安全圈 | 专注于最新网络信息安全讯息新闻

 首页

secwiki週刊(第154期)

作者 eppolito 时间 2020-03-01
all

安全技術

[Web安全]  Unpatched(0day)jQuery Mobile XSShttp://sirdarckcat.blogspot.jp/2017/02/unpatched-0day-jquery-mobile-xss.html

[Web安全]  基於機器學習的web异常檢測http://www.4hou.com/info/news/3293.html

[Web安全]  直播攻擊學校網站,厲害了我的哥http://www.4hou.com/info/attitude/3300.html

[其它]  環境搭建:Docker給你不一樣的滲透體驗http://mp.weixin.qq.com/s/Sv9l--OK7ADihDG9kUsarA

[運維安全]  一個人的“安全部”http://www.freebuf.com/articles/security-management/126254.html

[其它]  今天我放出1000萬密碼https://xato.net/today-i-am-releasing-ten-million-passwords-b6278bbe7495#.op6kkkh88

[運維安全]  我的ELK搭建筆記(阿裡雲上部署)https://mp.weixin.qq.com/s?__biz=MzI5ODE0ODA5MQ==&mid=2652277928&idx=1&sn=5e44c058dbf9748a8c94098815c2a7eb&chksm= f748653cc03fec2aaa4f83dcb160089ff6874cfb4d1309142b15da738f44ad5be00f455f4d40hn71

[程式設計技術]  阿裡巴巴Java開發手册(正式版)http://techforum-img.cn-hangzhou.oss-pub.aliyun-inc.com/%E9%98%BF%E9%87%8C%E5%B7%B4%E5%B7%B4Java%E5%BC%80%E5%8F%91%E6%89%8B%E5%86%

[惡意分析]  Learn&Fuzz: Machine Learning for Input Fuzzing https://arxiv.org/pdf/1701.07232.pdf

[資料挖掘]  自然語言處理導論-課程網頁http://ccl.pku.edu.cn/alcourse/nlp/

[漏洞分析]  Attack and Defend: Linux Privilege Escalation Techniques of 2016https://www.sans.org/reading-room/whitepapers/testing/attack-defend-linux-privilege-escalation-techniques-2016-37562

[程式設計技術]  Python爬蟲——DNS解析緩存http://blog.csdn.net/bone_ace/article/details/55000101

[Web安全]  MS14-068域許可權提升漏洞總結http://www.mottoin.com/95877.html

[Web安全]  滲透測試阿裡巴巴的思路與收穫https://zhuanlan.zhihu.com/p/25100915

[取證分析]  Windows惡意軟件API調用特徵分析http://www.4hou.com/technology/3267.html

[檔案]  RSA USA 2017 PPT搶先下https://pan.baidu.com/s/1eSh13kY#list/path=%2F

[Web安全]  Bot Traffic Report 2016https://www.incapsula.com/blog/bot-traffic-report-2016.html

[Web安全]  web-proxy:基於Tornado實現的Web網站反向代理https://github.com/restran/web-proxy

[移動安全]  Android免Root環境下Hook框架Legend原理分析https://zhuanlan.zhihu.com/p/25200724

[惡意分析]  Analyzing BotNets with Suricata & Machine Learning http://blogs.splunk.com/2017/01/30/analyzing-botnets-with-suricata-machine-learning/

[漏洞分析]  IDA Pro使用(靜態分析+動態調試)http://skysider.com/?p=458

[運維安全]  互聯網企業安全高級指南讀書筆記之二http://www.mottoin.com/95828.html

[工具]  Sci-Hub:英文文獻下載利器http://sci-hub.cc/

[Web安全]  攻擊JavaScript引擎:一個JavaScriptCore的學習案例(CVE-2016-4622(2016-10-27))http://www.mottoin.com/95838.html

[工具]  安卓版kali-linuxhttp://thief.one/2017/02/10/%E5%AE%89%E5%8D%93%E7%89%88Kali-linux/

[資料挖掘]  基於R語言的文字-向量算灋實現Twitter文章的情感分析http://analyzecore.com/2017/02/08/twitter-sentiment-analysis-doc2vec/

[運維安全]  python-icap-yara: An ICAP Server with yara scanner for URL or content.https://github.com/RamadhanAmizudin/python-icap-yara

[其它]  互聯網企業安全建設之路:規劃篇http://www.freebuf.com/articles/security-management/126202.html

