安全资讯

[人物]  安恒张百川：藏剑入怀的网路游侠

https://mp.weixin.qq.com/s/yNwRk7W30refX234DKmI6Q

[新闻]  阿里成立数据安全研究院 对抗黑灰产

https://tech.sina.com.cn/i/2018-08-21/doc-ihhzsnea2555066.shtml

[法规]  最全面的大数据安全领域标准法规

https://mp.weixin.qq.com/s/Lpr8BJ-tUsjfJ0xuYOL_gw

[新闻]  2018年上半年短视频行业黑灰产研究报告

https://www.aqniu.com/tools-tech/37590.html

[人物]  黑客情报官-薛锋

https://mp.weixin.qq.com/s/iYdOJYCky3_8OGUNysgE3Q

[新闻]  千名西澳大利亚公务员用 password123 作为密码

https://www.solidot.org/story?sid=57701

[取证分析]  Chinese Cyberespionage Originating From Tsinghua University Infrastructure

https://www.recordedfuture.com/chinese-cyberespionage-operations/

[新闻]  第四届GoSSIP安全暑期学校小记

https://zhuanlan.zhihu.com/p/42121989

安全技术

[Web安全]  Struts2最新RCE漏洞S2-057（CVE-2018-11776）

https://nosec.org/home/detail/1755.html

[Web安全]  Struts 2漏洞（CVE-2018-11776/S2-057）及可能攻击向量

https://www.anquanke.com/post/id/157397

[比赛]  2018网鼎杯-第二场-writeup

https://xz.aliyun.com/t/2614

[Web安全]  Remote Code Execution Vulnerability in Apache Struts (CVE-2018-11776)

https://semmle.com/news/apache-struts-CVE-2018-11776

[Web安全]  burpsuite 2.0 beta 发布

https://portswigger.net/blog/burp-suite-2-0-beta-now-available

[漏洞分析]  2018 网鼎杯 教育组 Pwn Babyheap 题解

https://xz.aliyun.com/t/2609

[取证分析]  服务器入侵溯源小技巧整理

https://mp.weixin.qq.com/s/A1tPlv8YpSr6w-zvUxxxxg

[漏洞分析]  近年APT组织常用的攻击漏洞

http://www.freebuf.com/vuls/175280.html

[比赛]  Web选手的AWD后渗透指南

http://momomoxiaoxi.com/ctf/2018/08/21/AWDbackdoor/

[漏洞分析]  ColdFusion再爆远程代码执行漏洞 CVE-2018-4939

https://xz.aliyun.com/t/2604

[漏洞分析]  UEditor编辑器两个版本任意文件上传漏洞分析

http://www.freebuf.com/vuls/181814.html

[杂志]  SecWiki周刊（第233期)

