SecWiki周刊(第134期)
2016/09/19-2016/09/25
安全资讯
网安创企获投列表[所有安全公司投资记录]
https://share.weiyun.com/e1be74f1616fb831e56c2950fab797ff
https://share.weiyun.com/e1be74f1616fb831e56c2950fab797ff
维基解密再次爆出猛料,民主党卖官,媒体操控选民数据
http://mp.weixin.qq.com/s?__biz=MjM5OTA3NjQ4MQ==&mid=2650097166&idx=1&sn=b5ead732ba615a7fc86475e0b74fd540
http://mp.weixin.qq.com/s?__biz=MjM5OTA3NjQ4MQ==&mid=2650097166&idx=1&sn=b5ead732ba615a7fc86475e0b74fd540
沈昌祥:培养急需的网络安全人才要特事特办
http://www.china.com.cn/txt/2016-09/21/content_39345477.htm
http://www.china.com.cn/txt/2016-09/21/content_39345477.htm
DARPA如何定义网络作战空间
http://www.freebuf.com/articles/others-articles/114692.html
http://www.freebuf.com/articles/others-articles/114692.html
第三届国家网络安全宣传周开幕 19名网络安全先进典型受表彰
http://www.cidf.net/2016-09/19/c_1119585933.htm
http://www.cidf.net/2016-09/19/c_1119585933.htm
660万明文密码泄露,知名广告公司Clixsence被黑客端了个底朝天
http://www.freebuf.com/news/114670.html
http://www.freebuf.com/news/114670.html
雅虎承认发生大规模数据泄露 2亿账户信息被盗
http://c.m.163.com/news/a/C1JDTV94002580S6.html?spss=newsapp&spsw=1
http://c.m.163.com/news/a/C1JDTV94002580S6.html?spss=newsapp&spsw=1
2016·SSC安全峰会顺利举办【现场干货抢先看】
http://mp.weixin.qq.com/s?__biz=MjM5MTI2NDQzNg==&mid=2654523543&idx=1&sn=917e81c6056957811a9a08d54d47f226&chksm=bd744b4c8a03c25af6038b65e21753dd1c06fa69801bd7bdd063e64fff92d62f5dc75b9d4528&scene=0#rd
http://mp.weixin.qq.com/s?__biz=MjM5MTI2NDQzNg==&mid=2654523543&idx=1&sn=917e81c6056957811a9a08d54d47f226&chksm=bd744b4c8a03c25af6038b65e21753dd1c06fa69801bd7bdd063e64fff92d62f5dc75b9d4528&scene=0#rd
SWIFT Confirms Banks Still Being Targeted, Announces Mitigation Tool
https://threatpost.com/swift-confirms-banks-still-being-targeted-announces-mitigation-tool/120776/
https://threatpost.com/swift-confirms-banks-still-being-targeted-announces-mitigation-tool/120776/
安全技术
Windows域横向渗透
http://www.mottoin.com/89413.html
http://www.mottoin.com/89413.html
Detecting analysts before installing the malware
https://www.brokenbrowser.com/detecting-apps-mimetype-malware/
https://www.brokenbrowser.com/detecting-apps-mimetype-malware/
Android平台渗透测试套件--zANTI2.5
http://blog.csdn.net/qq_29277155/article/details/52589166
http://blog.csdn.net/qq_29277155/article/details/52589166
Unlocking my Lenovo laptop, part 3
http://www.zmatt.net/unlocking-my-lenovo-laptop-part-3/
http://www.zmatt.net/unlocking-my-lenovo-laptop-part-3/
VoIP Checklist for Penetration Testers
https://pentestlab.wordpress.com/2016/09/18/voip-checklist-for-penetration-testers/
https://pentestlab.wordpress.com/2016/09/18/voip-checklist-for-penetration-testers/
zxcvbn: 注册时密码强度检测库「支持各种语言」
https://github.com/dropbox/zxcvbn
https://github.com/dropbox/zxcvbn
Burpsuite实战指南
https://t0data.gitbooks.io/burpsuite/content/
https://t0data.gitbooks.io/burpsuite/content/
ProxyDroid:Android全局代理应用
http://www.mottoin.com/89774.html
http://www.mottoin.com/89774.html
Powershell Empire + CVE-2016-0189 = Profit
https://www.cgsec.co.uk/powershell-empire-cve-2016-0189-profit/
https://www.cgsec.co.uk/powershell-empire-cve-2016-0189-profit/
腾讯科恩实验室最新研究成果:对特斯拉的无物理接触远程攻击
http://keenlab.tencent.com/zh/2016/09/19/Keen-Security-Lab-of-Tencent-Car-Hacking-Research-Remote-Attack-to-Tesla-Cars/?from=timeline&isappinstalled=0
http://keenlab.tencent.com/zh/2016/09/19/Keen-Security-Lab-of-Tencent-Car-Hacking-Research-Remote-Attack-to-Tesla-Cars/?from=timeline&isappinstalled=0
laureline-firmware: Firmware for the Laureline GPS NTP Server
https://github.com/mtharp/laureline-firmware
https://github.com/mtharp/laureline-firmware
CSAW Quals 2016 Pwn 500 - Mom's Spaghetti
http://ctfhacker.com/pwn/2016/09/19/csaw-moms-spaghetti.html
http://ctfhacker.com/pwn/2016/09/19/csaw-moms-spaghetti.html
uRAT: Opensource modular Remote Administration Tool
https://github.com/UbbeLoL/uRAT
https://github.com/UbbeLoL/uRAT
思科的认知安全Cognitive Threat Analytics