[Web安全]  BurpSuite和Fiddler串聯使用解决App測試漏包和速度慢的問題http://www.mottoin.com/95865.html

[取證分析]  Threat Hunting with Splunkhttp://mp.weixin.qq.com/s?__biz=MzI4NzU2NjU4NQ==&mid=2247483960&idx=1&sn=31ec650a5aaeb9be46ab7a11b10ddcd4&scene=0#wechat_redirect

[Web安全]  文件上傳繞過姿勢匯總http://thief.one/2016/09/22/%E4%B8%8A%E4%BC%A0%E6%9C%A8%E9%A9%AC%E5%A7%BF%E5%8A%BF%E6%B1%87%E6%80%BB-%E6%AC%A2%E8%BF%8E%E8%A1%A5%E5%85%85/

[運維安全]  DbDat: Db Database Assessment Tool資料庫稽核工具https://github.com/foospidy/DbDat

[Web安全]  基於WAVSEP的靶場搭建指南http://www.freebuf.com/sectool/125940.html

[其它]  安全應急回應的一些經驗總結http://www.4hou.com/special/2572.html

[資料挖掘]  Rethinkdb搭建與使用http://thief.one/2017/02/07/rethinkdb%E6%90%AD%E5%BB%BA%E4%B8%8E%E4%BD%BF%E7%94%A8/

[Web安全]  fWaf–Machine learning driven Web Application Firewall http://fsecurify.com/fwaf-machine-learning-driven-web-application-firewall/?from=timeline

[移動安全]  逆向修改手機內核,繞過反調試http://mp.weixin.qq.com/s/c6maBlFu0DLK9qDooMm8fA

[移動安全]  如何在Android上發送加密郵件?推薦這四大神器http://www.4hou.com/info/news/3318.html

[設備安全]  使用ZoomEye批量快速攻擊目標http://www.92ez.com/?action=show&id=23436

[運維安全]  有了漏洞掃描器,如何用好?一點不成熟的小總結http://www.freebuf.com/articles/neopoints/126205.html

[運維安全]  HTTPS性能優化實踐http://mp.weixin.qq.com/s?__biz=MzI4NzE1NTYyMg==&mid=2651102678&idx=1&sn=174f549c1f21d03cfcaa0314014fc02a&scene=0#wechat_redirect

[設備安全]  面向工控系統的高互動蜜罐https://mp.weixin.qq.com/s?__biz=MzA5OTMwMzY1NQ==&mid=2647833905&idx=1&sn=462ebf63e3402def50e2fec4ed9c6dfe&chksm=88a274b9bfd5fdaf759493716c2a2d183298ca8c449a259b1988a60b185d12b945891fcf652a

[運維安全]  2017SANS網絡威脅情報峰會http://mp.weixin.qq.com/s?__biz=MzA3MTUwMzI5Nw==&mid=2654431137&idx=1&sn=41a139286d511ba474a694b7f4ae4006&scene=0#wechat_redirect

[雜誌]  SecWiki週刊(第153期)https://www.sec-wiki.com/weekly/153

[設備安全]  智慧硬體入門https://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458281897&idx=1&sn=bededbe90195ed48a7fc5cf6617c3000&chksm=b181572386f6de35984d324d47fed6b7e1b4600b2c904481d860a7ebe99c9070c050f0e34b1e

[Web安全]  PowerShell安全專題之攻擊工具篇http://www.4hou.com/technology/3134.html

[其它]  博士這五年https://zhuanlan.zhihu.com/p/25099638

[Web安全]  GrepBugs: A regex based source code scanner基於正則的源碼稽核工具https://github.com/foospidy/GrepBugs

[Web安全]  Harbor中的使用者密碼加密機制探究http://phantom0301.cc/2017/02/08/harborpass/

[惡意分析]  From RTF to Cobalt Strike passing via Flash https://zairon.wordpress.com/2017/02/05/from-rtf-to-cobalt-strike-passing-via-flash/

[Web安全]  How to Exploit XSS with an Imagehttp://resources.infosecinstitute.com/exploit-xss-image/

[Web安全]  MySQL Out-of-Band Hackingchrome-extension://ikhdkkncnoglghljlkmcimlnlhkeamad/pdf-viewer/web/viewer.html?file=https%3A%2F%2Fwww.exploit-db.com%2Fdocs%2F41273.pdf

[惡意分析]  Predicting Domain Generation Algorithms using LSTMs DGA惡意功能變數名稱自動發現https://github.com/endgameinc/dga_predict

