标注的博客| 安全研究| 渗透测试| APT

首页

secwiki周刊(第139期)

作者 tingey 时间 2020-03-27
all

安全技术

[20855;]OWASP-OWTF:网址:www.mottoin.com/91015.html

[洞分析]Redis Lua远程代码执EXPhttp://drops.wiki/index.php/2016/10/24/Redis-Lua/

[恶分析]深入学习恶意软件分类系统调用序列http://www.sec.in.tum.de/assets/Uploads/Deep Learning.pdf

[档]QConShanghai2016:QCon上2016幻灯片https://github.com/QConChina/QConShanghai2016

[214629812;]http://mp.weixin.qq.com/s?__biz=MzIzMzE2OTQyNA==&mid=2648946321&idx=1&sn=51e90f65a3694c1d3667eb7b36ef65f9&chksm=f09ea1eec7e928f870d2fc22a0f16da199fe73e79be1c546c19024cdda9e33dbce27b51b&mpshare=1&scene=1&srcid=1027x1YpspZgW80kXGbbjRkc#rd

[Web全]绕过不安全的内联模式CSPhttp://paper.seebug.org/91/

《统治者:交换》http://www.freebuf.com/sectool/117516.html

[网络]mirai mirai公司http://blog.netlab.360.com/a-mirai-botnet-c2-data-analysis/

【Web全】攻击JavaScript引擎:以JavaScriptCore和CVE-2016-4622http://www.phrack.org/papers/Attacking全JavaScript全Engines.html为例

[答:]dyn/twitter[答:]mirai[答:]mirai[答:]mirai[答:]http://blog.netlab.360.com/a-dyn-twitter-ddos-event-report-答:]mirai-botnet-review[答:]/

[Web全]使用PhantomJs的XSS动态检测http://www.n0tr00t.com/2016/10/29/XSS_dynamic_detection_using_PhantomJs.html

[27604]4讲:中国铁通http://mp.weixin.qq.com/s?__biz=MzI0NDM5MzY3NA==&mid=2247484791&idx=1&sn=464f7275aabcfc9dbdcae37f6c52bb82&chksm=e95f36d2de28bfc462467cb31da879bcc57a110169847788d593891a025b0928ab2a3&mpshare=1&scene=1&srcid=1024aS8fQv7QS3mZnmp3H7dZ

[Web全]Hack.lu 2016-Hadoop safari-查找漏洞http://archive.Hack.lu/2016/Wavestone%20-%20Hack.lu%202016%20-%20Hadoop%20safari%20-%20Hunting%20for%20v4.0.pdf

[恶分析]Mirai DDoS僵尸网络:源代码和二进制分析http://www.simonroses.com/2016/10/Mirai-DDoS-Botnet-Source-Code-Binary-Analysis/

[Web全]Win10 docker docker gourdscanv2 http://xiaix.me/win10zai-dockerzhong-yun-xing-gourdscanv2网站/

[20855;]代码战士:http://www.mottoin.com/91088.html

[24694]Mirai,1100万标准箱http://mp.weixin.qq.com/s?__biz=MzIwMDk0MjcwNA==&mid=2247483854&idx=1&sn=a917e227e0321fefb2c30fcc40e04f62&chksm=96f434d1a183bdc7cfb31e07b09dd5462d45048b01e70f1757f6594f2b2105a60a57766423d

[洞分析]利用Intel NUChttp://blog.cr4.sh/2016/10/exploing-AMI-apito-firmware.html示例上的AMI Apito固件

[移动全]安卓多索引http://drops.wiki/index.php/2016/10/26/Android-multidex/

[它]美国交通部向汽车行业发布改进汽车的联邦指导意见http://www.nhtsa.gov/About-nhtsa/Press-Releases/nhtsa_cybersecurity_best_practices_10242016

http://www.i170.com/Attach/3ead43d-7295-45B6-808E-0ACCD26366C0

[模糊化]https://github.com/tinysec/public/blob/master/article/about-fuzz/about-fuzz-cn.md

【点滴事件】http://mp.weixin.qq.com/s?__biz=MjM5MTA3Nzk4MQ==&mid=2650170047&idx=1&sn=7bae4b539ad9bd682f19a73167418ed&chksm=beb9c18d89ce489be2ffaba894009f34952574586ca98577399bd9ff3d794e8d5c7df940b3756b&scene=0 9 rd

[25968; 25366; 25496]40认256550; 307400概35272;:http://mp.weixin.qq.com/s?__biz=MzA3MzI4MjgzMw==&mid=2650720132&idx=1&sn=d630d47c4ab60d35752aba74a9d53361&chksm=871b03fab06c8aec767776a6a4a407c3897dcad26392b24a2253616565e9dc6b5c52df0816&mpshare=1&scene=2&srcid=10289l9xafqir5r10y0s0x&from=timeline&isappinstalled=0