https://wx.xiaomiquan.com/mobile/topic.php?topic=0394e12149fd7b5a0acecf5d6ab60718&secret=wqjmv4wii1gj5do27s40ivv1m92r1dax
https://wx.xiaomiquan.com/mobile/topic.php?topic=0394e12149fd7b5a0acecf5d6ab60718&secret=wqjmv4wii1gj5do27s40ivv1m92r1dax
Windows提权基础
http://www.mottoin.com/89355.html
http://www.mottoin.com/89355.html
漏洞组合拳 – 攻击分布式节点
http://rickgray.me/2016/09/22/attacking-distributed-nodes-by-message-queue-injection.html
http://rickgray.me/2016/09/22/attacking-distributed-nodes-by-message-queue-injection.html
工业互联网联盟发布工业物联网安全框架
http://www.aqniu.com/industry/19811.html
http://www.aqniu.com/industry/19811.html
Cyber Grand Challenge及DEFCON 24 CTF決賽介紹
http://maskray.me/blog/2016-09-24-cgc-defcon-ctf-presentation
http://maskray.me/blog/2016-09-24-cgc-defcon-ctf-presentation
Introducing Ponce: One-click symbolic execution
http://research.trust.salesforce.com/Introducing-Ponce-One-click-symbolic-execution/
http://research.trust.salesforce.com/Introducing-Ponce-One-click-symbolic-execution/
解惑|威胁情报指南
http://www.aqniu.com/learn/19675.html
http://www.aqniu.com/learn/19675.html
记一下PythonWeb代码审计应该注意的地方
http://blog.neargle.com/2016/07/25/log-of-simple-code-review-about-python-base-webapp/
http://blog.neargle.com/2016/07/25/log-of-simple-code-review-about-python-base-webapp/
通过non-interactive shell转发请求到内网
http://www.mottoin.com/89743.html
http://www.mottoin.com/89743.html
libpywebhack: Web hacking asstistance toolkit
https://github.com/beched/libpywebhack
https://github.com/beched/libpywebhack
解读《McAfee Labs季度威胁报告》
http://www.mottoin.com/89512.html
http://www.mottoin.com/89512.html
Babadook:无连接的powershell持续性反弹后门
http://www.mottoin.com/89554.html
http://www.mottoin.com/89554.html
哪些 Python 库让你相见恨晚?
https://www.zhihu.com/question/24590883#answer-44650916
https://www.zhihu.com/question/24590883#answer-44650916
如何用Cross-Site Scripting和MITM绕过NoScript安全套件
http://www.mottoin.com/89396.html
http://www.mottoin.com/89396.html
Flask源码学习之意外在Debugger上发现通用XSS
http://blog.neargle.com/2016/09/21/flask-src-review-get-a-xss-from-debuger/
http://blog.neargle.com/2016/09/21/flask-src-review-get-a-xss-from-debuger/
Rails动态模板路径的风险
http://www.mottoin.com/89466.html
http://www.mottoin.com/89466.html
APP漏洞自动化扫描专业评测报告(下篇)
http://www.freebuf.com/articles/terminal/114453.html
http://www.freebuf.com/articles/terminal/114453.html
Veil-Evasion:基于Python的免杀Payload生成工具
http://www.mottoin.com/89616.html
http://www.mottoin.com/89616.html
TensorFlow深度学习,一篇文章就够了
http://www.52cs.org/?p=1157
http://www.52cs.org/?p=1157
价值1w6美刀的Facebooe页面接管漏洞
http://www.mottoin.com/89391.html
http://www.mottoin.com/89391.html
全球近80万FTP服务器账号可被未授权访问
http://www.freebuf.com/articles/system/114884.html
http://www.freebuf.com/articles/system/114884.html
redis利用姿势收集
http://www.webshell.cc/5154.html
http://www.webshell.cc/5154.html
通过PowerShell访问Windows Api
http://www.mottoin.com/89568.html
http://www.mottoin.com/89568.html
smod: MODBUS Penetration Testing Framework
https://github.com/enddo/smod
https://github.com/enddo/smod
Safari's URL redirection XSS
http://www.mbsd.jp/blog/20160921_2.html
http://www.mbsd.jp/blog/20160921_2.html
PowerUpSQL:攻击SQL SERVER的Powershell脚本框架
http://www.mottoin.com/89457.html
http://www.mottoin.com/89457.html
Abusing WebVTT and CORS for fun and profit
http://blog.k3170makan.com/2016/09/abusing-webvtt-and-cors-for-fun-and.html
http://blog.k3170makan.com/2016/09/abusing-webvtt-and-cors-for-fun-and.html
TheFatRat: generate backdoor for Remote Access
https://github.com/Screetsec/TheFatRat
https://github.com/Screetsec/TheFatRat
MSSQL Agent Jobs for Command Execution
https://www.optiv.com/blog/mssql-agent-jobs-for-command-execution
https://www.optiv.com/blog/mssql-agent-jobs-for-command-execution
-----微信ID:SecWiki-----
SecWiki,13年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第134期)
