SecWiki周刊(第66期)
2015/06/01-2015/06/07
安全资讯
勒索软件-“Locker”作者放出私钥数据库
http://t.cn/R2ihWdl?u=3957583411&m=3848888362764943&cu=2641540733
http://t.cn/R2ihWdl?u=3957583411&m=3848888362764943&cu=2641540733
FBI官员称,加密不应该高于一切,企业应该配合
http://www.solidot.org/story?sid=44330
http://www.solidot.org/story?sid=44330
VPN Service Hola Big Security Risk
http://malwarebattle.blogspot.com/2015/06/researchers-vpn-service-hola-big.html
http://malwarebattle.blogspot.com/2015/06/researchers-vpn-service-hola-big.html
Autopsy:Lessons from Failed Startups
http://autopsy.io/
http://autopsy.io/
Does your country share your data with the USA?
https://www.amnesty.org/en/does-your-country-share-your-data-with-the-usa/
https://www.amnesty.org/en/does-your-country-share-your-data-with-the-usa/
互联网黑市分析:DDoS 启示录
http://mp.weixin.qq.com/s?__biz=MzA3NTcwOTIwNg==&mid=206803402&idx=1&sn=07072c12e61817f3403ee9b31ef9a979&scene=4#wechat_redirect
http://mp.weixin.qq.com/s?__biz=MzA3NTcwOTIwNg==&mid=206803402&idx=1&sn=07072c12e61817f3403ee9b31ef9a979&scene=4#wechat_redirect
Auditing GitHub users' SSH key quality
https://blog.benjojo.co.uk/post/auditing-github-users-keys
https://blog.benjojo.co.uk/post/auditing-github-users-keys
安全技术
互联网企业安全管理和传统行业的区别
http://www.ayazero.com/?p=25
http://www.ayazero.com/?p=25
与《YII框架》不得不说的故事—基础篇丨章节
http://www.imooc.com/learn/404
http://www.imooc.com/learn/404
Google XSS turkey
http://labs.detectify.com/post/120855545341/google-xss-turkey
http://labs.detectify.com/post/120855545341/google-xss-turkey
WAF Bypass at Positive Hack Days V
http://blog.ptsecurity.com/2015/06/waf-bypass-at-positive-hack-days-v.html
http://blog.ptsecurity.com/2015/06/waf-bypass-at-positive-hack-days-v.html
Must-watch videos about Python
http://pymust.watch/
http://pymust.watch/
Embedded Device Security & Zollard Botnet Analysis
http://blog.balicbilisim.com/zollard_analiz_en-gb.pdf
http://blog.balicbilisim.com/zollard_analiz_en-gb.pdf
企业安全涵盖哪些事情
http://www.ayazero.com/?p=19
http://www.ayazero.com/?p=19
MalwareTech SBK:A Firmware Assisted Bootkit
http://malwaretech.net/MTSBK.pdf
http://malwaretech.net/MTSBK.pdf
雷锋沙龙成都站分享ppt下载
http://yunpan.taobao.com/s/1Vo2egjzJk
http://yunpan.taobao.com/s/1Vo2egjzJk
写一个支持键盘输入和屏幕输出的内核
http://blog.jobbole.com/87399/
http://blog.jobbole.com/87399/
First place in Microsoft Malware Classification Challenge (BIG 2015)
https://www.youtube.com/watch?v=VLQTRlLGz5Y
https://www.youtube.com/watch?v=VLQTRlLGz5Y
使用 radare 框架逆向固件
http://dwz.cn/N2ZCb
http://dwz.cn/N2ZCb
Hookish! - find Dom XSS
http://hookish.skepticfx.com/
http://hookish.skepticfx.com/
PHP-FPM中backlog参数变更的一些思考
http://www.cnxct.com/something-about-phpfpm-s-backlog/
http://www.cnxct.com/something-about-phpfpm-s-backlog/
eBook: Iterative Development & MongoDB
http://info.thoughtworks.com/ebook-iterative-development-mongodb?utm_campaign=ebook-mongodb&utm_medium=social&utm_source=ebook
