SecWiki周刊(第105期)
2016/02/29-2016/03/06
安全资讯
一起绕过双因子验证的实际入侵案例
http://www.aqniu.com/threat-alert/13953.html
http://www.aqniu.com/threat-alert/13953.html
安全技术
USA 2016 RSA Conference Slide & Media
http://www.rsaconference.com/events/us16/downloads-and-media
http://www.rsaconference.com/events/us16/downloads-and-media
安卓微信、QQ自带浏览器 UXSS 漏洞
http://blog.knownsec.com/2016/02/android-weixin-qq-uxss/
http://blog.knownsec.com/2016/02/android-weixin-qq-uxss/
Google Summer of Code 2016 Project Ideas
http://www.honeynet.org/gsoc/ideas
http://www.honeynet.org/gsoc/ideas
Blackout - Memory Analysis of BlackEnergy Big dropper
http://malware-unplugged.blogspot.tw/2016/02/blackout-memory-analysis-of-blackenergy.html
http://malware-unplugged.blogspot.tw/2016/02/blackout-memory-analysis-of-blackenergy.html
GitHarvester:harvesting information from GitHub
https://github.com/metac0rtex/GitHarvester
https://github.com/metac0rtex/GitHarvester
简单验证码识别及工具编写思路
http://drops.wooyun.org/tips/13043
http://drops.wooyun.org/tips/13043
AIL framework - Analysis Information Leak framework
https://github.com/CIRCL/AIL-framework
https://github.com/CIRCL/AIL-framework
基于用户行为动态变化的内部威胁检测方法
http://www.freebuf.com/articles/system/97703.html
http://www.freebuf.com/articles/system/97703.html
Limon Sandbox for Analyzing Linux Malwares
http://malware-unplugged.blogspot.tw/2015/11/limon-sandbox-for-analyzing-linux.html
http://malware-unplugged.blogspot.tw/2015/11/limon-sandbox-for-analyzing-linux.html
Common Security Issues in Financially-Orientated Web Applications
https://www.nccgroup.trust/uk/our-research/common-security-issues-in-financially-orientated-web-applications/
https://www.nccgroup.trust/uk/our-research/common-security-issues-in-financially-orientated-web-applications/
fuckCoreMail爆破说明书
https://github.com/pyphrb/fuckCoreMail
https://github.com/pyphrb/fuckCoreMail
Adding a scoring system in peepdf
http://eternal-todo.com/blog/adding-scoring-system-peepdf-pdf-analysis
http://eternal-todo.com/blog/adding-scoring-system-peepdf-pdf-analysis
Sublist3r: Fast subdomains enumeration tool for penetration testers
https://github.com/aboul3la/Sublist3r
https://github.com/aboul3la/Sublist3r
2015年中国互联网安全报告
https://a4b0af.lt.yunpan.cn/lk/cxTSuYQNLeKPr
https://a4b0af.lt.yunpan.cn/lk/cxTSuYQNLeKPr
Little HTML event attributes fuzzer
http://pastebin.com/AayLzNyB
http://pastebin.com/AayLzNyB
Tax Scams Gone International
http://blog.talosintel.com/2016/02/tax-scams.html#more
http://blog.talosintel.com/2016/02/tax-scams.html#more
Scanner of DROWN attack against TLS
https://github.com/nimia/public_drown_scanner
https://github.com/nimia/public_drown_scanner
a lot of vulnerable OS X applications
http://vulnsec.com/2016/osx-apps-vulnerabilities/
http://vulnsec.com/2016/osx-apps-vulnerabilities/
-----微信ID:SecWiki-----
SecWiki,13年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第105期)
