SecWiki周刊(第279期)
2019/07/01-2019/07/07
安全资讯
[新闻]  工信部:10月底前完成200款主流App数据安全检查
http://www.bjnews.com.cn/news/2019/07/01/597947.html
安全技术
[漏洞分析]  关于漏洞挖掘的一点想法
https://mp.weixin.qq.com/s/79k5bxGr1ykCpN4lSeiTqw
[漏洞分析]  Cheating-Plugin-Program: 从零开始研究外挂设计原理
https://github.com/luguanxing/Cheating-Plugin-Program
[其它]  怎样使用Python打造免杀payload
https://nosec.org/home/detail/2727.html
[漏洞分析]  phpMyAdmin 文件包含复现分析
https://xz.aliyun.com/t/5534
[运维安全]  Safety-Project-Collection: 收集一些比较优秀的开源安全项目
https://github.com/Bypass007/Safety-Project-Collection
[Web安全]  CobaltStrike + Metasploit 组合安装
https://www.aqniu.com/vendor/50662.html
[工具]  当子域名遇上搜索引擎
https://mp.weixin.qq.com/s/yZFdVXPDh2O_qN_S1DsBPw
[取证分析]  Donot团伙(APT-C-35)移动端新攻击框架工具分析
https://www.anquanke.com/post/id/181483
[取证分析]  威胁剑魔杂谈
https://mp.weixin.qq.com/s/wpBeoTEC7g-wFX-DA61gmA
[运维安全]  利用 ELK 搭建 Docker 容器化应用日志中心
https://mp.weixin.qq.com/s/7A4lI1zeE5_BljzbKkInbw
[漏洞分析]  隐藏在Firefox中长达17年的文件窃取漏洞?
https://nosec.org/home/detail/2745.html
[数据挖掘]  国内四大UEBA解决方案
https://mp.weixin.qq.com/s/ftcks4wPVNmKMpODvOcfBQ
[Web安全]  Red Teaming Toolkit Collection
https://0xsp.com/offensive/red-teaming-toolkit-collection
[恶意分析]  Analyzing One of the Latest APT28 Zepakab/Zebrocy Delphi Implant
https://www.vkremez.com/2019/01/lets-learn-overanalyzing-one-of-latest.html
[恶意分析]  全球高级持续性威胁(APT)2019年中报告
https://mp.weixin.qq.com/s/As902I82uYq5eYQHhUToaA
[恶意分析]  浅析PHP文件包含及其getshell的姿势
https://xz.aliyun.com/t/5535
[漏洞分析]  Axis-1.4-RCE-Poc: Axis
https://github.com/KibodWapon/Axis-1.4-RCE-Poc
[漏洞分析]  Writing shellcodes for Windows x64
https://nytrosecurity.com/2019/06/30/writing-shellcodes-for-windows-x64/
[编程技术]  前端工程师反击爬虫技术
https://imweb.io/topic/595b7161d6ca6b4f0ac71f05
[恶意分析]  Godlua Backdoor分析报告
https://blog.netlab.360.com/an-analysis-of-godlua-backdoor/
[取证分析]  OSINT公开资源情报调查:暗网枪支销售+比特币追踪
https://www.anquanke.com/post/id/181236
[取证分析]  基于E-Mail的隐蔽控制:机理与防御
https://www.freebuf.com/articles/network/207379.html
[漏洞分析]  拟态防御题型pwn&web初探
https://xz.aliyun.com/t/5532
[其它]  区块链安全入门笔记 系列一
https://paper.seebug.org/973/
[恶意分析]  勒索软件Sodinokibi运营组织的关联分析
https://www.freebuf.com/articles/network/207116.html
[论文]  骗局的艺术:剖析以太坊智能合约中的蜜罐
https://mp.weixin.qq.com/s/zKv3wKEXRT8CgOnVHOXi0Q
[其它]  利用Microsoft.com绕过防火墙以传递恶意命令
https://nosec.org/home/detail/2747.html
[漏洞分析]  通过异常处理机制实现漏洞利用
https://xz.aliyun.com/t/5480
[漏洞分析]  Razzer: Finding Kernel Race Bugs through Fuzzing
http://zeroyu.xyz/2019/06/30/Razzer-Finding-Kernel-Race-Bugs-through-Fuzzing/
[Web安全]  Vasile Revnic's Blog: Hunting for Privilege Escalation with Burp Suite
https://sirpwnalot.blogspot.com/2019/06/hunting-for-privilege-escalation-with.html
[Web安全]  IDS Bypass contest at PHDays: writeup and solutions
http://blog.ptsecurity.com/2019/07/ids-bypass-contest-at-phdays-writeup.html
[Web安全]  Reverse Shells and Controlling Webcams
https://ctrlaltdel.blog/2019/07/02/reverse-shells-and-controlling-webcams/
-----微信ID:SecWiki-----
SecWiki,5年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第279期)