SecWiki周刊(第126期)
2016/07/25-2016/07/31
安全资讯
DNC 黑客的渗透比以前认为的更深入
http://www.solidot.org/story?sid=49081
http://www.solidot.org/story?sid=49081
美国总统奥巴马建立网络攻击指挥响应链
http://mp.weixin.qq.com/s?__biz=MzI4MjA1MzkyNA==&mid=2655293858&idx=1&sn=7cdfaf400fa618da712021d1d92b767d&scene=23&srcid=07275aFt2Mzm9YUrvPTI9cBp#rd
http://mp.weixin.qq.com/s?__biz=MzI4MjA1MzkyNA==&mid=2655293858&idx=1&sn=7cdfaf400fa618da712021d1d92b767d&scene=23&srcid=07275aFt2Mzm9YUrvPTI9cBp#rd
维基解密公布2万封绝密邮件揭秘美国大选惊人黑幕
http://mp.weixin.qq.com/s?__biz=MzA5NzIwMjQzMA==&mid=2649768691&idx=1&sn=4d27ba693871edda29613ca3b1a0e7dc&scene=23&srcid=0725bwVlr6Ga7Jo5kl7WkjYE#rd
http://mp.weixin.qq.com/s?__biz=MzA5NzIwMjQzMA==&mid=2649768691&idx=1&sn=4d27ba693871edda29613ca3b1a0e7dc&scene=23&srcid=0725bwVlr6Ga7Jo5kl7WkjYE#rd
“XKeyscore”全球隐私通讯监控计划-美国国家安全局手中的Google
http://m.bobao.360.cn/news/detail/3375.html
http://m.bobao.360.cn/news/detail/3375.html
安全技术
wooyun drops乌云知识库全部文章打包离线下载
https://www.hackfun.org/learnrecords/wooyun-drops-all-articles-package-download.html
https://www.hackfun.org/learnrecords/wooyun-drops-all-articles-package-download.html
Wireshark入门与进阶系列四之过滤语法
http://blog.csdn.net/qq_29277155/article/details/52071376
http://blog.csdn.net/qq_29277155/article/details/52071376
2016 JSRC乌托邦广州站沙龙议题PPT
https://www.hackfun.org/real-stuff-share/2016-JSRC-Utopia-salon-topic-PPT-Guangzhou-Station.html
https://www.hackfun.org/real-stuff-share/2016-JSRC-Utopia-salon-topic-PPT-Guangzhou-Station.html
干货-信息安全甲方乙方理解和职业群岗位脑图
https://www.hackfun.org/learnrecords/information-security-occupational-group-mind-map.html
https://www.hackfun.org/learnrecords/information-security-occupational-group-mind-map.html
史上最强适合安全爱好者的截图神器Snipaste
https://www.hackfun.org/sectools/history-of-the-most-powerful-for-security-enthusiasts-screenshot-artifact-Snipaste.html
https://www.hackfun.org/sectools/history-of-the-most-powerful-for-security-enthusiasts-screenshot-artifact-Snipaste.html
浅谈安全性攻击人为攻击的主要形式和防御
https://www.hackfun.org/pentest/on-the-main-forms-and-defense-of-the-security-attack.html
https://www.hackfun.org/pentest/on-the-main-forms-and-defense-of-the-security-attack.html
设备指纹识别系统的实现-简介篇
https://mp.weixin.qq.com/s?__biz=MzAxMzgwNTAxMQ==&mid=2650951544&idx=1&sn=380a95c2d93a42cc18d2ff44b2144e79&scene=0
https://mp.weixin.qq.com/s?__biz=MzAxMzgwNTAxMQ==&mid=2650951544&idx=1&sn=380a95c2d93a42cc18d2ff44b2144e79&scene=0
Reversing Internet of Things from Mobile applications
http://area41.io/downloads/slides/area41_16_apvrille_mobileiot.pdf
http://area41.io/downloads/slides/area41_16_apvrille_mobileiot.pdf
latest Burpsuite Pro v1.7.03 introduced and cracked version download
https://github.com/4ido10n/latest-Burpsuite-Pro-v1.7.03-cracked-version
https://github.com/4ido10n/latest-Burpsuite-Pro-v1.7.03-cracked-version
乌云公开漏洞、知识库爬虫和搜索 虚拟机
https://github.com/hanc00l/wooyun_public
https://github.com/hanc00l/wooyun_public
IBM Rational AppScan 9.0.3 (含下载)
http://www.freebuf.com/sectool/110090.html
http://www.freebuf.com/sectool/110090.html
乌云drops珍藏版PDF格式
http://ecma.io/?page_id=417
http://ecma.io/?page_id=417
网络战争 Cyberwar 纪录片
http://www.bilibili.com/video/av5218921/index_1.html
http://www.bilibili.com/video/av5218921/index_1.html
【公开课】互联网体系架构与SDN:颠覆还是微创新?
