安全资讯

[新闻]  EFF 宣布加强邮件安全的 STARTTLS Everywhere
https://www.solidot.org/story?sid=56981

[新闻]  政府购买服务管理办法（征求意见稿）
https://mp.weixin.qq.com/s/YEaEjBoRvvgeRuWoKSpbuA

[新闻]  2018年“网络空间安全”大学生夏令营活动详情
https://www.inforsec.org/wp/?p=2623

[新闻]  区块链新用法：控制僵尸网络
http://www.aqniu.com/hack-geek/35312.html

安全技术

[Web安全]  记一次对某企业的渗透测试实战
https://bbs.ichunqiu.com/thread-41946-1-1.html

[Web安全]  API 接口渗透测试
https://xz.aliyun.com/t/2412

[Web安全]  利用Burp Suite攻击Web应用
https://bbs.ichunqiu.com/thread-41965-1-1.html

[Web安全]  国内SRC漏洞挖掘技巧与经验分享
http://pwn.dog/index.php/Web-Security/DC531.html

[Web安全]  基于端口的弱口令检测工具--iscan
https://mp.weixin.qq.com/s/Txx-zWxDcWDfQh_FOKd4SQ

[漏洞分析]  已知攻击方法和常见防御模式综合列表
https://github.com/slowmist/Knowledge-Base/

[Web安全]  分布式Web漏洞扫描服务建设实践系列
https://mp.weixin.qq.com/s/FLFm9KRYQdS5HDYslaL98w

[编程技术]  Docker概念详细的介绍
https://mp.weixin.qq.com/s/xSbYTJmLuqsyYEDEIsndZw

[漏洞分析]  内核漏洞辅助分析工具 
https://whitehatck01.blogspot.com/2018/04/blog-post.html

[Web安全]  子域名劫持
https://xz.aliyun.com/t/2414

[Web安全]  Wordpress <= 4.9.6 任意文件删除漏洞
http://blog.vulnspy.com/2018/06/27/Wordpress-4-9-6-Arbitrary-File-Delection-Vulnerbility/

[数据挖掘]  自底向上—知识图谱构建技术初探
https://www.anquanke.com/post/id/149122

[视频]  米斯特培训课程公开-洞察Web安全
https://zhuanlan.zhihu.com/p/38775390

[Web安全]  Java代码审计入门篇
https://bbs.ichunqiu.com/thread-42149-1-1.html?from=sec

[观点]  基于攻击视角完善信息安全弹性防御体系的思考
https://mp.weixin.qq.com/s/DDfdRVaVvTgQ5ldXqmgQ3g

[Web安全] Wordpress <= 4.9.6 任意文件删除漏洞
https://github.com/SecWiki/CMS-Hunter/blob/master/WordPress/

[恶意分析]  Linux 遭入侵，挖矿进程被隐藏案例分析
https://mp.weixin.qq.com/s/1AF5cgo_hJ096LmX7ZHitA

[运维安全]  内网映射方案(lanproxy) 
http://kekefund.com/2018/06/24/lanproxy/

[漏洞分析]  phpMyAdmin 4.8.x LFI to RCE
https://blog.vulnspy.com/2018/06/21/phpMyAdmin-4-8-x-Authorited-CLI-to-RCE/

[运维安全]  甲方企业安全建设之钓鱼实践的一种姿势 
http://pirogue.org/2018/06/26/phishing/

[Web安全]  SSRF攻击文档翻译
https://xz.aliyun.com/t/2421

[恶意分析]  基于tor网络的钓鱼邮件分析
https://mp.weixin.qq.com/s/BlssgysUVcebkX9JZ71zMg

[取证分析]  Threat Hunting-威胁狩猎分享
https://mp.weixin.qq.com/s/9oBKBSkeA98Qyz5PtsDrqQ

[恶意分析]  DotNetToJScript 复活之路
https://evi1cg.me/archives/AMSI_bypass.html

[漏洞分析]  Wordpress <= 4.9.6 任意文件删除漏洞
https://blog.vulnspy.com/2018/06/27/Wordpress-4-9-6-Arbitrary-File-Delection-Vulnerbility/

