安全资讯
[会议] 2018首都网络安全日企业大点评
http://www.aqniu.com/industry/33318.html
[观点] RSA2018终端厂商及产品趋势解读(EPP&EDR&CWPP)
http://www.aqniu.com/tools-tech/33370.html
[观点] 吴世忠:对当前网络信息安全新特点新趋势的几点认识
https://mp.weixin.qq.com/s/h94f2_y9hsdDZQPIEF9ZVg
安全技术
[Web安全] 超详细的域渗透过程!
https://bbs.ichunqiu.com/thread-39555-1-1.html?from=sec
[观点] 安全圈乱象杂谈
http://riusksk.me/2018/04/30/%E5%AE%89%E5%85%A8%E5%9C%88%E4%B9%B1%E8%B1%A1%E6%9D%82%E8%B0%88/
[Web安全] 惊蛰:一款基于Pocsuite的漏洞扫描系统
https://github.com/jeffzh3ng/InsectsAwake
[Web安全] 时间延迟盲注的三种加速注入方式[mysql篇]
http://www.ch1st.cn/?p=44
[Web安全] Web前端攻防一些技巧
http://www.au1ge.xyz/2018/05/03/web%E5%89%8D%E7%AB%AF%E6%94%BB%E9%98%B2%E4%B8%80%E4%BA%9Btrick/
[Web安全] 内网渗透中用到的计划任务
https://xz.aliyun.com/t/2319
[Web安全] 面向萌新的红帽杯2018线上赛wp
https://bbs.ichunqiu.com/thread-39687-1-1.html?from=sec
[Web安全] metasploit之学习笔记
http://nobgr.me/2018/05/05/metasploit/
[工具] 借鉴开源框架自研日志收集系统
https://mp.weixin.qq.com/s/4TmrqAhr01e8N9e9keLCMA
[文档] 信息安全技术个人信息安全规范
https://www.tc260.org.cn/upload/2018-01-24/1516799764389090333.pdf
[Web安全] JSON Web Token Pentesting
https://medium.com/@netscylla/json-web-token-pentesting-890bc2cf0dcd
[编程技术] faceai:一款优秀的人脸检测、人脸识别、视频识别、文字识别等智能AI项目
https://github.com/vipstone/faceai
[其它] 中国程序员容易发音错误的单词
https://github.com/shimohq/chinese-programmer-wrong-pronunciation
[Web安全] Windows提权基本原理
https://bbs.ichunqiu.com/thread-39731-1-1.html?from=sec
[Web安全] 打破基于openresty的WEB安全防护(CVE-2018-9230)
https://mp.weixin.qq.com/s/9Z6KSHbXQr61mrHcVA2--Q
[运维安全] 实战公有云威胁情报系统构建
http://www.4hou.com/technology/11307.html
[数据挖掘] web-analytics: 监测分析、异常监测、广告验证、访客唯一标识
https://github.com/TingGe/web-analytics
[运维安全] ClickHouse与威胁日志分析
http://candylab.net/hobby/clickhouse-basic/?from=timeline
[漏洞分析] CVE-2018-873X组合拳:深入分析NagiosXI漏洞链
https://xz.aliyun.com/t/2321
[取证分析] 揭开神秘的面纱:CCleaner APT事件调查
http://www.4hou.com/other/11221.html
[运维安全] 开源软件创建SOC的一份清单
http://www.freebuf.com/articles/network/169632.html
[其它] 金融企业信息安全培训规划与实践
https://mp.weixin.qq.com/s/JKcaU2uMrTxcQudpsdFbnA
[恶意分析] 利用机器学习检测HTTP恶意外连流量
https://www.anquanke.com/post/id/107124
[Web安全] 从钓鱼样本到某大厂存储型XSS
https://xz.aliyun.com/t/2322
[取证分析] 0xB9 威胁情报体系与企业SIEM结合的那些套路—TIP平台建设
https://zhuanlan.zhihu.com/p/36427877
[编程技术] burpsuite插件开发之检测越权访问漏洞
https://thief.one/2018/05/04/1/
[取证分析] Open Source Intelligence (OSINT) Tools & Resources
http://osint.link/
[漏洞分析] 7-Zip: From Uninitialized Memory to Remote Code Execution
https://landave.io/2018/05/7-zip-from-uninitialized-memory-to-remote-code-execution/
[编程技术] Requests-html: Pythonic HTML Parsing for Humans
https://github.com/kennethreitz/requests-html
[Web安全] Multiple security vulnerabilities in domains belonging to Google
