SecWiki周刊(第135期)
2016/09/26-2016/10/02
安全资讯
[新闻]  世界各大黑客技术论坛TOP排行榜
https://zhuanlan.zhihu.com/p/21583643
[新闻]  Exploiting the Firewall Beachhead: A History of Backdoors Into Critical Infrastr
http://www.circleid.com/posts/20160928_exploiting_firewall_beachhead_history_of_backdoors_infrastructure/
[新闻]  亚美尼亚黑客泄露阿塞拜疆银行及军事数据
https://www.easyaq.com/newsdetail/id/458579701.shtml
[爆库]  美国路易斯安那州290万选民个人信息遭泄露
https://www.easyaq.com/newsdetail/id/1827923592.shtml
[新闻]  Multiple Backdoors found in D-Link DWR-932 B LTE Router
http://thehackernews.com/2016/09/hacking-d-link-wireless-router.html
[其它]  黑客小说:杀手(第一章 网络杀手)
http://www.jianshu.com/p/7dfd2e344304
安全技术
[漏洞分析]  MSSQL通过Agent Jobs实现命令执行(中文)
http://www.mottoin.com/89870.html
[漏洞分析]  ShadowSocks协议的弱点分析和改进
https://github.com/breakwa11/shadowsocks-rss/issues/38
[Web安全]  BinProxy介绍
http://www.mottoin.com/89877.html
[Web安全]  【代码审计初探】Beescms v4.0_R SQL注入
https://www.ohlinge.cn/php/beescms_sqli.html
[取证分析]  MailSniper: A Tool For Searching Every User’s Email for Sensitive Data
http://www.blackhillsinfosec.com/?p=5296
[漏洞分析]  智能模糊测试工具Winafl的使用与分析
http://blog.jowto.com/?p=150
[运维安全]  wyproxy: HTTP/HTTPS, Socks5代理服务器, 保存到后台数据库
https://github.com/ring04h/wyproxy
[Web安全]  Cobalt Strike 3.5发行增强linux后渗透功能(附Cracked)
http://www.mottoin.com/89862.html
[Web安全]  无需密码攻击 SQL Server 的几种思路
http://www.mottoin.com/89825.html
[Web安全]  CSRF protection bypass on any Django powered site via Google Analytics
https://hackerone.com/reports/26647
[数据挖掘]  tinyflow:build your own Deep Learning System in 2k Lines
https://github.com/tqchen/tinyflow
[恶意分析]  使用NETSHELL执行恶意DLLs实现主机持久化控制
http://www.mottoin.com/89905.html
[恶意分析]  从恶意文档中发现的虚拟机检测绕过技巧
http://www.mottoin.com/89888.html
[漏洞分析]  MozillaSecurity/fuzzdata: Fuzzing resources for feeding various fuzzers with inp
https://github.com/MozillaSecurity/fuzzdata
[恶意分析]  Project APT: How to Build an ICS Network and Have fun at the Same Time
http://blog.talosintel.com/2016/09/apt-kegerator.html#more
[Web安全]  乌云知识库在线搜索平台
http://cb.drops.wiki/
[取证分析]  Real-Time Crime Forecasting Challenge
http://www.nij.gov/funding/Pages/fy16-crime-forecasting-challenge.aspx
[漏洞分析]  实践: Reverse Engineering challenges
https://challenges.re/
[数据挖掘]  simhash算法原理及实现
http://yanyiwu.com/work/2014/01/30/simhash-shi-xian-xiang-jie.html
[运维安全]  DDoS攻击现状与防御机制浅析
http://bobao.360.cn/news/detail/3592.html
[Web安全]  dawnscanner: static analysis security scanner for ruby applications
https://github.com/thesp0nge/dawnscanner
[Web安全]  价值1500美刀的PornHub存储型跨站
http://www.mottoin.com/89795.html
[其它]  安全产品和厂家调研
http://www.youxia.org/china-security-vender-list.html
[恶意分析]  Luckystrike: An Evil Office Document Generator
http://www.shellntel.com/blog/2016/9/13/luckystrike-a-database-backed-evil-macro-generator
[漏洞分析]  书: Reverse Engineering for Beginners
https://beginners.re/RE4B-EN.pdf
-----微信ID:SecWiki-----
SecWiki,10年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第135期)