[Joomla[26435]创始(CVE-2016-8869)http://paper.seebug.org/88/

[恶imonlight–中东地区的目标攻击http://blog.vectranetworks.com/blog/Moonlight-Middle-east-Targeted-attacks

[网络]写上去http://d0n9.me/2016/10/23/%E6%A8%A1%E6%8B%9F%E4%BC%97%E6%B5%8B%E6%BC%8F%E6%B4%9E写上去/

[答:答:答:答:答:答:答:答:答:答:答:答:答:答:答:答:答:答:答:答:答:答:答:答:答:答:答:答:答:答:答:答:答:答:答:答:答:答:答:答:答:答:答:答:答:答:答:答:答:答:答:答:答:答:答:答:答:答:答:答:答:答:答:答:答:答:答:答:答:答:答:答:答:答:答

【Web全】霓裳:PowerShell渗透repoint试具http://www.mottoin.com/91098.html

托沙尔-费尔德、汇源蟒蛇http://TuShare.org/index.html

[214629]解决GrrCon 2016内存挑战https://techanarchy.net/2016/10/Solving-GrrCon-2016-dfir-Challenge/

[Web全]内容安全策略(CSP)http://www.mottoin.com/91044.html

[恶分析]在Gootkit C&C服务器内部https://securelist.com/blog/research/76433/Inside-the-Gootkit-cc-server/

[网信:www.mottoin.com/91154.html

[运

硒网驱动程序https://www.gitbook.com/book/easonhan007/selenium-webdriver/details

[简介]SPADEhttp://www.freebuf.com/articles/terminal/117347.html

[23427]网址:http://yedingding.com/2016/10/19/out-product-death-cycle.html

【点睛之笔】【点睛之笔】:https://mp.weixin.qq.com/s?__biz=MzAwMTA3MzM4Nw=&mid=2649439195&idx=1&sn=09afaeac1861e4175d9854796f96f19e&chksm=82c0d25fb5b75b49c6aa6700729421715a3da5236c7af711de9c747f4b30aeb2c90193c1e241&scene=0&key=&ascene=7&uin=&devicetype=android-19&version=26031b31&nettype=WIFI

[运/

数据披露:Nominum数据科学安全报告http://www.Nominum.com/wp-content/uploads/2016/10/Nominum-Security-report.pdf

[具]mimikatz Askel:支持Windows 10 AU&Server 2016http://www.mottoin.com/90997.html

安卓聊天安全(Android ChatSecure)https://arxiv.org/pdf/1610.06721v1.pdf

[数25366;掘]12万美元-http://weibo.com/ttarticle/p/show?编号:2309404034796719336517

[22791]Full(er)House:揭露高端扑克作弊设备https://www.elie.net/blog/security/fuller-House-Exposing-high-end-poker-作弊设备

[档]黑帽子议https://www.evernote.com/shard/s625/sh/f9e17f58-9902-4e3e-ae48-69f213b4d47a/12f7b4e4cb691536

[2146298U3IB]分解Surkov泄漏http://medium.com/dfrlab/Breaking-the-Surkov-leaks-b2feec1423cb

《孤独的贝壳》http://www.mottoin.com/90883.html

承办单位:http://mp.weixin.qq.com/s?__biz=MzI1MzUwNTM2MA==&mid=2247483667&idx=1&sn=b6c505640a5e83137bd0cd54ea16d945&chksm=e9d23b2cdea5b25a2458b0222f53ff19ecc1ef25b2805ab058eea7fa024e8794539cb6748169&mpshare=1&scene=1&srcid=1028N3q9kJYOwRSKc4VhjRrf\rd

[杂志]sec wiki周刊(第138期)https://www.sec-wiki.com/weekly/138

谷歌电子表格

[运

[ష动全]后门apk:向任何Android apk文件添加后门https://github.com/dana-at-cp/backdoor-apk

[它]2016年谷歌代码夏季项目https://Summer of Code.withgoogle.com/Projects/?sp页=2#!

[网站]http://www.freebuf.com/articles/Web/117112.html

承办单位:http://mp.weixin.qq.com/s?__biz=MzI1MzUwNTM2MA==&mid=2247483660&idx=1&sn=47b4d4be661b6c9f326b7dce5d52aaef&chksm=e9d23b3dea5b225c1353e9c59f35773cef59ed87492de9fd8aaef3f43caa085f064f617b959&mpshare=1&scene=1&srcid=1027lpyYqo93ftwwr3EIXTA5

[数25454;挖掘]居住地

[Web全]【预测】【Joomla未26435; creating constructs号/权38480;升http://www.mottoin.com/91059.html

[214629]findjecthttp://www.netresec.com/?page=Blog&month=2016-10&post=使用findject检测TCP内容注入攻击

百分之88%86%e6%9e%90/

[ష动全]Drammer(Drammer)网站:http://seclab.dbappsecurity.com.cn/?p=1491