Secwiki weekly (No.152)

Safety information

[view] etiac and srcms V2 of enterprise Threat Intelligence Collection Center released https://lightrains.org/happy-new-year-2017/

[other] malwaremustie blog image site https://mmd.sougaoqing.com

[news] 100 billion China Internet investment fund was established https://www.huxu.com/article/179401.html

Safety technology

[web security] [New Year's greetings] famous penetration test suite burpsuse Pro v1.7.12 cracked version http://www.mottoin.com/95188.html

[web security] get the domain name script corresponding to IP https://github.com/jevalenciap/iptodomain

[web security] DNS rebinding technology bypasses the SSRF / proxy IP limit http://blog.csdn.net/u011725101/article/details/54667714

D9

[malicious analysis] avoid memory scanning https://github.com/microwave89/rtsectiontest

[news] interpretation of Gartner's top ten information security technologies in 2016 http://www.freebuf.com/articles/security-management/107149.html

[programming technology] csrss whitelist technology http://git.oschina.net/killvxk/subvert

[web security] fingerprint: Web application fingerprint identification (follow the new fingerprint rules) https://github.com/tanjiti/fingerprint

[document] Fido document library https://fidoalliance.org/specs/

[other] [public service translation] Stix profile overview white paper http://blog.nsfocus.net/stix-profile-overview-white-paper/

[web security] summary of common web source code leaks http://www.button.com/95749.html

[web security] security website navigation http://thief.one/collect_url/

[operation and maintenance security] use Sysmon and Splunk to detect horizontal penetration in the network environment http://www.cnblogs.com/xiaoxiaoleo/p/6343403.html

[vulnerability analysis] 2016 web vulnerability statistics: exploit-dbhttp://www.freebuf.com/vuls/125382.html

[magazine] security guest 2016 - gather the excellent technical articles of security circle of the year http://bobao.360.cn/news/detail/3948.html

[operation and maintenance security] CNNIC released the 39th statistical report on the development of China's Internet http://www.cnnic.cn/gywm/xwzx/rdxw/20172017/201701/w02017012251934037090.pdf

[O & M security] Threat Intelligence on fingertips: threatpinchhttps://mp.weixin.qq.com/s? ʍ biz = mza3mtuwmzi5nw = = & mid = 2654431102 & IDX = 1 & Sn = 09b7c56de3de3db856d82d257fd4a56 & chksm = 84ef5bd0b398d2c6e8437d70cd226b3870174d12bbeb6c7efd4451a415df8bbc1057c3910

& srcid = 0124adcwfgxc3gjfg9ntl3ek × Rd

[web security] Python framework for it security tools https://github.com/thomastjdev/wmd

[web security] Meraki rce: when red team and vulnerability research fill in love. Part 2https://research.trust.salesforce.com/meraki-rce-when-red-team-and-vulnerability-research-fill-in-love. - Part-2/

[tool] how to perform DDoS test as a pentester https://pentest.blog/how-to-perform-ddos-test-as-a-pentester/

[malicious analysis] Android malware about to get word: GM BOT source code leakedhttp://securityintelligence.com/android-malware-about-to-get-word-gm-bot-source-code-cleared/

[operation and maintenance security] the ideal WAF http://www.freebuf.com/articles/neopoints/125807.html in the eyes of WAF Product Manager

[web security] e-mail tracker blocker prohibit message tracking (Privacy Protection) https://github.com/jannikarndt/emailtracker blocker

[web security] WordPress express framework: a framework for penetration testing of WordPress ttps://github.com/rastating/wordpress-express-framework/

-----微信ID：SecWiki----- SecWiki，8年来一直专注安全技术资讯分析！ SecWiki：https://www.sec-wiki.com

Original address of this issue: secwiki weekly (issue 152)