SecWiki周刊(第124期)
2016/07/11-2016/07/17
安全资讯
[书籍]  新书推荐 - 《漏洞战争》- 泉哥新书
http://item.jd.com/10452457414.html
[事件]  NSA Labels Privacy-Centric Internet Users As Extremists – The Merkle
http://themerkle.com/nsa-labels-privacy-centric-internet-users-as-extremists/
[会议]  漏洞披露模式的法理与价值:记乌云白帽大会圆桌论坛
http://www.aqniu.com/news-views/17655.html
[设备安全]  Serious Vulnerability Affects Over 120 D-Link Products
http://www.securityweek.com/serious-vulnerability-affects-over-120-d-link-products
安全技术
[编程技术]  sqlmap 的源码学习笔记一之目录结构
http://blog.csdn.net/qq_29277155/article/details/51646932
[Web安全]  Some-PoC-oR-ExP: 各种漏洞poc、Exp的收集或编写
https://github.com/coffeehb/Some-PoC-oR-ExP
[视频]  2016乌云白帽大会视频-0709#密码1olm
http://pan.baidu.com/s/1slGL0df
[无线安全]  使用GnuRadio + OpenLTE + SDR 搭建4G LTE 基站(上)
http://www.freebuf.com/articles/wireless/108417.html
[漏洞分析]  A fork of AFL for fuzzing Windows binaries
https://github.com/ivanfratric/winafl
[无线安全]  srsLTE: Open source 3GPP LTE library
https://github.com/srsLTE/srsLTE
[运维安全]  nginx的proxy_pass使用https(SSL加密)
http://xiaoxia.org/2016/07/15/nginx-proxy-pass-https/
[运维安全]  小话企业安全能力建设
http://danqingdani.blog.163.com/blog/static/186094195201661125812630
[漏洞分析]  Exploiting Windows DRIVERS: Double-fetch Race Condition Vulnerability
http://resources.infosecinstitute.com/exploiting-windows-drivers-double-fetch-race-condition-vulnerability/
[恶意分析]  PoshC2 – Powershell C2
http://www.hackwhackandsmack.com/?p=693
[漏洞分析]  Rails Webconsole DNS Rebinding lead to Remote code execution
http://benmmurphy.github.io/blog/2016/07/11/rails-webconsole-dns-rebinding/
[Web安全]  fenghuangscanner_v3:常见服务端口弱口令扫描器
https://github.com/wilson9x1/fenghuangscanner_v3
[漏洞分析]  使用预先算好的字符串hash逆向分析shellcode
http://anhkgg.github.io/anhkgg.github.io/precalculated-string-hashes-reverse-engineering-shellcode/
[运维安全]  Incident Response Forensic Framework: nightHawk Response
https://n0where.net/incident-response-forensic-framework-nighthawk-response/
[Web安全]  MYSQL提权总结
http://www.webshell.cc/4790.html
[工具]  Cisco Talos software
http://www.talosintelligence.com/software/
[Web安全]  掌阅iReader某站Python漏洞挖掘
https://www.leavesongs.com/PENETRATION/zhangyue-python-web-code-execute.html
[数据挖掘]  Google BigQuery: Analyze all the code of Github
https://medium.com/@hoffa/github-on-bigquery-analyze-all-the-code-b3576fd2b150#.oak7ssj5m
[漏洞分析]  A Case Study in Attacking KeePass – Part 1
http://www.harmj0y.net/blog/redteaming/a-case-study-in-attacking-keepass/
[会议]  2016乌云白帽大会企业场讲点儿啥?
http://www.aqniu.com/industry/17542.html
[漏洞分析]  shadow – Firefox Heap Exploitation Tool (jemalloc)
http://www.darknet.org.uk/2016/06/shadow-firefox-heap-exploitation-tool-jemalloc/
[恶意分析]  Gracker level8 write-up
http://paraschetal.in/gracker-level08/
[其它]  Bluto V2.0 comming
https://github.com/darryllane/Bluto
[漏洞分析]   The first open source vulnerability scanner for firmwares
https://github.com/misterch0c/firminator_backend
[运维安全]  honeydrive:Honeypot Linux distribution
https://bruteforce.gr/honeydrive
[数据挖掘]  pystock-data: US stock market data since 2009
https://github.com/eliangcs/pystock-data
[漏洞分析]  KeeThief – A Case Study in Attacking KeePass Part 2
http://www.harmj0y.net/blog/redteaming/keethief-a-case-study-in-attacking-keepass-part-2/
[Web安全]  BruteXSS - Cross-Site Scripting Bruteforcer
https://github.com/shawarkhanethicalhacker/BruteXSS
[设备安全]  物联网IoT产品安全checklist#密码: z78I
http://naotu.baidu.com/file/1687263a7055af3e44fb6ad10acef931
[恶意分析]  X86 Shellcode Obfuscation - Part 1
https://breakdev.org/x86-shellcode-obfuscation-part-1/
[漏洞分析]  Official x64dbg blog
http://x64dbg.com/blog/
[Web安全]  记一次WAF对抗赛详解&全方位绕过WAF
http://www.bugbank.cn/pwn/detail.html?pid=5775df28cbfaa97317a496a4
[编程技术]  My_VBA_Bot - Writ ing Office Macro FUD encoder and other stuff
https://dl.packetstormsecurity.net/papers/general/My_VBA_Bot.pdf
[恶意分析]  PEFix – simple PE file re-aligner
http://www.hexacorn.com/blog/2016/07/09/pefix-simple-pe-file-re-aligner/
[恶意分析]  Gracker level5 write-up
http://paraschetal.in/gracker-level05/
[恶意分析]  Writing your own shellcode.
