SecWiki周刊(第249期)
2018/12/03-2018/12/09
安全资讯
[新闻]  电信诈骗手法整理归纳图
https://mp.weixin.qq.com/s/q8uaik170cDjLFzj2wbKrg
安全技术
[Web安全]  DEFCON黑客大会所有资料共740G
https://nosec.org/home/detail/2035.html
[Web安全]  PbootCMS v1.3.2命令执行和SQL注入漏洞
https://nosec.org/home/detail/2001.html
[Web安全]  PocHunter: 调用PoC框架(Beebeeto/PocSuite/TangScan/KsPoc)下的PoC.
https://github.com/DavexPro/PocHunter
[取证分析]  NLP从入门到放弃—处理威胁情报
https://zhuanlan.zhihu.com/p/50998317
[运维安全]  Allscanner: 数据库和服务弱口令检测以及未授权访问检测
https://github.com/aedoo/Allscanner
[编程技术]  基于docker搭建开源扫描器——伏羲
https://bbs.ichunqiu.com/thread-48521-1-1.html
[漏洞分析]  公链安全之亦来云多个远程DoS漏洞详解
https://mp.weixin.qq.com/s/oACHhus9nvAiw13Yxy7zgA
[恶意分析]  CVE-2015-2370之DCOM DCE/RPC协议原理详细分析
https://www.anquanke.com/post/id/167057
[漏洞分析]  Discuz x3.4 前台 SSRF 分析
https://paper.seebug.org/756/
[Web安全]  关于Cobalt Strike的Malleable-C2-Profiles浅析
https://www.freebuf.com/articles/rookie/189948.html
[漏洞分析]  探索MySQL最新过狗万能密码
http://blackwolfsec.cc/2018/12/03/Mysql_trick_sql/
[Web安全]  S-CMS企业建站v3几处SQL注入
https://bbs.ichunqiu.com/thread-48536-1-1.html
[Web安全]  SvnExploit支持SVN源代码泄露全版本Dump源码
https://github.com/admintony/svnExploit
[比赛]  湖湘杯线下AWD记录
https://mp.weixin.qq.com/s/yv8Lsc1WqWqeH-GtWnXA5Q
[取证分析]  Bellingcat专家如何挖掘俄罗斯人员真实身份信息
https://mp.weixin.qq.com/s/-d_Tj7nf8CHNmFRIAun0vQ
[Web安全]  输入长度受限情况下的 XSS 攻击
https://xz.aliyun.com/t/3513
[编程技术]  基于MCU/MPU的物联网设备固件防护方法
https://mp.weixin.qq.com/s/JAmwJ7JFMev30uINIepWNQ
[设备安全]  智能锁具攻防系列一初探
https://future-sec.com/intelligent-lock-attack-and-defense-1.html
[Web安全]  我如何发现ucweb.com的两个XSS
https://nosec.org/home/detail/2011.html
[观点]  开源情报在网络战研究中的实践
https://mp.weixin.qq.com/s/C-coVLE3BmwkRgyd4xIJug
[杂志]  SecWiki周刊(第248期)
https://www.sec-wiki.com/weekly/248
[工具]  BoNeSi - the DDoS Botnet Simulator
https://github.com/Markus-Go/bonesi
[运维安全]  ServerManagement: 服务器管理工具
https://github.com/cksgf/ServerManagement
[取证分析]  情报价值—探索情报对于企业的价值落地
https://weibo.com/ttarticle/p/show?id=2309404313114811219351
[设备安全]  工控协议的安全分析和研究
https://mp.weixin.qq.com/s/j4zniIYOwbSfKqSoRdL6-Q
[Web安全]  长度受限情况下的 XSS 攻击
https://nosec.org/home/detail/2032.html
[Web安全]  我是如何通过以前的渗透案例发现谷歌漏洞的
https://nosec.org/home/detail/2014.html
[取证分析]  威胁情报的落地实践之场景篇
http://blog.nsfocus.net/scenario-landing-practice-threat-intelligence/
[比赛]  The #HITB2018DXB CTF hardware hacking challenge simple write-up
https://github.com/xwings/ctf.hitb2018dxb
[Web安全]  How to accidentally find a XSS in ProtonMail iOS app
https://www.secu.ninja/2018/12/04/how-to-accidentally-find-a-xss-in-protonmail-ios-app/
[观点]  小议安全分析
https://zhuanlan.zhihu.com/p/51778277
[取证分析]  T-Pot多蜜罐平台使用心法
https://www.freebuf.com/sectool/190840.html
[Web安全]  利用postmessage偷取用户cookies
https://nosec.org/home/detail/2008.html
[恶意分析]  Mission Accomplished? HTTPS Security After DigiNotar
https://securitygossip.com/blog/2018/12/03/https-security-after-diginotar/
[工具]  隐藏套件:虚假的身份,特殊的后门
https://www.freebuf.com/articles/network/188364.html
[漏洞分析]  物联网安全学习笔记之二—小试牛刀
https://www.anquanke.com/post/id/166821
[漏洞分析]  HADOOP安全基础篇
https://www.freebuf.com/articles/database/190734.html
[数据挖掘]  AI for Security:智能化安全对抗的困境
https://xz.aliyun.com/t/3488
[漏洞分析]  nbulischeck/tyton: Kernel-Mode Rootkit Hunter
https://github.com/nbulischeck/tyton
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第249期)