https://www.sec-wiki.com/weekly/233

[Web安全]  记一次博客被日的分析过程

https://bbs.ichunqiu.com/thread-44743-1-1.html?from=sec

[Web安全]  Pocsuite与Osprey(鱼鹰)框架解析

https://x.hacking8.com/?post=265

[恶意分析]  流量劫持与盗号

https://weibo.com/ttarticle/p/show?id=2309404276135318958600

[观点]  零信任安全的4W1H

https://mp.weixin.qq.com/s/yBzdo9qHacTajQFNpmjvpQ

[Web安全]  漏洞聚焦：CVE-2016-5072

https://xz.aliyun.com/t/2638

[Web安全]  ueGetshell.py: ueditor .net getshell漏洞检测工具

https://github.com/theLSA/ueditor-getshell

[Web安全]  Metinfo新版本6.1.0存在多个漏洞

https://nosec.org/home/detail/1740.html

[Web安全]  CVE-2018-11776: How to find 5 RCEs in Apache Struts with Semmle QL

https://lgtm.com/blog/apache_struts_CVE-2018-11776

[恶意分析]  匿名网络概述（Darknet）

https://www.findhao.net/easycoding/1803

[漏洞分析]  反序列化工具链的自动发掘

http://www.arkteam.net/?p=4031

[设备安全]  13万Mikrotik设备被植入CoinHive挖矿代码

https://nosec.org/home/detail/1748.html

[漏洞分析]  UEditor .net版本 getshell

https://www.jianshu.com/p/6dae608b617c

[Web安全]  DOM XSS的三种常见案例介绍

http://www.4hou.com/technology/13217.html

[运维安全]  OpenSSH用户枚举漏洞：一探究竟

https://xz.aliyun.com/t/2623

[编程技术]  API自动化测试 

http://kekefund.com/2018/07/15/api-test/

[恶意分析]  EvilOSX：一款功能强大的macOS远程管理工具（RAT）

http://www.freebuf.com/sectool/180668.html

[数据挖掘]  一文带你读懂特征工程

https://mp.weixin.qq.com/s/PRkSXjBdknX3yeBIzBAgOQ

[Web安全]  于bugku中游荡意外得到关于CBC翻转攻击思路

https://bbs.ichunqiu.com/thread-44579-1-1.html?from=sec

[Web安全]  Web CTF CheatSheet

https://github.com/w181496/Web-CTF-Cheatsheet

[数据挖掘]  机器学习在Windows RDP版本和后门检测上的应用

https://www.anquanke.com/post/id/157175

[运维安全]  沙箱逃逸 - Microsoft Office在MacOS上的应用

https://xz.aliyun.com/t/2600

[Web安全]  GraphQL安全指北

https://www.anquanke.com/post/id/156930

[Web安全]  浅析xml之xinclude & xslt

https://www.anquanke.com/post/id/156227

[Web安全]  Cobaltstrike和Armitage联动

http://www.freebuf.com/sectool/180395.html

[取证分析]  威胁情报闭环—如何得到有用的情报然后追踪攻击者

https://zhuanlan.zhihu.com/p/42903832

[取证分析]  T-Pot 蜜罐的介绍及使用

https://imlonghao.com/53.html

[漏洞分析]  深入了解Json Web Token之实战篇

http://www.freebuf.com/articles/web/181261.html

[Web安全]  {黑掉这个盒子} \\ FluxCapacitor Write-Up

https://bbs.ichunqiu.com/thread-44534-1-1.html?from=sec

[漏洞分析]  通过Unquoted service Path进行Windows提权

https://xz.aliyun.com/t/2606

[漏洞分析]  Remote Code Execution on a Facebook server

https://blog.scrt.ch/2018/08/24/remote-code-execution-on-a-facebook-server/

[文档]  2018网络安全生态峰会区块链安全分论坛PPT

https://bcsec.org/index/detail/id/251/tag/2

[运维安全]  企业数据安全建设的经历与实践

https://mp.weixin.qq.com/s/ItvWWhC0iYOpG6nQ3WPfvg

[Web安全]  [SecTrans-2]Stored XSS on Facebook

https://mp.weixin.qq.com/s/XHPnys5Iyyi9tm02fVrOTQ

[Web安全]  wam: Web App Monitor 应用更新细节监控

https://github.com/knownsec/wam?from=timeline

[Web安全]  看我如何在30分钟内获得homebrew仓库的访问权限

https://xz.aliyun.com/t/2628

[其它]  GodGame漏洞原理以及黑客攻击手法分析

https://nosec.org/home/detail/1759.html

[数据挖掘]  机器学习的数学基础

https://mp.weixin.qq.com/s/Cm-DNNLMqgcp_DJqUeM-Tw

[比赛]  2018WhiteHat-web-复盘

https://xz.aliyun.com/t/2599

[其它]  reversing-and-patching-net-binaries-with-embedded-references

https://insinuator.net/2018/04/reversing-and-patching-net-binaries-with-embedded-references/

[运维安全]  董祎铖：建立企业安全应急响应“急救箱”

http://www.freebuf.com/articles/es/181260.html

[漏洞分析]  Windows下反反调试技术汇总

http://www.freebuf.com/articles/others-articles/181085.html

[恶意分析]  利用ML&AI判定未知恶意程序

http://www.4hou.com/technology/13181.html

[其它]  arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe

https://posts.specterops.io/arbitrary-unsigned-code-execution-vector-in-microsoft-workflow-compiler-exe-3d9294bc5efb

[移动安全]  Every iOS security guide

https://github.com/0xmachos/iOS-Security-Guides

[文档]  rapid7 threat report 2018-q2

https://www.rapid7.com/globalassets/_pdfs/research/rapid7-threat-report-2018-q2.pdf

[无线安全]  LimeSDR 上手指南 

https://future-sec.com/Limesdr-introduce.html

[论文]  InForSec区块链安全研讨会成功召开

https://mp.weixin.qq.com/s/t_HjrMeiVpfGS4m49HOllQ

-----微信ID：SecWiki-----
SecWiki，5年来一直专注安全技术资讯分析！
SecWiki：https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第234期)