http://mp.weixin.qq.com/s?__biz=MzA4MDY3MjMyNQ==&mid=2651026178&idx=1&sn=4e93dae33a9931bd7c6f3c04c43399e4&scene=23&srcid=0726FqPK0VAPBv1LBBShHAGW#rd
http://mp.weixin.qq.com/s?__biz=MzA4MDY3MjMyNQ==&mid=2651026178&idx=1&sn=4e93dae33a9931bd7c6f3c04c43399e4&scene=23&srcid=0726FqPK0VAPBv1LBBShHAGW#rd
Ubuntu 16.04快速创建钓鱼wifi(RTL8188EUS网卡带http流量记录)
http://www.92ez.com/?action=show&id=23389
http://www.92ez.com/?action=show&id=23389
phpwind利用hash长度扩展攻击修改后台密码getshell
http://blog.nsfocus.net/phpwind-hash-length-attack-hashpump-getshell/
http://blog.nsfocus.net/phpwind-hash-length-attack-hashpump-getshell/
【67份PDF下载】2016阿里安全峰会重点资料
https://yq.aliyun.com/articles/58395
https://yq.aliyun.com/articles/58395
台灣駭客年會 HITCON CMT 2016 slide
http://hitcon.org/2016/CMT/#hitcon_agenda
http://hitcon.org/2016/CMT/#hitcon_agenda
2016阿里安全峰会-威胁情报专场 PDF 下载
https://yq.aliyun.com/articles/57700
https://yq.aliyun.com/articles/57700
再探Docker-日志收集
http://phantom0301.github.io/2016/07/20/%E5%86%8D%E6%8E%A2Docker-%E6%97%A5%E5%BF%97%E6%94%B6%E9%9B%86/
http://phantom0301.github.io/2016/07/20/%E5%86%8D%E6%8E%A2Docker-%E6%97%A5%E5%BF%97%E6%94%B6%E9%9B%86/
从入门到精通: SSRF(1)
http://www.mauu.me/?p=227
http://www.mauu.me/?p=227
Pintool2: improved version of the pintool.py
https://www.aldeid.com/wiki/Pintool2
https://www.aldeid.com/wiki/Pintool2
LNScan: A WebScanner to scan local network
https://github.com/sowish/LNScan
https://github.com/sowish/LNScan
用caddy替换nginx实现全站自动https
https://xsec.io/2016/7/27/caddy-intro.html
https://xsec.io/2016/7/27/caddy-intro.html
KeySniffer: Hackers can snag wireless keyboard keystrokes from 250 feet away
https://uwnthesis.wordpress.com/2016/07/28/keysniffer-hackers-can-snag-wireless-keyboard-keystrokes-from-250-feet-away/
https://uwnthesis.wordpress.com/2016/07/28/keysniffer-hackers-can-snag-wireless-keyboard-keystrokes-from-250-feet-away/
Breaking PHP's Garbage Collection and Unserialize
https://www.evonide.com/breaking-phps-garbage-collection-and-unserialize/
https://www.evonide.com/breaking-phps-garbage-collection-and-unserialize/
2016JSRC乌托邦沙龙广州站议题文档# 密码 trva
http://pan.baidu.com/share/link?shareid=3448803629&uk=4060232048
http://pan.baidu.com/share/link?shareid=3448803629&uk=4060232048
awesome-vehicle-security: learning about vehicle security and car hacking
https://github.com/jaredmichaelsmith/awesome-vehicle-security
https://github.com/jaredmichaelsmith/awesome-vehicle-security
Decoding a garage door opener with an RTL-SDR
https://medium.com/@eoindcoolest/decoding-a-garage-door-opener-with-an-rtl-sdr-5a47292e2bda#.sjyui49d4
https://medium.com/@eoindcoolest/decoding-a-garage-door-opener-with-an-rtl-sdr-5a47292e2bda#.sjyui49d4
Bypassing paths in CSP with open redirects + mitigation
https://chloe.re/2016/07/25/bypassing-paths-with-open-redirects-in-csp/
https://chloe.re/2016/07/25/bypassing-paths-with-open-redirects-in-csp/
A practical security guide for web developers
https://github.com/FallibleInc/security-guide-for-developers
https://github.com/FallibleInc/security-guide-for-developers
WhatsApp Forensic Artifacts: Chats Aren’t Being Deleted
http://www.zdziarski.com/blog/?p=6143
http://www.zdziarski.com/blog/?p=6143
"软件与移动智能系统安全"2016暑期学校 Slide
https://loccs.sjtu.edu.cn/summerschool/schedule/
https://loccs.sjtu.edu.cn/summerschool/schedule/
DARPA Cyber Grand Challenge Sample Challenges
https://github.com/CyberGrandChallenge/samples
https://github.com/CyberGrandChallenge/samples
How I made LastPass give me all your passwords
https://labs.detectify.com/2016/07/27/how-i-made-lastpass-give-me-all-your-passwords/
https://labs.detectify.com/2016/07/27/how-i-made-lastpass-give-me-all-your-passwords/
Captain Hook: Pirating AVs to Bypass Exploit Mitigations
http://breakingmalware.com/vulnerabilities/captain-hook-pirating-avs-bypass-exploit-mitigations/
http://breakingmalware.com/vulnerabilities/captain-hook-pirating-avs-bypass-exploit-mitigations/
How we broke PHP, hacked Pornhub and earned $20,000
https://www.evonide.com/how-we-broke-php-hacked-pornhub-and-earned-20000-dollar/
https://www.evonide.com/how-we-broke-php-hacked-pornhub-and-earned-20000-dollar/
Intelligence Collection Priorities · @sroberts
https://sroberts.github.io/2016/07/26/intelligence-collection-priorities/
https://sroberts.github.io/2016/07/26/intelligence-collection-priorities/
-----微信ID:SecWiki-----
SecWiki,13年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第126期)