https://sysdream.com/news/lab/2018-04-30-multiple-security-vulnerabilities-in-domains-belonging-to-google/
[运维安全] TITAN: 云集分布式全链路压测军演系统
https://github.com/yunjiweidian/TITAN
[编程技术] news_feed: 实时监控1000家中国企业的新闻动态
https://github.com/lazycatzh/news_feed
[编程技术] Norse - IPViking Map 源码改进与解析
https://github.com/TingGe/data-visualization/tree/master/ipviking
[取证分析] Bad-Pdf: Steal NTLM Hashes with Bad-PDF
https://github.com/deepzec/Bad-Pdf
[漏洞分析] CVE-2018-9995_dvr_credentials: Get DVR Credentials
https://github.com/ezelf/CVE-2018-9995_dvr_credentials
[恶意分析] The new Domain Generation Algorithm of Nymaim
https://johannesbader.ch/2018/04/the-new-domain-generation-algorithm-of-nymaim/
[书籍] Free Security and Hacking eBooks
https://github.com/Hack-with-Github/Free-Security-eBooks
[漏洞分析] Java反序列化漏洞的原理分析
http://www.freebuf.com/vuls/170344.html
[数据挖掘] 中国科学院院士:梅宏—智慧社会与软件定义
https://mp.weixin.qq.com/s/h1nGYuusENkNroxdte9_yQ
[比赛] 2018-redhat-misc&web-writeup
https://www.anquanke.com/post/id/107005
[Web安全] 线下AD&代码审计&ECShop V2.7.3
https://www.anquanke.com/post/id/107008
[Web安全] How I found 2.9 RCE at Yahoo! Bug Bounty program
https://medium.com/@kedrisec/how-i-found-2-9-rce-at-yahoo-bug-bounty-program-20ab50dbfac7
[Web安全] #BugBounty — How I was able to bypass firewall to get RCE and then went from ser
https://medium.com/@logicbomb_1/bugbounty-how-i-was-able-to-bypass-firewall-to-get-rce-and-then-went-from-server-shell-to-get-783f71131b94
[Web安全] Katana Framework武士刀操作指南
http://www.freebuf.com/sectool/169457.html
[设备安全] 巧妙使用机器学习的方法来检测IOT设备中的DDOS攻击
https://mp.weixin.qq.com/s/ksqB8wkHuCFvmTvxD4doWA
[Web安全] GitList-0-6-Unauthenticated-RCE-分析
https://chybeta.github.io/2018/04/30/GitList-0-6-Unauthenticated-RCE-分析/
[文档] Tips for Reverse-Engineering Malicious Code - Cheat Sheet
https://digital-forensics.sans.org/media/reverse-engineering-malicious-code-tips.pdf
[数据挖掘] NIPS 2017对抗样本攻防竞赛总结
https://mp.weixin.qq.com/s/AuOFvbEl7sHpdbT4vFv46Q
[工具] A repository of sysmon configuration modules
https://github.com/olafhartong/sysmon-modular
[取证分析] Palantir的新专利曝光:挖掘和整合全世界的数据
https://mp.weixin.qq.com/s/y6wEiVqaRkXxGvDeUxO6-w
[漏洞分析] GPON Home Gateway 远程命令执行漏洞分析
https://paper.seebug.org/593/
[恶意分析] 解析针对巴西用户的恶意软件及垃圾邮件行动
http://www.4hou.com/technology/11251.html
[工具] santa:A binary whitelisting/blacklisting system for Mac OS X
https://github.com/google/santa
[恶意分析] Kaspersky 发布针对网络间谍活动 ZooPark 的研究报告
https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/05/03114450/ZooPark_for_public_final_edit.pdf
[恶意分析] Operation GhostSecret:在全球范围内窃取数据的攻击活动
https://www.anquanke.com/post/id/106853
[运维安全] gdpr-checklist: The GDPR Checklist Project
https://github.com/privacyradius/gdpr-checklist