https://paraschetal.in/writing-your-own-shellcode/
[漏洞分析]  [CVE-2016-4794/6162] Two linux kernel bugs
https://marcograss.github.io/security/linux/2016/07/06/two-linux-kernel-bugs.html
[恶意分析]  Gracker level0 write-up
http://paraschetal.in/gracker-level00/
[取证分析]  Papertrail - Log management cloud service for free
https://papertrailapp.com/
[数据挖掘]  OpenIOC – Sharing Threat Intelligence
http://www.darknet.org.uk/2016/06/openioc-sharing-threat-intelligence/
[取证分析]  FreeBSD encryption. Part 1
http://byinsecure.com/freebsd-crypto-protection/
[文档]  A Framework for the Analysis of Complex Code-Reuse Attacks
http://www.talosintelligence.com/files/publications_and_presentations/papers/ROPMEMU_graziano.pdf
[漏洞分析]  ERTS – Exploit Reliability Testing System
http://www.darknet.org.uk/2016/07/erts-exploit-reliability-testing-system/
[移动安全]  小议安卓定位伪造-实战足不出户畅玩pokemon go
http://drops.wooyun.org/tips/17840
[恶意分析]   Project Keyhole - A python framework to automatically backdoor binaries or sour
http://seclist.us/project-keyhole-is-a-python-framework-to-automatically-backdoor-binaries-or-source-code.html
[数据挖掘]  OWASP ZCR Shellcoder
http://paraschetal.in/owasp-zsc/
[Web安全]  tomcatWarDeployer
https://github.com/mgeeky/tomcatWarDeployer
[编程技术]  InfoSecIITK Summer CTF 2016
http://paraschetal.in/infoseciitk-summerctf16/
[移动安全]  拥有300万安装量的应用是如何恶意推广刷榜的?
http://drops.wooyun.org/mobile/17675
[漏洞分析]  Heap spraying high addresses in 32-bit Chrome/Firefox on 64-bit Windows
http://blog.skylined.nl/20160622001.html
[编程技术]   Introductory Intel x86: Architecture, Assembly, Applications, & Alliteration
http://opensecuritytraining.info/IntroX86.html
[恶意分析]  X86 Shellcode Obfuscation - Part 2
https://breakdev.org/x86-shellcode-obfuscation-part-2/
[恶意分析]  NeutrinoEK来袭:爱拍网遭敲诈者病毒挂马
http://drops.wooyun.org/tips/17740
[恶意分析]  Gracker level2 write-up
http://paraschetal.in/gracker-level02/
[恶意分析]  Gracker level1 write-up
http://paraschetal.in/gracker-level01/
[编程技术]  谈谈我这三年在前端技术上的成长
http://www.barretlee.com/blog/2016/07/11/learning-recent-years/
[取证分析]  FreeBSD encryption. Part 2: The subtleties of daily use. (ru)
http://byinsecure.com/freebsd-crypto-protection-2/
[漏洞分析]   Project to practice the basic at exploit bufferoverflow bugs.
https://github.com/mikaelkall/vuln
[移动安全]  Android WebView 漏洞的利用、局限与终结
http://drops.wooyun.org/papers/17610
[漏洞分析]  Adobe Flash Player prior 11.2.202.621/18.0.0.352/21.0.0.242 buffer overflow
https://vuldb.com/?id.88018
[漏洞分析]   Shellcode mapper
https://github.com/suraj-root/smap/
[漏洞分析]  ppt exploits PPT Powerpoint Presentations and Slides
http://www.pptsearch365.com/ppt-exploits.html
[恶意分析]  Gracker level3 write-up
http://paraschetal.in/gracker-level03/
[恶意分析]  Gracker level7 write-up
http://paraschetal.in/gracker-level07/
[恶意分析]  Gracker level4 write-up
http://paraschetal.in/gracker-level04/
[恶意分析]  Gracker level6 write-up
http://paraschetal.in/gracker-level06/
[恶意分析]  Gracker level9 write-up
http://paraschetal.in/gracker-level09/
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第124期)