SecWiki周刊(第110期)
2016/04/04-2016/04/10
安全技术
商业堡垒机与麒麟开源堡垒机功能比较列表
http://bbs.linuxtone.org/forum.php?mod=viewthread&tid=29775&fromuid=46854
http://bbs.linuxtone.org/forum.php?mod=viewthread&tid=29775&fromuid=46854
开源堡垒机测试经历---麒麟开源堡垒机篇
http://my.oschina.net/keeplifer/blog/652272
http://my.oschina.net/keeplifer/blog/652272
Using Burp to Exploit Blind SQL Injection Bugs
https://support.portswigger.net/customer/portal/articles/2163785-Methodology_Blind SQL Injection Exploitation.html
https://support.portswigger.net/customer/portal/articles/2163785-Methodology_Blind SQL Injection Exploitation.html
Information theft attacks abusing browser's XSS filter
http://www.mbsd.jp/blog/20160407.html
http://www.mbsd.jp/blog/20160407.html
If You Can’t Break Crypto, Break the Client: Recovery of Plaintext iMessage Data
https://www.bishopfox.com/blog/2016/04/if-you-cant-break-crypto-break-the-client-recovery-of-plaintext-imessage-data/
https://www.bishopfox.com/blog/2016/04/if-you-cant-break-crypto-break-the-client-recovery-of-plaintext-imessage-data/
CVE-2016-1019: A New Flash Exploit Included in Magnitude Exploit Kitlog
https://www.fireeye.com/blog/threat-research/2016/04/cve-2016-1019_a_new.html
https://www.fireeye.com/blog/threat-research/2016/04/cve-2016-1019_a_new.html
Web Application Security with ASP.NET / MVC & OWASP(year-2013)
http://blog.adnanmasood.com/wp-content/uploads/2013/12/LA-C-OWASP-Presentation-Adnan-Masood.pdf
http://blog.adnanmasood.com/wp-content/uploads/2013/12/LA-C-OWASP-Presentation-Adnan-Masood.pdf
异常中的异常——借助系统异常处理特例实现匪夷所思的漏洞利用
http://xlab.tencent.com/cn/2016/04/05/exception-in-exception/
http://xlab.tencent.com/cn/2016/04/05/exception-in-exception/
Python and Powershell internal penetration testing framework
https://github.com/praetorian-inc/pentestly
https://github.com/praetorian-inc/pentestly
华为《2015僵尸网络与DDoS攻击专题报告》
https://mp.weixin.qq.com/s?__biz=MjM5Njc3NjM4MA==&mid=402475339&idx=1&sn=530182906bc56ff37d11cc42abf12f0e
https://mp.weixin.qq.com/s?__biz=MjM5Njc3NjM4MA==&mid=402475339&idx=1&sn=530182906bc56ff37d11cc42abf12f0e
Scanner Routerhunter 2.0
https://github.com/jh00nbr/Routerhunter-2.0
https://github.com/jh00nbr/Routerhunter-2.0
公网开放的plc设备——一种新型的后门
http://drops.wooyun.org/tips/14391
http://drops.wooyun.org/tips/14391
CTF-Tools Some setup scripts for security research tools
http://www.kitploit.com/2016/03/ctf-tools-some-setup-scripts-for.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+PentestTools+%28PenTest+Tools%29&utm_content=FeedBurner
http://www.kitploit.com/2016/03/ctf-tools-some-setup-scripts-for.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+PentestTools+%28PenTest+Tools%29&utm_content=FeedBurner
Remaiten-一个以路由器和IoT设备为目标的Linux bot
http://drops.wooyun.org/tips/14499
http://drops.wooyun.org/tips/14499
深度揭秘:伪基站短信诈骗产业传奇始末!
http://weibo.com/ttarticle/p/show?id=2309403961671860254555
http://weibo.com/ttarticle/p/show?id=2309403961671860254555
Black Hat Asia 2016 的PPT和WP下载
https://www.blackhat.com/asia-16/briefings.html
https://www.blackhat.com/asia-16/briefings.html
一个DOS攻击木马的详细分析过程
http://www.ms509.com/?p=234
http://www.ms509.com/?p=234
Intel x86 Function-call Conventions – Assembly View中文版
http://sunxiunan.com/?p=1229
http://sunxiunan.com/?p=1229
doork: Passive Vulnerability Auditor
https://github.com/AeonDave/doork
https://github.com/AeonDave/doork
Moxa Nport串口服务器漏洞全球统计报告
http://plcscan.org/blog/2016/04/moxa-nport-vulnerability-global-census-report/
http://plcscan.org/blog/2016/04/moxa-nport-vulnerability-global-census-report/
Windows平台下针对C/C++项目的内存泄漏检测方法
http://www.cppblog.com/heath/archive/2013/10/28/203920.html
http://www.cppblog.com/heath/archive/2013/10/28/203920.html
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第110期)