[移動安全]  當EFBFBD和它的朋友相遇:研究字元數組轉換字串http://www.mottoin.com/95897.html

[惡意分析]  APT駭客利用.chm檔案攻擊俄羅斯重要機构http://mp.weixin.qq.com/s/gjIEgqqQq_5czufuuiqM-Q

[工具]  利用scapy造一個Passive DNS Collector工具:Pdns_sniffhttp://www.mottoin.com/95822.html

[移動安全]  淺入淺出Android安全http://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=2458281912&idx=1&sn=f7f30e1a7f2d24d97d2acecbd5cb2497&scene=0#wechat_redirect

[Web安全]  SOP bypass / UXSS on IE11 htmlFilehttp://www.brokenbrowser.com/uxss-ie-htmlfile/

[檔案]  2016年中國網站安全性漏洞分析報告#密碼:2viy https://pan.baidu.com/s/1cH1gGA

[設備安全]  Car Hacking: The definitive sourcehttp://illmatics.com/carhacking.html

[其它]  Fileless attacks against enterprise networkshttps://securelist.com/blog/research/77403/fileless-attacks-against-enterprise-networks/

[其它]  PowerShell安全專題之PS5安全增强功能http://www.4hou.com/technology/3144.html

[惡意分析]  匿名者自述是如何黑掉一萬多個暗網網站的?http://www.4hou.com/info/3259.html

[運維安全]  全解Google(穀歌)基礎設施架構安全設計http://www.freebuf.com/special/126159.html

[運維安全]  實施CIS關鍵安全控制措施http://mp.weixin.qq.com/s?__biz=MzI4NzU2NjU4NQ==&mid=2247483966&idx=1&sn=346ab4ecbdfb0b8ded5eeacee2bdfc7b&scene=0#wechat_redirect

[移動安全]  CRYPTKEEPER發現通用密碼事件分析報告http://www.antiy.com/response/cryptkeeper/cryptkeeper.pdf

[Web安全]  利用Node.js反序列化來進行遠程命令執行http://www.mottoin.com/95916.html

[Web安全]  利用Node.js反序列化遠程執行程式碼http://paper.seebug.org/213/

[漏洞分析]  9-Feb-2017: Symbolic execution符號執行https://yurichev.com/blog/symbolic/#XOR swap

[移動安全]  Android逆向基礎之Dalvik指令集https://mp.weixin.qq.com/s?__biz=MzI4NjEyMDk0MA==&mid=2649846140&idx=1&sn=a248dbec47578c37f276fe461aa82b8f&chksm=f3e41fffc49396e9020490703eb4f7270e4dd6063575b65bedecedbe69c31e0a70e4a96f4cec&scene=0& key=63570224b333d6fd7954fa9343865bc0b865bbe08a0acb3c

[Web安全]  The technology and implementation of PHP automated white box audithttp://www.aijiaonang.com/function/100439.html

[Web安全]  用SQL注入穿IE沙箱http://xlab.tencent.com/cn/2017/01/19/ie-sandbox-escape-with-sql-injection/

[運維安全]  構建風控系統之排坑掃雷(二)http://www.4hou.com/info/industry/3251.html

[論文]  如何寫論文?http://www.52cs.org/?p=1544

[其它]  如何用區塊鏈科技提升網路安全?http://www.4hou.com/info/observation/3277.html

[Web安全]  Web path scannerhttps://github.com/maurosoria/dirsearch

[惡意分析]  The Week in Ransomware - CryptoShield,Spora,and Exploit Kitshttps://www.bleepingcomputer.com/news/security/the-week-in-ransomware-february-3rd-2017-cryptoshield-spora-and-exploit-kits/

[檔案]  Web,Database and OS scripting cmd line reference https://ss64.com/

[Web安全]  WordPress REST API內容注入http://139.129.31.35/index.php/archives/444/

[Web安全]  10 Most Common Web Security Vulnerabilities http://www.thesecurityblogger.com/10-most-common-web-security-vulnerabilities/

[Web安全]  Network reconnaissance and vulnerability assessment tools.https://github.com/RoliSoft/ReconScan

[惡意分析]  Exploring the Cybercrime Underground: Part 4http://researchcenter.paloaltonetworks.com/2017/02/unit42-exploring-cybercrime-underground-part-4-darknet-markets/?adbsc=social69980316&adbid=829797044411772928&adbpl=tw&adbpr=4487645412

[資料挖掘]  淺談區塊鏈(下):應用展望http://www.arkteam.net/?p=1538

[Web安全]  Alternative for Information_Schema.Tablesin MySQLhttps://www.exploit-db.com/docs/41274.pdf

© 2023