安全资讯
[新闻] EFF 宣布加强邮件安全的 STARTTLS Everywhere
https://www.solidot.org/story?sid=56981
[新闻] 政府购买服务管理办法(征求意见稿)
https://mp.weixin.qq.com/s/YEaEjBoRvvgeRuWoKSpbuA
[新闻] 2018年“网络空间安全”大学生夏令营活动详情
https://www.inforsec.org/wp/?p=2623
[新闻] 区块链新用法:控制僵尸网络
http://www.aqniu.com/hack-geek/35312.html
安全技术
[Web安全] 记一次对某企业的渗透测试实战
https://bbs.ichunqiu.com/thread-41946-1-1.html
[Web安全] API 接口渗透测试
https://xz.aliyun.com/t/2412
[Web安全] 利用Burp Suite攻击Web应用
https://bbs.ichunqiu.com/thread-41965-1-1.html
[Web安全] 国内SRC漏洞挖掘技巧与经验分享
http://pwn.dog/index.php/Web-Security/DC531.html
[Web安全] 基于端口的弱口令检测工具--iscan
https://mp.weixin.qq.com/s/Txx-zWxDcWDfQh_FOKd4SQ
[漏洞分析] 已知攻击方法和常见防御模式综合列表
https://github.com/slowmist/Knowledge-Base/
[Web安全] 分布式Web漏洞扫描服务建设实践系列
https://mp.weixin.qq.com/s/FLFm9KRYQdS5HDYslaL98w
[编程技术] Docker概念详细的介绍
https://mp.weixin.qq.com/s/xSbYTJmLuqsyYEDEIsndZw
[漏洞分析] 内核漏洞辅助分析工具
https://whitehatck01.blogspot.com/2018/04/blog-post.html
[Web安全] 子域名劫持
https://xz.aliyun.com/t/2414
[Web安全] Wordpress <= 4.9.6 任意文件删除漏洞
http://blog.vulnspy.com/2018/06/27/Wordpress-4-9-6-Arbitrary-File-Delection-Vulnerbility/
[数据挖掘] 自底向上—知识图谱构建技术初探
https://www.anquanke.com/post/id/149122
[视频] 米斯特培训课程公开-洞察Web安全
https://zhuanlan.zhihu.com/p/38775390
[Web安全] Java代码审计入门篇
https://bbs.ichunqiu.com/thread-42149-1-1.html?from=sec
[观点] 基于攻击视角完善信息安全弹性防御体系的思考
https://mp.weixin.qq.com/s/DDfdRVaVvTgQ5ldXqmgQ3g
[Web安全] Wordpress <= 4.9.6 任意文件删除漏洞
https://github.com/SecWiki/CMS-Hunter/blob/master/WordPress/
[恶意分析] Linux 遭入侵,挖矿进程被隐藏案例分析
https://mp.weixin.qq.com/s/1AF5cgo_hJ096LmX7ZHitA
[运维安全] 内网映射方案(lanproxy)
http://kekefund.com/2018/06/24/lanproxy/
[漏洞分析] phpMyAdmin 4.8.x LFI to RCE
https://blog.vulnspy.com/2018/06/21/phpMyAdmin-4-8-x-Authorited-CLI-to-RCE/
[运维安全] 甲方企业安全建设之钓鱼实践的一种姿势
http://pirogue.org/2018/06/26/phishing/
[Web安全] SSRF攻击文档翻译
https://xz.aliyun.com/t/2421
[恶意分析] 基于tor网络的钓鱼邮件分析
https://mp.weixin.qq.com/s/BlssgysUVcebkX9JZ71zMg
[取证分析] Threat Hunting-威胁狩猎分享
https://mp.weixin.qq.com/s/9oBKBSkeA98Qyz5PtsDrqQ
[恶意分析] DotNetToJScript 复活之路
https://evi1cg.me/archives/AMSI_bypass.html
[漏洞分析] Wordpress <= 4.9.6 任意文件删除漏洞
https://blog.vulnspy.com/2018/06/27/Wordpress-4-9-6-Arbitrary-File-Delection-Vulnerbility/
[数据挖掘] 带你用深度学习虚拟机进行文本迁移学习
https://mp.weixin.qq.com/s/8lNZ_t974d58Oo7O3o68yQ
[编程技术] kubernetes从入门到放弃4--(安全机制)
https://jiayi.space/post/kubernetescong-ru-men-dao-fang-qi-4-an-quan-ji-zhi
