SecWiki周刊（第54期)

SecWiki周刊（第54期）

2015/03/09-2015/03/15

安全资讯

[其它] CODEGATE CTF 2015
http://codegate.grayhash.com/html/Main.html?lang=eng

[会议] 2015年3月12日杭州沙龙通知
http://www.sec-un.org/hangzhou-march-12-2015-sharon-informed-2.html

[Web安全] US military looks to 3,000 new security hires by 2016
http://www.welivesecurity.com/2015/03/10/us-military-looks-3000-new-security-hires-2016/

[恶意分析] Operating System Vulnerabilities, Exploits and Insecurity
http://www.welivesecurity.com/2015/03/10/operating-system-vulnerabilities-exploits-insecurity/

[会议] INFILTRATE 2015 conference
http://www.infiltratecon.com/speakers.html

[会议] Black Hat Asia 2015
https://www.blackhat.com/asia-15/briefings.html

安全技术

[无线安全] WIFI万能钥匙Python查询脚本
http://thecjw.0ginr.com/blog/archives/534

[恶意分析] CVE-2015-0204 OpenSSL FREAK Attack漏洞检测方法及修复建议
https://sobug.com/article/detail/15

[漏洞分析] 360加固保ELF脱壳总结
http://thecjw.0ginr.com/blog/archives/552

[漏洞分析] 从逆向360驱动谈Linux安全软件应如何设计
http://blog.cloud-sec.org/uncategorized/%e4%bb%8e%e9%80%86%e5%90%91360%e9%a9%b1%e5%8a%a8%e8%b0%88linux%e5%ae%89%e5%85%a8%e8%bd%af%e4%bb%b6%e8%ae%be%e8%ae%a1/

[运维安全] Data-Hack SQL注入检测
http://drops.wooyun.org/tips/5118

[恶意分析] CVE-2015-0240：Samba全系版本远程命令执行漏洞检测方法及修复建议
https://sobug.com/article/detail/14

[移动安全] 详解Android App AllowBackup配置带来的风险
https://sobug.com/article/detail/16

[Web安全] OWASP 测试指南 4.0
http://kennel209.gitbooks.io/owasp-testing-guide-v4/content/zh/

[取证分析] Python Registry Parser (regparse)
http://sysforensics.org/2015/03/python-registry-parser.html

[漏洞分析] 分析配置文件的格式解密加密数据
http://drops.wooyun.org/binary/5147

[视频] BSides Tampa 2015 Videos
http://www.irongeek.com/i.php?page=videos/bsidestampa2015/mainlist

[数据挖掘] Bayesian Methods for Hackers
https://camdavidsonpilon.github.io/Probabilistic-Programming-and-Bayesian-Methods-for-Hackers/

[Web安全] 新浪微博IPAD客户端XSS(file域) + 构造Worm
http://www.leavesongs.com/PENETRATION/ipad-weibo-store-xss-worm.html

[运维安全] Justniffer:network protocol analyzer
http://justniffer.sourceforge.net/

[漏洞分析] Full details on CVE-2015-0096 and the failed MS10-046 Stuxnet fix
http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Full-details-on-CVE-2015-0096-and-the-failed-MS10-046-Stuxnet/ba-p/6718459#.VP_AEFND5U0

[恶意分析] peCloak.py – An Experiment in AV Evasion
http://www.securitysift.com/pecloak-py-an-experiment-in-av-evasion/

[运维安全] 2015 春节 CC 攻击习科调查 IV
http://attach.blackbap.org/pdf/CC_Attack_by_mateng7410.pdf

[无线安全] Mobile self-defense
http://nullcon.net/website/archives/ppt/goa-15/mobile-self-defence.pdf

[Web安全] wig:WebApp Information Gatherer
https://github.com/jekyc/wig

[移动安全] Smack技术远控木马
http://blog.avlyun.com/2015/03/2193/smack-remote-control/

[Web安全] 利用redis写webshell
http://www.secpulse.com/archives/5357.html

[漏洞分析] Making Finfisher Undetectable
http://lqdc.github.io/making-finfisher-undetectable.html

[数据挖掘] HMM相关文章索引
http://www.52nlp.cn/hmm%e7%9b%b8%e5%85%b3%e6%96%87%e7%ab%a0%e7%b4%a2%e5%bc%95

[Web安全] Fireeye Mandiant 2014 安全报告 Part2
http://drops.wooyun.org/news/5153

[编程技术] Elasticsearch权威指南
http://es.xiaoleilu.com/

[Web安全] 密码找回逻辑漏洞总结
http://drops.wooyun.org/web/5048

[数据挖掘] Machine Learning for Programming
http://www.infoq.com/presentations/machine-learning-general-programming

[漏洞分析] Bypassing ASLR with CVE-2015-0071
http://blog.trendmicro.com/trendlabs-security-intelligence/bypassing-aslr-with-cve-2015-0071-an-out-of-bounds-read-vulnerability/

[数据挖掘] 机器学习资料大汇总
http://www.52ml.net/star

[Web安全] Fingerprinter:Versions Fingerprinter
https://github.com/erwanlr/Fingerprinter

[恶意分析] Kaspersky Security Bulletin. Spam in 2014
https://securelist.com/analysis/kaspersky-security-bulletin/69225/kaspersky-security-bulletin-spam-in-2014/

-----微信ID：SecWiki-----
SecWiki，13年来一直专注安全技术资讯分析！
SecWiki：https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第54期)