[数据挖掘]  带你用深度学习虚拟机进行文本迁移学习
https://mp.weixin.qq.com/s/8lNZ_t974d58Oo7O3o68yQ

[编程技术]  kubernetes从入门到放弃4--(安全机制)
https://jiayi.space/post/kubernetescong-ru-men-dao-fang-qi-4-an-quan-ji-zhi

[运维安全]  将持续安全植入容器部署的4步指南
http://www.infoq.com/cn/articles/building-continuous-security-containers-deployment

[运维安全]  BSI publishes Snort rules for SIS networks
https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2018/RAPSN_SETS_26062018.html

[恶意分析]  Loading a DLL from memory
https://www.joachim-bauch.de/tutorials/loading-a-dll-from-memory/

[事件]  Gentoo's GitHub Has Been Hacked
http://www.theregister.co.uk/2018/06/28/gentoo_linux_github_hacked/

[漏洞分析]  EOS、以太坊网络攻防情报及智能合约安全分享
https://mp.weixin.qq.com/s/aUS7qm6T7FT1fgj17oUR1A

[数据挖掘]  网络“黑公关”研究报告
https://bdclab.jnu.edu.cn/8360

[运维安全]  Security Onion使用手册（一）：愿者上钩
https://mp.weixin.qq.com/s/x_AJTqinGvLESu3_bFursg

[漏洞分析]  PHPMyAdmin 4.8.0 ~ 4.8.1 Remote Code Execution
https://medium.com/@happyholic1203/phpmyadmin-4-8-0-4-8-1-remote-code-execution-257bcc146f8e

[取证分析]  浅谈威胁情报从甲方运营到乙方交付
https://zhuanlan.zhihu.com/p/38532724

[漏洞分析]  Foxit Reader 9.0.1.1049 - Remote Code Execution
https://srcincite.io/blog/2018/06/22/foxes-among-us-foxit-reader-vulnerability-discovery-and-exploitation.html

[漏洞分析]  在Windows下利用格式字符串
https://xz.aliyun.com/t/2410

[运维安全]  安全管理者要注意的一些问题
http://www.freebuf.com/articles/neopoints/175619.html

[运维安全]  fwaudit: Platform Firmware Auditing Tool
https://github.com/PreOS-Security/fwaudit

[恶意分析]  如何看待Docker镜像进入Docker Hub

https://www.anquanke.com/post/id/148747

[运维安全]  phishing: The Security Practices of Party A Phishing
https://github.com/p1r06u3/phishing

[Web安全]  高级CORS利用技术分享
http://www.freebuf.com/articles/terminal/175609.html

[恶意分析]  针对保险、母婴等行业的定向攻击事件分析
https://mp.weixin.qq.com/s/2vwLHzbtF2jd58TfsbKi1g

[比赛]  Orange: Google CTF 2018 Quals Web Challenge
http://blog.orange.tw/2018/06/google-ctf-2018-quals-web-gcalc.html

[数据挖掘]  NLP哪里跑: 什么是自然语言处理
http://www.zmonster.me/2018/06/25/nlp-thinking-2.html

[移动安全]  Pwn2Own华为iReader漏洞原理与利用分析
http://www.freebuf.com/vuls/175256.html

[编程技术]  kubernetes从入门到放弃5--(存储原理)
https://jiayi.space/post/kubernetescong-ru-men-dao-fang-qi-5-cun-chu-yuan-li

[漏洞分析]  以太坊蜜罐智能合约分析
https://paper.seebug.org/631/

[文档]  Hardening Microsoft Windows 10 version 1709 Workstations
https://www.asd.gov.au/publications/protect/Hardening_Win10.pdf

[设备安全]  FACT - 固件分析/类比平台解读
https://mp.weixin.qq.com/s/7h8UtBCUZjnlc33Oay1ORg

[其它]  The-rise-and-fall-of amsi
http://technodocbox.com/Windows/76106187-The-rise-and-fall-of.html