[运维安全] 将持续安全植入容器部署的4步指南
http://www.infoq.com/cn/articles/building-continuous-security-containers-deployment
[运维安全] BSI publishes Snort rules for SIS networks
https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2018/RAPSN_SETS_26062018.html
[恶意分析] Loading a DLL from memory
https://www.joachim-bauch.de/tutorials/loading-a-dll-from-memory/
[事件] Gentoo's GitHub Has Been Hacked
http://www.theregister.co.uk/2018/06/28/gentoo_linux_github_hacked/
[漏洞分析] EOS、以太坊网络攻防情报及智能合约安全分享
https://mp.weixin.qq.com/s/aUS7qm6T7FT1fgj17oUR1A
[数据挖掘] 网络“黑公关”研究报告
https://bdclab.jnu.edu.cn/8360
[运维安全] Security Onion使用手册(一):愿者上钩
https://mp.weixin.qq.com/s/x_AJTqinGvLESu3_bFursg
[漏洞分析] PHPMyAdmin 4.8.0 ~ 4.8.1 Remote Code Execution
https://medium.com/@happyholic1203/phpmyadmin-4-8-0-4-8-1-remote-code-execution-257bcc146f8e
[取证分析] 浅谈威胁情报从甲方运营到乙方交付
https://zhuanlan.zhihu.com/p/38532724
[漏洞分析] Foxit Reader 9.0.1.1049 - Remote Code Execution
https://srcincite.io/blog/2018/06/22/foxes-among-us-foxit-reader-vulnerability-discovery-and-exploitation.html
[漏洞分析] 在Windows下利用格式字符串
https://xz.aliyun.com/t/2410
[运维安全] 安全管理者要注意的一些问题
http://www.freebuf.com/articles/neopoints/175619.html
[运维安全] fwaudit: Platform Firmware Auditing Tool
https://github.com/PreOS-Security/fwaudit
[恶意分析] 如何看待Docker镜像进入Docker Hub
https://www.anquanke.com/post/id/148747
[运维安全] phishing: The Security Practices of Party A Phishing
https://github.com/p1r06u3/phishing
[Web安全] 高级CORS利用技术分享
http://www.freebuf.com/articles/terminal/175609.html
[恶意分析] 针对保险、母婴等行业的定向攻击事件分析
https://mp.weixin.qq.com/s/2vwLHzbtF2jd58TfsbKi1g
[比赛] Orange: Google CTF 2018 Quals Web Challenge
http://blog.orange.tw/2018/06/google-ctf-2018-quals-web-gcalc.html
[数据挖掘] NLP哪里跑: 什么是自然语言处理
http://www.zmonster.me/2018/06/25/nlp-thinking-2.html
[移动安全] Pwn2Own华为iReader漏洞原理与利用分析
http://www.freebuf.com/vuls/175256.html
[编程技术] kubernetes从入门到放弃5--(存储原理)
https://jiayi.space/post/kubernetescong-ru-men-dao-fang-qi-5-cun-chu-yuan-li
[漏洞分析] 以太坊蜜罐智能合约分析
https://paper.seebug.org/631/
[文档] Hardening Microsoft Windows 10 version 1709 Workstations
https://www.asd.gov.au/publications/protect/Hardening_Win10.pdf
[设备安全] FACT - 固件分析/类比平台解读
https://mp.weixin.qq.com/s/7h8UtBCUZjnlc33Oay1ORg
[其它] The-rise-and-fall-of amsi
http://technodocbox.com/Windows/76106187-The-rise-and-fall-of.html