SecWiki周刊(第136期)
2016/10/03-2016/10/09
安全资讯
Source Code for IoT botnet responsible for World's largest DDoS Attack released
http://thehackernews.com/2016/10/mirai-source-code-iot-botnet.html
http://thehackernews.com/2016/10/mirai-source-code-iot-botnet.html
北极熊扫描器4.0发布
http://www.freebuf.com/sectool/115690.html
http://www.freebuf.com/sectool/115690.html
END OF AN ERA
https://www.thecthulhu.com/end-of-an-era/
https://www.thecthulhu.com/end-of-an-era/
U.S. government officially accuses Russia of hacking campaign to interfere with
https://www.washingtonpost.com/world/national-security/us-government-officially-accuses-russia-of-hacking-campaign-to-influence-elections/2016/10/07/4e0b9654-8cbf-11e6-875e-2c1bfe943b66_story.html
https://www.washingtonpost.com/world/national-security/us-government-officially-accuses-russia-of-hacking-campaign-to-influence-elections/2016/10/07/4e0b9654-8cbf-11e6-875e-2c1bfe943b66_story.html
Exclusive: Yahoo secretly scanned customer emails for U.S. intelligence
http://www.reuters.com/article/us-yahoo-nsa-exclusive-idUSKCN1241YT
http://www.reuters.com/article/us-yahoo-nsa-exclusive-idUSKCN1241YT
NSA合同工因窃取机密被捕
http://www.solidot.org/story?sid=49890
http://www.solidot.org/story?sid=49890
Enterprise Security Weekly #18 - Darkweb Monitoring
http://101.110.118.34/traffic.libsyn.com/pauldotcom/Enterprise_Security_Weekly_18_-_Darkweb_Monitoring.mp3
http://101.110.118.34/traffic.libsyn.com/pauldotcom/Enterprise_Security_Weekly_18_-_Darkweb_Monitoring.mp3
雅虎开源分类色情图像的深度学习模型
http://www.solidot.org/story?sid=49865
http://www.solidot.org/story?sid=49865
黑客小说:杀手(第四章 危机)
http://www.jianshu.com/p/c4e06774b130
http://www.jianshu.com/p/c4e06774b130
安全技术
Social-Engineer-Tool(SET)社会工程学工具包制作钓鱼网站
https://lwww.evilclay.com/2016/10/03/Social-Engineer-Tool%25EF%25BC%2588SET%25EF%25BC%2589%25E7%25A4%25BE%25E4%25BC%259A%25E5%25B7%25A5%25E7%25A8%258B%25E5%25AD%25A6%25E5%25B7%25A5%25E5%2585%25B7%25E5%258C%2585%25E5%258
https://lwww.evilclay.com/2016/10/03/Social-Engineer-Tool%25EF%25BC%2588SET%25EF%25BC%2589%25E7%25A4%25BE%25E4%25BC%259A%25E5%25B7%25A5%25E7%25A8%258B%25E5%25AD%25A6%25E5%25B7%25A5%25E5%2585%25B7%25E5%258C%2585%25E5%258
Scirius – Suricata Ruleset Management Web Application
https://link.zhihu.com/?target=https%3A//github.com/StamusNetworks/scirius/
https://link.zhihu.com/?target=https%3A//github.com/StamusNetworks/scirius/
2016 L-CTF writeup
http://bobao.360.cn/ctf/detail/168.html
http://bobao.360.cn/ctf/detail/168.html
The Antivirus Hacker's Handbook
http://pan.baidu.com/s/1c2bZl3E
http://pan.baidu.com/s/1c2bZl3E
DEF CON 24 Presentations Video
https://www.youtube.com/playlist?list=PL9fPq3eQfaaCHWjKpgejaODz3oMKwbkpa
https://www.youtube.com/playlist?list=PL9fPq3eQfaaCHWjKpgejaODz3oMKwbkpa
metasploitable3:Rapid出品的漏洞练习虚拟机环境
https://github.com/rapid7/metasploitable3
https://github.com/rapid7/metasploitable3
bleach: 基于白名单的HTML富文本过滤器
https://github.com/mozilla/bleach
https://github.com/mozilla/bleach
Webshell进化史与中国菜刀
http://www.finsec.pw/756.html?from=timeline&isappinstalled=0
http://www.finsec.pw/756.html?from=timeline&isappinstalled=0
Kali Linux 秘籍 中文版
https://wizardforcel.gitbooks.io/kali-linux-cookbook/content/
https://wizardforcel.gitbooks.io/kali-linux-cookbook/content/
linux 提权 实战Linux下三种不同方式的提权技巧
http://www.webshell.cc/5211.html
http://www.webshell.cc/5211.html
运维书籍: Site-Reliability-Engineering
https://github.com/hellorocky/Site-Reliability-Engineering
https://github.com/hellorocky/Site-Reliability-Engineering
Android漏洞CVE-2015-3825分析及exploit实战:从Crash到劫持Poc
http://www.ms509.com/?p=439
http://www.ms509.com/?p=439
Announcing CERT Basic Fuzzing Framework Version 2.8
http://insights.sei.cmu.edu/cert/2016/10/announcing-cert-basic-fuzzing-framework-bff-28.html
http://insights.sei.cmu.edu/cert/2016/10/announcing-cert-basic-fuzzing-framework-bff-28.html
ViperMonkey: A VBA parser and emulation engine to analyze malicious macros
https://github.com/decalage2/ViperMonkey
https://github.com/decalage2/ViperMonkey
PipelineIO: Extend ML Pipelines to Serve Production Users
https://pipeline.io/
https://pipeline.io/
PyShell 木马后门
http://thief.one/2016/09/05/PyShell-%25E6%259C%25A8%25E9%25A9%25AC%25E5%2590%258E%25E9%2597%25A8/
