SecWiki周刊(第139期)
2016/10/24-2016/10/30
安全资讯
[移动安全]  DirtyCow 内核漏洞能被用于Root任何Android 设备
http://www.solidot.org/story?sid=50122
[Web安全]  打造一款自动化渗透测试平台 – 天象
http://www.4dogs.cn
[无线安全]  黑客攻破绝顶“安全”的无线键鼠,获取远程代码执行漏洞
http://www.aqniu.com/news-views/20648.html
[爆库]  黑客公开普京顾问的邮件存档
http://www.solidot.org/story?sid=50166
[恶意分析]  威胁情报的几个关键概念
http://yepeng.blog.51cto.com/3101105/1866485
[新闻]  Google Has Quietly Dropped Ban on Personally Identifiable Web Tracking
https://www.propublica.org/article/google-has-quietly-dropped-ban-on-personally-identifiable-web-tracking
[新闻]  启明星辰安全网关基于威胁情报的实时防御
http://weibo.com/ttarticle/p/show?id=2309404034945172561212
[设备安全]  京东安全极客工场加油GeekPwn嘉年华 京东首席安全专家Tony现身助阵
http://www.mottoin.com/91032.html
安全技术
[Web安全]  Attacking JavaScript Engines: A case study of JavaScriptCore and CVE-2016-4622
http://www.phrack.org/papers/attacking_javascript_engines.html
[Web安全]  Bypass unsafe-inline mode CSP
http://paper.seebug.org/91/
[Web安全]  关于 mirai 僵尸网络控制主机的数据分析
http://blog.netlab.360.com/a-mirai-botnet-c2-data-analysis/
[工具]  OWASP OWTF:WEB攻击测试框架
http://www.mottoin.com/91015.html
[恶意分析]  Deep Learning for Classification of Malware System Call Sequences
https://www.sec.in.tum.de/assets/Uploads/deeplearning.pdf
[其它]  U.S. DOT issues Federal guidance to the automotive industry for improving motor
http://www.nhtsa.gov/About-NHTSA/Press-Releases/nhtsa_cybersecurity_best_practices_10242016
[漏洞分析]  Redis Lua远程代码执行EXP
http://drops.wiki/index.php/2016/10/24/redis-lua/
[Web安全]  Ruler:一款利用Exchange服务渗透的安全工具
http://www.freebuf.com/sectool/117516.html
[文档]  QConShanghai2016: QCon上海2016幻灯片
https://github.com/QConChina/QConShanghai2016
[恶意分析]  分析感染华硕路由器的P2P僵尸网络程序TheMoon
http://www.freebuf.com/articles/terminal/117437.html
[恶意分析]  关于 dyn / twitter 受攻击情况的说明和 mirai 僵尸网络的回顾
http://blog.netlab.360.com/a-dyn-twitter-ddos-event-report-and-mirai-botnet-review/
[恶意分析]  Mirai DDoS Botnet: Source Code & Binary Analysis
http://www.simonroses.com/2016/10/mirai-ddos-botnet-source-code-binary-analysis/
[设备安全]  工业互联网的安全研究与实践
http://www.i170.com/Attach/3AEAD43D-7295-45B6-808E-0ACCD26366C0
[Web安全]  XSS dynamic detection using PhantomJs
http://www.n0tr00t.com/2016/10/29/XSS_dynamic_detection_using_PhantomJs.html
[Web安全]  Win10在docker中运行GourdScanV2
http://xiaix.me/win10zai-dockerzhong-yun-xing-gourdscanv2/
[漏洞分析]  Exploiting AMI Aptio firmware on example of Intel NUC
http://blog.cr4.sh/2016/10/exploiting-ami-aptio-firmware.html
[移动安全]  Android逆向随笔之遇见MultiDex
http://drops.wiki/index.php/2016/10/26/android-multidex/
[工具]  CodeWarrior:代码审计静态分析工具
http://www.mottoin.com/91088.html
[恶意分析]  Moonlight – Targeted attacks in the Middle East
http://blog.vectranetworks.com/blog/moonlight-middle-east-targeted-attacks
[数据挖掘]  Net-Creds:快速嗅探数据包及接口中的敏感信息
http://www.mottoin.com/91154.html
[运维安全]  Personal security checklist for securing your devices and accounts
https://github.com/alulsh/personal-security-checklist
[取证分析]  Solving GrrCon 2016 Memory Challenge
https://techanarchy.net/2016/10/solving-grrcon-2016-dfir-challenge/
[其它]  增长黑客:如何用数据来驱动产品增长
http://yedingding.com/2016/10/19/out-product-death-cycle.html
[漏洞分析]  Joomla未授权创建特权用户漏洞(CVE-2016-8869)分析
http://paper.seebug.org/88/
[恶意分析]  DATA REVELATIONS: Nominum Data Science Security Report
http://www.nominum.com/wp-content/uploads/2016/10/nominum-security-report.pdf
[移动安全]  安卓手机的后门控制工具SPADE
http://www.freebuf.com/articles/terminal/117347.html
[数据挖掘]  TuShare -免费、开源的Python财经数据接口包
http://tushare.org/index.html
[Web安全]  Google SpreadSheet的CSRF漏洞和JSON劫持漏洞导致数据窃取
http://www.mottoin.com/91113.html
[运维安全]  深度剖析开源分布式监控CAT
http://tech.meituan.com/CAT_in_Depth_Java_Application_Monitoring.html
[Web安全]  Nishang:PowerShell渗透测试工具
http://www.mottoin.com/91098.html
[Web安全]  使用DNS 预读取绕过Content Security Policy(CSP)
http://www.mottoin.com/91044.html
[运维安全]  Zmap论文简读
http://phantom0301.cc/2016/10/27/Zmapread/
[书籍]  selenium webdriver 从入门到提高
https://www.gitbook.com/book/easonhan007/selenium-webdriver/details
[移动安全]  Android ChatSecure 即时通信应用的取证分析
https://arxiv.org/pdf/1610.06721v1.pdf
[杂志]  SecWiki周刊(第138期)
https://www.sec-wiki.com/weekly/138
[数据挖掘]  年薪12万加税谣言——一次网络“蝴蝶效应”
http://weibo.com/ttarticle/p/show?id=2309404034796719336517
[其它]  2016 Google Summer of Code Projects
https://summerofcode.withgoogle.com/projects/?sp-page=2#!
[工具]  mimikatz新版发布:支持Windows 10 AU & Server 2016
http://www.mottoin.com/90997.html
[工具]  lonely-shell:使用Go实现的反向Shell
http://www.mottoin.com/90883.html
[设备安全]  Full(er) House: Exposing high-end poker cheating devices
https://www.elie.net/blog/security/fuller-house-exposing-high-end-poker-cheating-devices
[Web安全]  浏览器插件的攻击向量
http://www.freebuf.com/articles/web/117112.html
[Web安全]  【漏洞预警】Joomla未授权创建账号/权限提升漏洞
http://www.mottoin.com/91059.html
[移动安全]  backdoor-apk: adding a backdoor to any Android APK file
https://github.com/dana-at-cp/backdoor-apk
[数据挖掘]  分类之性能评估指标
https://www.52ml.net/20440.html
[移动安全]  Drammer漏洞源码分析
http://seclab.dbappsecurity.com.cn/?p=1491
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第139期)