安全资讯
[新闻] 2018年网络安全大事记
https://mp.weixin.qq.com/s/YvlUX8Zjp9gfAtJ6YY27BA
[法规] 公安机关办理刑事案件电子数据取证规则
http://www.mps.gov.cn/n2254314/n2254409/n4904353/c6337154/content.html
[新闻] 2018安防监控、雪亮工程项目盘点
https://mp.weixin.qq.com/s/Sz8HguJ0X13nw4ajAhxOhg
安全技术
[运维安全] github_dis: 一款精简版github信息泄露搜集工具
https://github.com/dongfangyuxiao/github_dis/
[Web安全] SDL最初实践-安全培训
https://mp.weixin.qq.com/s/s2D513XseLpIyE2i0UOC8Q
[数据挖掘] 基于QQ空间的说说数据的分析
https://www.jianshu.com/p/a5e1ca0c5204
[Web安全] WAF绕过技术系列文章(二)
https://nosec.org/home/detail/2137.html
[其它] WeiboImageReverse: Chrome 插件,反查微博图片po主
https://github.com/fei-ke/WeiboImageReverse
[漏洞分析] 子域名接管:二阶漏洞利用
http://www.4hou.com/web/15504.html
[漏洞分析] SpEL injection(译)
https://cryin.github.io/blog/SpEL%20injection/
[数据挖掘] 网络空间测绘在网络国防中的重大意义和作用
https://mp.weixin.qq.com/s/TBmigl6-TTJNDzYCqlFc4w
[比赛] CTF取证方法总结
http://www.4hou.com/web/15206.html
[Web安全] SDL最初实践-开篇
https://mp.weixin.qq.com/s/tPzrWzZjRcfNZaHIa7JTWA
[恶意分析] 2018年高级持续性威胁(APT)研究报告
https://mp.weixin.qq.com/s/F5hBw_pVithLlY6ixE0q-g
[Web安全] XML外部实体注入(XXE)漏洞学习资源及相关开源项目
https://nosec.org/home/detail/2139.html
[设备安全] 2018 年 IoT 那些事儿
[Web安全] 后渗透之meterpreter使用攻略
[恶意分析] 2018年全球十大APT攻击事件盘点
https://mp.weixin.qq.com/s/ja8eunPUaTqLj_smdABLTQ
[视频] 网易公开课:犯罪侦查科技
https://open.163.com/movie/2017/11/1/F/MD2P1B6R2_MD2P8LF1F.html
[运维安全] 中通内部安全通讯实践
[漏洞分析] 项目推荐:awesome-browser-exploit
[漏洞分析] 利用EXCEL进行XXE攻击
[数据挖掘] 从Lucene到Elasticsearch:全文检索实战
http://www.bugs.cc/2018/12/30/reading-notes-from-lucene-to-elasticsearch-full-text-search/
[Web安全] 关于Shiro反序列化漏洞的延伸—升级shiro也能被shell
https://mp.weixin.qq.com/s/NRx-rDBEFEbZYrfnRw2iDw
[取证分析] 首个已知 UEFI Rootkit 与 Sednit APT 有关联
https://www.solidot.org/story?sid=59167
[数据挖掘] 不解密识别恶意流量
http://www.4hou.com/web/14120.html
[设备安全] Expliot - Internet of Things Exploitation framework
https://gitlab.com/expliot_framework/expliot
[恶意分析] 全球高级持续性威胁(APT)2018年总结报告
https://mp.weixin.qq.com/s/sSuTHTLfqAGfaBbopU8yEQ
[工具] patoolkit: a collection of traffic analysis plugins focused on security
https://github.com/pentesteracademy/patoolkit
[观点] 从传统安全转行风控领域的心路历程,兼谈黑产和风控行业趋势
https://mp.weixin.qq.com/s/GWOjp1E2B4J0efUjFBnp8Q
[杂志] SecWiki周刊(第252期)
https://www.sec-wiki.com/weekly/252
[移动安全] Android SMS Stealer – Max Kersten
https://maxkersten.nl/binary-analysis-course/malware-analysis/android-sms-stealer/
[漏洞分析] Etouch2.0 分析代码审计流程 (二) 前台SQL注入
https://www.anquanke.com/post/id/169152
[观点] 构建网络攻击响应框架的政治考量
https://mp.weixin.qq.com/s/iOq84kVblAW5a2mK2GDJwA
[漏洞分析] 菜鸟学代码审计:Xnuca2018-hardphp详细分析
https://www.freebuf.com/articles/rookie/193118.html
[取证分析] osquery架构一览
https://blog.spoock.com/2018/12/29/osquery-under-the-hood/
[运维安全] 浅析商业银行数据安全保护体系建设思路
[漏洞分析] Guardzilla IoT Video Camera Hard-Coded Credentials (CVE-2018-5560)
https://www.0dayallday.org/guardzilla-video-camera-hard-coded-aws-credentials/
[漏洞分析] Struts2-005远程代码执行漏洞分析
https://www.freebuf.com/vuls/193078.html
[Web安全] Reflected XSS on ws-na.amazon-adsystem.com(Amazon) – newp_th – Medium
https://medium.com/@newp_th/reflected-xss-on-ws-na-amazon-adsystem-com-amazon-f1e55f1d24cf
[其它] NSA/CSS Technical Cyber Threat Framework v2.2
[编程技术] Cryptography in Python Burp Extensions
https://parsiya.net/blog/2018-12-24-cryptography-in-python-burp-extensions/
[取证分析] OSINT Resources for 2019
[观点] 信息新时代的软件新技术
https://mp.weixin.qq.com/s/cz-zjZw3rmFQ1o0w2ciHBQ
[Web安全] JGillam/burp-paramalyzer: Paramalyzer
https://github.com/JGillam/burp-paramalyzer
[恶意分析] Talos 2018年恶意软件追踪调查总结
http://www.4hou.com/info/observation/15463.html
[比赛] 35c3CTF collection writeup
[恶意分析] atmoner/nodeCrypto: Ransomware written in NodeJs
https://github.com/atmoner/nodeCrypto
[恶意分析] Targeted cyberattacks logbook: APT Overview
https://apt.securelist.com/#!/threats/
[恶意分析] dreadl0ck/netcap: A framework for secure and scalable network traffic analysis
https://github.com/dreadl0ck/netcap
[漏洞分析] 区块链安全—经典溢出漏洞cve分析
[运维安全] ANSSI-FR/audit-radius: A RADIUS authentication server audit tool
https://github.com/ANSSI-FR/audit-radius
[论文] Cloud Strife: Mitigating the Security Risks of Domain-Validated Certificates
[取证分析] Harpoon: an OSINT / Threat Intelligence tool
https://www.randhome.io/blog/2018/02/23/harpoon-an-osint-threat-intelligence-tool/
[Web安全] PHP mt_rand安全杂谈及应用场景详解
https://www.freebuf.com/vuls/192012.html
-----微信ID:SecWiki----- SecWiki,5年来一直专注安全技术资讯分析! SecWiki:https://www.sec-wiki.com
本期原文地址: SecWiki周刊(第253期)