http://thief.one/2016/09/05/PyShell-%25E6%259C%25A8%25E9%25A9%25AC%25E5%2590%258E%25E9%2597%25A8/
《互联网企业安全高级指南》读书笔记
https://zhuanlan.zhihu.com/p/22770582
https://zhuanlan.zhihu.com/p/22770582
awesome-spider: 各种爬虫实例集合,入门好帮手
https://github.com/facert/awesome-spider
https://github.com/facert/awesome-spider
ZeusVM analysis
http://www.miasm.re/blog/2016/09/03/zeusvm_analysis.html
http://www.miasm.re/blog/2016/09/03/zeusvm_analysis.html
Chardet:Python通用编码检测器
http://hao.jobbole.com/chardet/
http://hao.jobbole.com/chardet/
SecWiki周刊(第135期)
https://www.sec-wiki.com/weekly/135
https://www.sec-wiki.com/weekly/135
IntruderPayloads: A collection of Burpsuite Intruder payloads
https://github.com/1N3/IntruderPayloads
https://github.com/1N3/IntruderPayloads
25 Million Presidential Debate Tweets in Google BigQuery
https://www.jbencina.com/blog/2016/10/06/25-million-presidential-debate-tweets-in-google-big-query/
https://www.jbencina.com/blog/2016/10/06/25-million-presidential-debate-tweets-in-google-big-query/
渗透测试漏洞平台DVWA-参考答案
http://blog.csdn.net/qq_29277155/article/details/52726730
http://blog.csdn.net/qq_29277155/article/details/52726730
Russia Hacks Bellingcat MH17 Investigation
https://www.threatconnect.com/blog/russia-hacks-bellingcat-mh17-investigation/
https://www.threatconnect.com/blog/russia-hacks-bellingcat-mh17-investigation/
Securing Your Raspberry Pi
http://www.madirish.net/566
http://www.madirish.net/566
Breaking into WPA Enterprise networks with Air-Hammer
http://mikeallen.org/blog/2016-10-06-breaking-into-wpa-enterprise-networks-with-air-hammer/
http://mikeallen.org/blog/2016-10-06-breaking-into-wpa-enterprise-networks-with-air-hammer/
Mirai-Source-Code: For Research/IoC Development Purposes
https://github.com/jgamblin/Mirai-Source-Code
https://github.com/jgamblin/Mirai-Source-Code
WAF Testing With Random User Agents.
https://jerrygamblin.com/2016/10/05/waf-testing-with-random-user-agents/
https://jerrygamblin.com/2016/10/05/waf-testing-with-random-user-agents/
Redis学习笔记
http://sccsec.com/2016/10/02/redis%25E5%25AD%25A6%25E4%25B9%25A0%25E7%25AC%2594%25E8%25AE%25B0/
http://sccsec.com/2016/10/02/redis%25E5%25AD%25A6%25E4%25B9%25A0%25E7%25AC%2594%25E8%25AE%25B0/
10个视频带你快速纵览2016 Linux安全峰会
http://www.77169.com/html/24174.html?from=timeline&isappinstalled=0
http://www.77169.com/html/24174.html?from=timeline&isappinstalled=0
Introduction to PDF syntax
https://gendignoux.com/blog/2016/10/04/pdf-basics.html
https://gendignoux.com/blog/2016/10/04/pdf-basics.html
ooktools: on-off keying tools for your sdr
https://leonjza.github.io/blog/2016/10/08/ooktools-on-off-keying-tools-for-your-sdr/
https://leonjza.github.io/blog/2016/10/08/ooktools-on-off-keying-tools-for-your-sdr/
自学成才的黑客(安全研究员)是从哪学到那些知识的
https://www.zhihu.com/question/23073812
https://www.zhihu.com/question/23073812
Wordpress <= 4.6.1 使用语言文件任意代码执行 漏洞分析
https://paper.seebug.org/63/
https://paper.seebug.org/63/
对“利比亚天蝎”网络间谍活动的分析调查(附样本下载)
http://www.freebuf.com/articles/network/115280.html
http://www.freebuf.com/articles/network/115280.html
jSQL Injection: a Java application for automatic SQL database injection
https://github.com/ron190/jsql-injection
https://github.com/ron190/jsql-injection
机器学习经典资料
http://www.52cs.org/?p=1220
http://www.52cs.org/?p=1220
The Browser Hacker-s Handbook.pdf 密码#28sk
https://pan.baidu.com/s/1slH6mg1
https://pan.baidu.com/s/1slH6mg1
Android 10月安全补丁风险评估
http://appscan.360.cn/blog/?p=151
http://appscan.360.cn/blog/?p=151
Source Code for IoT Botnet 'Mirai' Released
https://link.zhihu.com/?target=http%3A//krebsonsecurity.com/2016/10/source-code-for-iot-botnet-mirai-released/
https://link.zhihu.com/?target=http%3A//krebsonsecurity.com/2016/10/source-code-for-iot-botnet-mirai-released/
awesome-wechat: 微信个人号/公众号相关项目整理
https://github.com/fritx/awesome-wechat
https://github.com/fritx/awesome-wechat
CVE-2016-1707 Chrome Address Bar URL Spoofing on IOS
http://xlab.tencent.com/en/2016/10/09/CVE-2016-1707-Chrome-Address-Bar-URL-Spoofing-on-IOS/
http://xlab.tencent.com/en/2016/10/09/CVE-2016-1707-Chrome-Address-Bar-URL-Spoofing-on-IOS/
-----微信ID:SecWiki-----
SecWiki,13年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第136期)