http://info.thoughtworks.com/ebook-iterative-development-mongodb?utm_campaign=ebook-mongodb&utm_medium=social&utm_source=ebook
Teaching the Elephant to Read
http://docs.huihoo.com/oreilly/conferences/strataconf/big-data-conference-ny-2013/teaching-the-elephant-to-read/
http://docs.huihoo.com/oreilly/conferences/strataconf/big-data-conference-ny-2013/teaching-the-elephant-to-read/
利用逻辑漏洞攻击浏览器
http://dwz.cn/N2ZCs
http://dwz.cn/N2ZCs
安全漏洞本质扯谈之决战汇编代码
http://weibo.com/p/1001643815157678669333
http://weibo.com/p/1001643815157678669333
一个Dlink漏洞的利用
http://dwz.cn/N2ZC2
http://dwz.cn/N2ZC2
KeyBase Keylogger Malware Family Exposed
http://researchcenter.paloaltonetworks.com/2015/06/keybase-keylogger-malware-family-exposed/
http://researchcenter.paloaltonetworks.com/2015/06/keybase-keylogger-malware-family-exposed/
Understanding Flash Exploitation and the Alleged CVE-2015-0359 Exploit
http://researchcenter.paloaltonetworks.com/2015/06/understanding-flash-exploitation-and-the-alleged-cve-2015-0359-exploit/
http://researchcenter.paloaltonetworks.com/2015/06/understanding-flash-exploitation-and-the-alleged-cve-2015-0359-exploit/
某机构网络安全检测报告
http://www.secpulse.com/archives/32531.html
http://www.secpulse.com/archives/32531.html
Malware Analysis Tutorials: a Reverse Engineering Approach
http://fumalwareanalysis.blogspot.in/p/malware-analysis-tutorials-reverse.html
http://fumalwareanalysis.blogspot.in/p/malware-analysis-tutorials-reverse.html
Hacking PostgreSQL
https://www.ricter.me/posts/Hacking%20PostgreSQL
https://www.ricter.me/posts/Hacking%20PostgreSQL
深入挖掘 Android 系统新运行时环境的内部机制
http://dwz.cn/N2ZAJ
http://dwz.cn/N2ZAJ
Graphical Malware Actuation with Panda and Volatility
http://laredo-13.mit.edu/~brendan/BSIDES_NOLA_2015.pdf
http://laredo-13.mit.edu/~brendan/BSIDES_NOLA_2015.pdf
LockBoxx: PwnPi 3 Final Review
http://lockboxx.blogspot.com/2015/05/pwnpi-3-final-review.html
http://lockboxx.blogspot.com/2015/05/pwnpi-3-final-review.html
Case Study: Evading Automated Sandbox
http://resources.infosecinstitute.com/case-study-evading-automated-sandbox-python-poc/
http://resources.infosecinstitute.com/case-study-evading-automated-sandbox-python-poc/
DNSMaper:子域名信息枚举与地图标记
http://le4f.github.io/dnsmaper/
http://le4f.github.io/dnsmaper/
OWASP Zed 攻击代理-综合的渗透测试工具
http://dwz.cn/N2YXC
http://dwz.cn/N2YXC
Clipboard Hijacking with HTML5
http://tbranyen.com/post/clipboard-hijacking-with-html5
http://tbranyen.com/post/clipboard-hijacking-with-html5
SSTIC2015 - Analysis of an encrypted HDD
https://www.sstic.org/media/SSTIC2015/SSTIC-actes/hardware_re_for_software_reversers/SSTIC2015-Slides-hardware_re_for_software_reversers-czarny_rigo.pdf
https://www.sstic.org/media/SSTIC2015/SSTIC-actes/hardware_re_for_software_reversers/SSTIC2015-Slides-hardware_re_for_software_reversers-czarny_rigo.pdf
Triton:Concolic execution framework based on Pin
https://github.com/JonathanSalwan/Triton
https://github.com/JonathanSalwan/Triton
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第66期)
