SecWiki周刊(第122期)
2016/06/27-2016/07/03
安全资讯
[事件]  6月安全大事件第二期
https://zhuanlan.zhihu.com/p/21457176
[恶意分析]  Large CCTV Botnet Leveraged in DDoS Attacks
https://blog.sucuri.net/2016/06/large-cctv-botnet-leveraged-ddos-attacks.html
[事件]  GitHub公布2015年透明度报告
https://github.com/blog/2202-github-s-2015-transparency-report
[事件]  Global Terrorism Database Leaked! Reveals 2.2 Million Suspected Terrorists
http://thehackernews.com/2016/06/world-check-terrorism-database.html
安全技术
[恶意分析]  人面狮行动——中东地区的定向攻击活动
http://drops.wooyun.org/news/17387
[运维安全]  浅析HTTPS中间人攻击与证书校验
http://drops.wooyun.org/tips/17078
[编程技术]  ChatBotCourse: 自己动手做聊天机器人教程
https://github.com/warmheartli/ChatBotCourse
[Web安全]  Uber渗透案例:我们是如何发现你是谁,你在哪,你要打车去哪!
http://drops.wooyun.org/tips/17228
[移动安全]  如何获取安卓iOS上的微信聊天记录、通过Metasploit控制安卓
http://www.freebuf.com/articles/terminal/107801.html
[Web安全]  ActiveScan3Plus: Modified version of ActiveScan++ Burp Suite extension
https://github.com/silentsignal/ActiveScan3Plus
[恶意分析]  H-WORM:简单而活跃的远控木马
http://drops.wooyun.org/papers/17374
[文档]  华盟网6.25线下沙龙PPT及视频分享#解压密码twm2
http://pan.baidu.com/share/link?shareid=2236356038&uk=1985516394
[移动安全]  梆梆脱壳方法
http://drops.wooyun.org/mobile/17101
[Web安全]  新型XSS总结两则
http://drops.wooyun.org/web/17312
[Web安全]  渗透技巧——Use AutoIt script to create a keylogger
http://drops.wooyun.org/tips/17211
[数据挖掘]  All the open source code in GitHub now shared within BigQuery
https://medium.com/@hoffa/github-on-bigquery-analyze-all-the-code-b3576fd2b150#.uqcw8rpgc
[Web安全]  Windows 10 UAC bypass with custom Meterpreter payloads
https://astr0baby.wordpress.com/2016/06/26/windows-10-uac-bypass-with-custom-meterpreter-payloads/
[运维安全]  Cloakify Toolset - Data Exfiltration In Plain Sight
https://github.com/trycatchhcf/cloakify
[运维安全]  Detecting DNS Data Exfiltration
http://blog.talosintel.com/2016/06/detecting-dns-data-exfiltration.html
[Web安全]  pyfiscan: Free web-application vulnerability and version scanner
https://github.com/fgeek/pyfiscan
[设备安全]  Exploring and exploiting Lenovo firmware secrets
http://blog.cr4.sh/2016/06/exploring-and-exploiting-lenovo.html
[Web安全]  wafbypasser:WAF Bypasser module
https://github.com/owtf/wafbypasser
[运维安全]  Papers on Blockchain and Bitcoin: Student notes
http://securityandrisk.blogspot.com/2016/07/papers-on-blockchain-and-bitcoin.html
[运维安全]  Monitoring pfsense with Logstash / Elasticsearch / Kibana
http://www.ragingcomputer.com/2014/02/monitoring-pfsense-with-logstash-elasticsearch-kibana
[Web安全]  PHP文件包含到远程代码执行
http://ecma.io/?p=364
[漏洞分析]  Published Router vulnerabilities and associated information.
https://github.com/darkarnium/secpub
[Web安全]  Bypassing web application firewalls using HTTP headers
http://www.securityaegis.com/bypassing-web-application-firewalls-using-http-headers/
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第122期)