SecWiki周刊(第143期)
2016/11/21-2016/11/27
安全资讯
[事件]  美国NSA局长表示DNC电子邮件泄漏是故意行为
http://www.mottoin.com/92399.html
[事件]  美国海军遭黑客攻击,泄露1.3万人员信息
http://www.mottoin.com/92570.html
[事件]  黑客团队入侵并公布了Mega.nz源码数据
http://www.mottoin.com/92433.html
[会议]  2016 SyScan360:六大不得不看的议题
http://www.aqniu.com/industry/21219.html
[会议]  SyScan360国际前瞻信息安全会议24日场
http://www.mottoin.com/92577.html
[新闻]  腾讯发布2016微信生态安全报告 累计处理谣言文章20多万篇
http://news.qq.com/a/20161124/039113.htm
[其它]  黑客小说:杀手 (第十章 回忆)
http://www.jianshu.com/p/0c6330a17bce
[新闻]  针对藏族人群的恶意程序 KeyBoy
http://www.solidot.org/story?sid=50451
安全技术
[Web安全]  Kali-Linux-2016.2(Rolling) 更新源
https://www.ohlinge.cn/kali/rolling.html
[数据挖掘]  kcws:深度学习中文分词(字嵌入+Bi-LSTM+CRF)
https://github.com/koth/kcws
[编程技术]  BlindWaterMark: Python编程实现的盲水印
https://github.com/chishaxie/BlindWaterMark
[Web安全]  Winmail最新直达webshell 0day漏洞挖掘实录
http://www.91ri.org/16519.html
[运维安全]  OpenWAF: OpenWAF是基于openresty的Web应用防护系统(WAF)
https://github.com/titansec/OpenWAF
[会议]  SIGKDD 2016 Tutorial:Leveraging Propagation for Data Mining: Models, Algorithms
http://people.cs.vt.edu/~badityap/TALKS/16-kdd-tutorial/
[文档]  SFDC 北京 Security 大会精彩分享
https://segmentfault.com/a/1190000007553551
[工具]  Kaitai Web IDE:在线多种文件格式分析
https://kt.pe/kaitai_struct_webide/
[工具]  mimikatz 2.1 20161126 发布
http://www.mottoin.com/92735.html
[Web安全]  一个价值7500刀的Chrome UXSS(CVE-2016-1631)分析与利用
http://avfisher.win/archives/619
[运维安全]  比一比Nmap、Zmap、Masscan三种扫描工具
http://www.arkteam.net/?p=1328
[Web安全]  我的WafBypass之道(SQL注入篇)
https://xianzhi.aliyun.com/forum/attachment/big_size/wafbypass_sql.pdf
[恶意分析]  黑客入侵ATM机的4种方法
http://www.mottoin.com/92434.html
[恶意分析]  It’s Parliamentary: KeyBoy and the targeting of the Tibetan Community
https://citizenlab.org/2016/11/parliament-keyboy/
[恶意分析]  分析与总结常见勒索软件的加密算法
http://www.freebuf.com/articles/database/120023.html
[其它]  TECHNICAL TEARDOWN: EXPLOIT & MALWARE IN .HWP FILES
http://www.vxsecurity.sg/2016/11/22/technical-teardown-exploit-malware-in-hwp-files/
[工具]  deep-pwning: Metasploit for machine learning.
https://github.com/cchio/deep-pwning
[其它]  通过二维码传输IP数据
http://www.mottoin.com/92345.html
[恶意分析]  awesome-iocs: 不错的IOC工具和数据发布站点
https://github.com/sroberts/awesome-iocs
[Web安全]  brut3k1t - Server-side Brute-force Module (ssh, ftp, smtp, facebook)
http://www.kitploit.com/2016/11/brut3k1t-server-side-brute-force-module.html
[漏洞分析]  Zigbee 安全与 IoT 设备漏洞利用
http://www.mottoin.com/92660.html
[Web安全]  浅谈Web前端僵尸网络
http://www.arkteam.net/?p=1364
[Web安全]  httpscan: 一个爬虫式的网段Web主机发现小工具
https://github.com/zer0h/httpscan
[Web安全]  BScanner: 又一款轻量级的目录扫描器
https://github.com/LoRexxar/BScanner
[无线安全]  扎克伯克是对的,黑掉耳机更容易
https://www.siliconrepublic.com/enterprise/hacking-earphones
[漏洞分析]  使用Docker镜像/容器分析已知漏洞
http://www.mottoin.com/92339.html
[设备安全]  破解一款无线智能插座
http://www.mottoin.com/92421.html
[编程技术]  Python multiprocessing
http://thief.one/2016/11/23/Python-multiprocessing/
[移动安全]  MobSF:自动化移动安全测试框架
http://www.mottoin.com/92477.html
[设备安全]  树莓派应用:无线扫描仪
http://www.mottoin.com/92504.html
[工具]  The Damn Vulnerable Router Firmware Project
https://github.com/praetorian-inc/DVRF
[Web安全]  新手指南:DVWA-1.9全级别教程之SQL Injection
http://www.freebuf.com/articles/web/120747.html
[工具]  aws_pwn:A collection of AWS penetration testing junk
https://github.com/dagrz/aws_pwn
[Web安全]  Abusing of Protocols to Load Local Files, bypass the HTML5 Sandbox
http://www.brokenbrowser.com/abusing-of-protocols/
[Web安全]  java Deserialization Cheat Sheet
https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet/
[Web安全]  Eagle: Eagle is a Web Application Attack and Audit Framework
https://github.com/magerx/Eagle
[Web安全]  Feigong:针对各种情况自由变化的MySQL注入脚本
https://github.com/LoRexxar/Feigong
[Web安全]  The Genesis of an XSS Worm – Part III
http://brutelogic.com.br/blog/genesis-xss-worm-part-iii/
[其它]  InPage zero-day exploit used to attack financial institutions in Asia
https://securelist.com/blog/research/76717/inpage-zero-day-exploit-used-to-attack-financial-institutions-in-asia/
[设备安全]  构造一个支持多端口的中间人网络TAP
http://www.mottoin.com/92353.html
[杂志]  SecWiki周刊(第142期)
https://www.sec-wiki.com/weekly/142
[Web安全]  A target specific wordlist generating tool for social engineers and security res
https://github.com/tch1001/pwdlogy
[Web安全]  【零知识证明】利用数据库查表瓶颈,对抗密码破解
https://www.cnblogs.com/index-html/p/database-lookup-against-password-cracking.html
[恶意分析]  WebMalwareScanner - A simple malware scanner
https://github.com/maxlabelle/WebMalwareScanner
[设备安全]  Brutal -- 用来快速生成 HID 设备多种攻击代码的工具
http://www.kitploit.com/2016/11/brutal-toolkit-to-quickly-create.html
[运维安全]  Monitoring 'DNS' inside the Tor network
http://blog.0x3a.com/post/153468210759/monitoring-dns-inside-the-tor-network
[Web安全]  NEET - 网络枚举和利用工具
https://github.com/JonnyHightower/neet
[运维安全]  Building a Whitelist of Network Domains
http://threatcrowd.blogspot.co.uk/2016/11/building-whitelist-of-network-domains.html
-----微信ID:SecWiki-----
SecWiki,10年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第143期)