SecWiki周刊（第116期)

SecWiki周刊（第116期）

2016/05/16-2016/05/22

安全资讯

[视频] 「视频」季昕华：想做企业家还是商人？决定创业能走多远
https://mp.weixin.qq.com/s?__biz=MzIzMTAzNzUxMQ==&mid=2652873842&idx=1&sn=5189f297778a98dd5497effe919addd1&scene=0&key=f5c31ae61525f82ed99006912ff554c012372c709a359757ff5aba85a78a0728eb7b110f4afdeef2cdbb7aa50499aea4&ascene=0&uin=MTQ1MzYxOTU2Mg%3D%3D&

[运维安全] “全天候全方位感知网络安全态势”解读
https://mp.weixin.qq.com/s?__biz=MzA4MTY1MzE1NA==&mid=2247483810&idx=1&sn=69dc202e8de15efac4305a460492f5bc

[其它] 简读爱因斯坦计划－美国的网络空间态势感知
http://mp.weixin.qq.com/s?__biz=MzI3NDI3OTE2Ng==&mid=2247483659&idx=1&sn=14fc36d87915cfd1cd40b89139d32467

[运维安全] Ecuador Bank Hacked:$12 Million Stolen in 3rd Attack on SWIFT System
http://thehackernews.com/2016/05/swift-banking-hack.html

安全技术

[论文] List of Accepted Papers | USENIX 2016
https://www.usenix.org/conference/usenixsecurity16/list-accepted-papers

[运维安全] 国外25个泄露数据库
http://zone.wooyun.org/content/27374

[书籍] 小书屋
http://www.xiaoshuwu.net/

[无线安全] CROZONO Framework v1.0 – Hacking with Drones & Robots
http://www.crozono.com/

[视频] 一次社工失败后的曙光
http://v.youku.com/v_show/id_XMTU3NTM5NjQ3Ng==.html?sharefrom=iphone

[漏洞分析] ProtoFuzz: A Protobuf Fuzzer
http://blog.trailofbits.com/2016/05/18/protofuzz-a-protobuf-fuzzer/

[漏洞分析] docker_api_vul: docker 未授权访问漏洞利用脚本
https://github.com/Tycx2ry/docker_api_vul

[杂志] 书安-第八期
http://down.jdsec.com/secbook-8/%E4%B9%A6%E5%AE%89-%E7%AC%AC%E5%85%AB%E6%9C%9F.pdf

[Web安全] 利用环境变量LD_PRELOAD来绕过php disable_function执行系统命令
http://drops.wooyun.org/tips/16054

[运维安全] 使用Ngrok实现内网穿透
http://cjting.me/misc/2016-05-21-%E4%BD%BF%E7%94%A8Ngrok%E5%AE%9E%E7%8E%B0%E5%86%85%E7%BD%91%E7%A9%BF%E9%80%8F.html

[漏洞分析] Local root exploits search
https://www.kernel-exploits.com/

[运维安全] 铁面“网警”——知乎反作弊系统悟空演变之路
https://mp.weixin.qq.com/s?__biz=MjM5MDE0Mjc4MA==&mid=2650992609&idx=1&sn=0ab0ac8f0ad37f98ddb2cbdb182f8fba&scene=1

[比赛] CTF中比较好玩的stego
http://drops.wooyun.org/tips/16041

[Web安全] payloads:A collection of web attack payloads
https://github.com/foospidy/payloads

[无线安全] 利用电视棒追踪民航飞机
http://s1nh.com/post/Track_Civil_Aircraft/

[编程技术] Web爬虫：多线程、异步与动态代理初步
http://www.freebuf.com/articles/web/104732.html

[比赛] 2016 SCTF-writeup
http://pan.baidu.com/s/1nvmywNf

[Web安全] [笔记]渗透师的Powershell入门
https://www.blackh4t.org/archives/1870.html

[编程技术] 写给即将离开校园成为一名程序员的几句忠告
https://www.zhuyingda.com/blog/article.html?id=9

[运维安全] Website Hacked Report 2016 - Q1
https://sucuri.net/website-security/website-hacked-report

[Web安全] 针对Phorum开源论坛项目的安全评估报告
http://www.freebuf.com/articles/web/104088.html

[漏洞分析] 新姿势之Docker Remote API未授权访问漏洞分析和利用
http://drops.wooyun.org/papers/15892

[运维安全] Linux Backdoor
http://drops.wooyun.org/tips/15702

[Web安全] Python识别验证码
http://0cx.cc/python_captcha_breaker.jspx

[漏洞分析] NSE: Some of my work on Nmap Scripts (NSE)
https://github.com/s4n7h0/NSE

[Web安全] Avoiding XSS Detection
http://brutelogic.com.br/blog/avoiding-xss-detection/

[Web安全] phishing-frenzy: Ruby on Rails Phishing Framework
https://github.com/pentestgeek/phishing-frenzy

[Web安全] How I found a huge data leak of a company during a college lecture
http://sijmen.ruwhof.net/weblog/937-how-i-found-a-huge-data-leak-of-a-company-during-a-college-lecture

[运维安全] 金融反欺诈-走近打码平台
https://mp.weixin.qq.com/s?__biz=MzAxMzgwNTAxMQ==&mid=2650951515&idx=1&sn=4706f6c12e613aa174923d48c97d09c1

[移动安全] APP安全之升级安全
https://mp.weixin.qq.com/s?__biz=MzI5ODE0ODA5MQ==&mid=2652277155&idx=1&sn=139d1a18f4b61d8c3593f0e3563afe1d

[运维安全] 漫谈流量劫持
http://drops.wooyun.org/tips/15826

[恶意分析] Backdoor in Fake Joomla! Core Files
https://blog.sucuri.net/2016/05/unexpected-backdoor-fake-core-files.html

[恶意分析] ATM infector
https://securelist.com/blog/research/74772/atm-infector/

-----微信ID：SecWiki-----
SecWiki，13年来一直专注安全技术资讯分析！
SecWiki：https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第116期)