SecWiki周刊(第126期)
2016/07/25-2016/07/31
安全资讯
[Web安全]  DNC 黑客的渗透比以前认为的更深入
http://www.solidot.org/story?sid=49081
[其它]  安全的进化论: 曲线最美
http://weibo.com/ttarticle/p/show?id=2309404001446210230353
[事件]  “XKeyscore”全球隐私通讯监控计划-美国国家安全局手中的Google
http://m.bobao.360.cn/news/detail/3375.html
安全技术
[新闻]  wooyun drops乌云知识库全部文章打包离线下载
https://www.hackfun.org/learnrecords/wooyun-drops-all-articles-package-download.html
[其它]  CTF中图片隐藏文件分离方法总结
https://www.hackfun.org/CTF/summary-of-image-hiding-files-in-CTF.html
[Web安全]  干货-信息安全甲方乙方理解和职业群岗位脑图
https://www.hackfun.org/learnrecords/information-security-occupational-group-mind-map.html
[取证分析]  Wireshark入门与进阶系列四之过滤语法
http://blog.csdn.net/qq_29277155/article/details/52071376
[Web安全]  浅谈安全性攻击人为攻击的主要形式和防御
https://www.hackfun.org/pentest/on-the-main-forms-and-defense-of-the-security-attack.html
[Web安全]  latest Burpsuite Pro v1.7.03 introduced and cracked version download
https://github.com/4ido10n/latest-Burpsuite-Pro-v1.7.03-cracked-version
[其它]  乌云公开漏洞、知识库爬虫和搜索 虚拟机
https://github.com/hanc00l/wooyun_public
[移动安全]  Reversing Internet of Things from Mobile applications
http://area41.io/downloads/slides/area41_16_apvrille_mobileiot.pdf
[Web安全]  IBM Rational AppScan 9.0.3 (含下载)
http://www.freebuf.com/sectool/110090.html
[文档]  乌云drops珍藏版PDF格式
http://ecma.io/?page_id=417
[视频]  网络战争 Cyberwar 纪录片
http://www.bilibili.com/video/av5218921/index_1.html
[无线安全]  Ubuntu 16.04快速创建钓鱼wifi(RTL8188EUS网卡带http流量记录)
http://www.92ez.com/?action=show&id=23389
[Web安全]  phpwind利用hash长度扩展攻击修改后台密码getshell
http://blog.nsfocus.net/phpwind-hash-length-attack-hashpump-getshell/
[文档]  【67份PDF下载】2016阿里安全峰会重点资料
https://yq.aliyun.com/articles/58395
[文档]  台灣駭客年會 HITCON CMT 2016 slide
http://hitcon.org/2016/CMT/#hitcon_agenda
[文档]  2016阿里安全峰会-威胁情报专场 PDF 下载
https://yq.aliyun.com/articles/57700
[编程技术]  移动客户端编程实战
http://xudafeng.github.io/slide/archives/native-in-practice/#/
[Web安全]  从入门到精通: SSRF(1)
http://www.mauu.me/?p=227
[Web安全]  LNScan: A WebScanner to scan local network
https://github.com/sowish/LNScan
[漏洞分析]  Pintool2: improved version of the pintool.py
https://www.aldeid.com/wiki/Pintool2
[运维安全]  用caddy替换nginx实现全站自动https
https://xsec.io/2016/7/27/caddy-intro.html
[无线安全]  KeySniffer: Hackers can snag wireless keyboard keystrokes from 250 feet away
https://uwnthesis.wordpress.com/2016/07/28/keysniffer-hackers-can-snag-wireless-keyboard-keystrokes-from-250-feet-away/
[Web安全]  Breaking PHP's Garbage Collection and Unserialize
https://www.evonide.com/breaking-phps-garbage-collection-and-unserialize/
[文档]  2016JSRC乌托邦沙龙广州站议题文档# 密码 trva
http://pan.baidu.com/share/link?shareid=3448803629&uk=4060232048
[设备安全]  awesome-vehicle-security: learning about vehicle security and car hacking
https://github.com/jaredmichaelsmith/awesome-vehicle-security
[Web安全]  Bypassing paths in CSP with open redirects + mitigation
https://chloe.re/2016/07/25/bypassing-paths-with-open-redirects-in-csp/
[文档]  "软件与移动智能系统安全"2016暑期学校 Slide
https://loccs.sjtu.edu.cn/summerschool/schedule/
[取证分析]  WhatsApp Forensic Artifacts: Chats Aren’t Being Deleted
http://www.zdziarski.com/blog/?p=6143
[编程技术]  A practical security guide for web developers
https://github.com/FallibleInc/security-guide-for-developers
[漏洞分析]  DARPA Cyber Grand Challenge Sample Challenges
https://github.com/CyberGrandChallenge/samples
[Web安全]  How I made LastPass give me all your passwords
https://labs.detectify.com/2016/07/27/how-i-made-lastpass-give-me-all-your-passwords/
[漏洞分析]  Captain Hook: Pirating AVs to Bypass Exploit Mitigations
http://breakingmalware.com/vulnerabilities/captain-hook-pirating-avs-bypass-exploit-mitigations/
[Web安全]  How we broke PHP, hacked Pornhub and earned $20,000
https://www.evonide.com/how-we-broke-php-hacked-pornhub-and-earned-20000-dollar/
[运维安全]  Intelligence Collection Priorities · @sroberts
https://sroberts.github.io/2016/07/26/intelligence-collection-priorities/
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第126期)