecWiki周刊(第248期)
2018/11/26-2018/12/02
安全资讯
[法规]  互联网个人信息安全保护指引-征求意见稿
http://www.beian.gov.cn/portal/topicDetail?id=80&token=87216df2-ca44-4ef3-95d4-3b7ae079e313
[文档]  ProofPoint 2018 Q3 季度威胁报告
https://mp.weixin.qq.com/s/8egpuHx5jVIpkLB_dby5SQ
安全技术
[Web安全]  Awvs12破解版 Acunetix Scanner 12 cracked
https://www.52pojie.cn/thread-828827-1-1.html
[会议]  第15届HITB SecConf安全大会 PPT
https://conference.hitb.org/hitbsecconf2018dxb/materials/
[设备安全]  路由器漏洞分析集合(PAGalaxyLab )
https://github.com/PAGalaxyLab/VulInfo
[漏洞分析]  业务逻辑漏洞探索之绕过验证
https://bbs.ichunqiu.com/thread-47784-1-1.html
[Web安全]  SQL注入常规Fuzz全记录
https://www.freebuf.com/articles/web/190019.html
[漏洞分析]  phpcms2008远程代码执行漏洞
https://bbs.ichunqiu.com/thread-48298-1-1.html
[取证分析]  浏览器指纹真的有效吗?
https://mp.weixin.qq.com/s/MesxZ4aWPxVi3DWGpaDr2w
[观点]  黑客入侵与机器学习沙箱逃逸
https://mp.weixin.qq.com/s/fVKRYAvrAK3mX1nN6KIyhA
[比赛]  X-NUCA'2018 线上专题赛 Writeup By ROIS
https://xz.aliyun.com/t/3428
[编程技术]  搭建Selenium 集群
https://www.03sec.com/3233.shtml
[漏洞分析]  Java RMI 利用入门学习
http://phantom0301.cc/2018/11/30/java-rmi-windows/
[比赛]  AXB-CTF: 2018 第一届安洵杯 题目环境/源码/WP
https://github.com/D0g3-Lab/AXB-CTF
[编程技术]  一种通用Dll劫持技术研究
http://anhkgg.com/dllhijack/
[Web安全]  Java代码审计手书(二)
https://xz.aliyun.com/t/3372
[编程技术]  微信PC端技术研究-消息防撤销
https://mp.weixin.qq.com/s/E7N6LzAH4p88Gu4f_qwGlg
[恶意分析]  Linux下的Rootkit驻留技术分析
https://mp.weixin.qq.com/s/tvl4W7gg8Y6i8b_LFfTdpA
[恶意分析]  2018勒索病毒全面分析报告
http://it.rising.com.cn/fanglesuo/19459.html
[Web安全]  Java代码审计手书(三)
https://xz.aliyun.com/t/3416
[Web安全]  从版本看核心,那些年我们做的Struts2 安全机制研究
https://www.secpulse.com/archives/82578.html
[恶意分析]  使用RSA加密在Python中逆向shell
https://bbs.ichunqiu.com/thread-48300-1-1.html
[取证分析]  业务威胁之细说网盘泄露风险
https://mp.weixin.qq.com/s/TeXdjDcWLmLi4iw8ff9XvA
[数据挖掘]  中文语义依存分析语料库
http://www.hankcs.com/nlp/sdp-corpus.html
[杂志]  SecWiki周刊(第247期)
https://www.sec-wiki.com/weekly/247
[取证分析]  以色列网络舆论攻防的发展历程及特点
https://mp.weixin.qq.com/s/NDYOW0vDWRsIJS7pI7pK3g
[编程技术]  一次基于Tensorflow+CNN的验证码识别之旅
https://blog.dyboy.cn/program/100.html
[编程技术]  新一代数据库TiDB在美团的实践
https://tech.meituan.com/MySQL_PingCAP_Practice.html
[编程技术]  BASE64编码原理分析脚本实现及逆向案例
https://bbs.ichunqiu.com/thread-48290-1-1.html
[论文]  清华博导给出的学术论文写作方法和技巧
https://mp.weixin.qq.com/s/_TbySBSoS8uZj1r5mvkNbA
[漏洞分析]  Bochspwn漏洞挖掘技术深究(1):Double Fetches 检测
http://riusksk.me/2018/12/01/bochspwn1/
[比赛]  HCTF逆向题目详析
https://www.anquanke.com/post/id/165036
[漏洞分析]  利用Docker容器的不安全部署获取宿主机权限
https://www.freebuf.com/articles/system/189419.html
[漏洞分析]  源码级调试的XNU内核
https://bbs.ichunqiu.com/thread-48301-1-1.html
[论文]  推荐系统的可解释性浅谈
https://mp.weixin.qq.com/s/u7GJstj5E_7y1rwkUbpAXg
[Web安全]  djangohunter: identify incorrectly configured Django applications
https://github.com/6IX7ine/djangohunter
[漏洞分析]  NodeJS沙箱逃逸分析
https://www.anquanke.com/post/id/166747
[取证分析]  trape: People tracker on the Internet: OSINT analysis and research tool
https://github.com/jofpin/trape
[漏洞分析]  区块链安全—详谈合约攻击(五)
https://xz.aliyun.com/t/3413
[恶意分析]  Generic Unpacking Detection
https://www.joesecurity.org/blog/8506317946374998489
[取证分析]  How To Threat Hunt For PsExec, Other Lateral Movement Tools
https://www.redcanary.com/blog/threat-hunting-psexec-lateral-movement/
[取证分析]  First Round of MITRE ATT&CK™ Evaluations Released
https://medium.com/mitre-attack/first-round-of-mitre-att-ck-evaluations-released-15db64ea970d
[漏洞分析]  rev.ng: suite of tools for binary analysis based on QEMU and LLVM
https://rev.ng/
[其它]  dumping-decrypted-documents-from-a-north-korean-pdf-reader
https://insinuator.net/2018/11/dumping-decrypted-documents-from-a-north-korean-pdf-reader/
[其它]  ruCTFe 2018 WriteUp Radiowave
https://saarsec.rocks/2018/11/24/Radiowave.html
-----微信ID:SecWiki-----
SecWiki,5年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第248期)