SecWiki周刊(第77期)
2015/08/17-2015/08/23
安全资讯
ACM CCS 2015 Accepted Papers
http://www.sigsac.org/ccs/CCS2015/pro_paper.html
http://www.sigsac.org/ccs/CCS2015/pro_paper.html
New data uncovers the surprising predictability of Android lock patterns
http://arstechnica.com/security/2015/08/new-data-uncovers-the-surprising-predictability-of-android-lock-patterns/
http://arstechnica.com/security/2015/08/new-data-uncovers-the-surprising-predictability-of-android-lock-patterns/
DerbyCon 2015 Schedule and Abstract
http://www.derbycon.com/derbycon-2015-schedule-and-abstract/
http://www.derbycon.com/derbycon-2015-schedule-and-abstract/
Science Isn’t Broken
http://fivethirtyeight.com/features/science-isnt-broken/
http://fivethirtyeight.com/features/science-isnt-broken/
AVA: A Social Engineering Vulnerability Scanner
https://www.schneier.com/blog/archives/2015/08/ava_a_social_en.html
https://www.schneier.com/blog/archives/2015/08/ava_a_social_en.html
2015年第34周安全通报
http://blog.topsec.com.cn/ad_lab/2015%e5%b9%b4%e7%ac%ac34%e5%91%a8%e5%ae%89%e5%85%a8%e9%80%9a%e6%8a%a5/
http://blog.topsec.com.cn/ad_lab/2015%e5%b9%b4%e7%ac%ac34%e5%91%a8%e5%ae%89%e5%85%a8%e9%80%9a%e6%8a%a5/
Fifteen Famous Bug Bounty Hunters
http://resources.infosecinstitute.com/fifteen-famous-bug-bounty-hunters/
http://resources.infosecinstitute.com/fifteen-famous-bug-bounty-hunters/
How to Exploit BitTorrent for Large-Scale DoS Attacks
http://thehackernews.com/2015/08/bittorrent-dos-attack.html
http://thehackernews.com/2015/08/bittorrent-dos-attack.html
BlackHat Trainings Experience
http://www.sec-un.org/blackhat-trainings-experience.html
http://www.sec-un.org/blackhat-trainings-experience.html
BlackHat & Defcon 2015 观感
http://weibo.com/p/1001603876902510403147
http://weibo.com/p/1001603876902510403147
10+ Years of System Security Circus
http://s3.eurecom.fr/~balzarot/notes/top4/index.html
http://s3.eurecom.fr/~balzarot/notes/top4/index.html
安全技术
Discuz!后台秒getshell(第三方安全问题)
http://0day5.com/archives/3339
http://0day5.com/archives/3339
Discuz全版本存储型DOM XSS(可打管理员)
http://0day5.com/archives/3323
http://0day5.com/archives/3323
PHP 7 ZEND_HASH_IF_FULL_DO_RESIZE Use After Free 漏洞分析
http://blog.knownsec.com/2015/08/php-7-zend_hash_if_full_do_resize-use-after-free-analysis/
http://blog.knownsec.com/2015/08/php-7-zend_hash_if_full_do_resize-use-after-free-analysis/
Wordpress4.2.3提权与SQL注入漏洞(CVE-2015-5623)分析
http://security.tencent.com/index.php/blog/msg/93
http://security.tencent.com/index.php/blog/msg/93
Distributed Nmap Port Scanning with a DNmap Megacluster
http://www.tripwire.com/state-of-security/vulnerability-management/distributed-nmap-port-scanning-dnmap-megacluster/
http://www.tripwire.com/state-of-security/vulnerability-management/distributed-nmap-port-scanning-dnmap-megacluster/
Modern Windows Exploit Development
http://expdev-kiuhnm.rhcloud.com/download-the-book/
http://expdev-kiuhnm.rhcloud.com/download-the-book/
UCSD Computer Security Course Slide
http://cseweb.ucsd.edu/classes/fa12/cse127-a/syllabus.html
http://cseweb.ucsd.edu/classes/fa12/cse127-a/syllabus.html
Cookies Lack Integrity: Real-World Implications
https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-zheng-updated.pdf
https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-zheng-updated.pdf
HackingTeamfulldump (不算完整235g压缩版)
http://pan.baidu.com/s/1kTBzrVp
http://pan.baidu.com/s/1kTBzrVp
Inside Neutrino botnet builder
https://blog.malwarebytes.org/botnets/2015/08/inside-neutrino-botnet-builder/
https://blog.malwarebytes.org/botnets/2015/08/inside-neutrino-botnet-builder/
NetRipper - Smart traffic sniffing for penetration testers
https://github.com/NytroRST/NetRipper
https://github.com/NytroRST/NetRipper
利用机器学习进行恶意代码分类
http://drops.wooyun.org/tips/8151
http://drops.wooyun.org/tips/8151
Discuz! X系列远程代码执行漏洞分析
http://www.secpulse.com/archives/35819.html
http://www.secpulse.com/archives/35819.html
Setup Your Own MITM, Packet Sniffing WiFi Access Point
http://blog.hackersonlineclub.com/2015/08/snifflab-setup-your-own-mitm-packet.html
http://blog.hackersonlineclub.com/2015/08/snifflab-setup-your-own-mitm-packet.html
“企业应急响应和反渗透”之真实案例分析
http://drops.wooyun.org/tips/8130
http://drops.wooyun.org/tips/8130
A light-weight forensic analysis of the AshleyMadison Hack
http://blog.includesecurity.com/2015/08/forensic-analysis-of-the-AshleyMadison-Hack.html
http://blog.includesecurity.com/2015/08/forensic-analysis-of-the-AshleyMadison-Hack.html
iOS:CVE-2015-5774
http://blog.pangu.io/cve-2015-5774/
http://blog.pangu.io/cve-2015-5774/
Extortionists Target Ashley Madison Users
http://krebsonsecurity.com/2015/08/extortionists-target-ashley-madison-users/
http://krebsonsecurity.com/2015/08/extortionists-target-ashley-madison-users/
You Dirty RAT: Analyzing an AlienSpy Payload
https://www.proofpoint.com/us/threat-insight/post/You-Dirty-RAT
https://www.proofpoint.com/us/threat-insight/post/You-Dirty-RAT
Camera 360应用隐私数据泄露的分析
http://drops.wooyun.org/tips/8209
http://drops.wooyun.org/tips/8209
Exploiting Ammyy Admin – developing an 0day
https://www.scriptjunkie.us/2014/09/exploiting-ammyy-admin-developing-an-0day/
https://www.scriptjunkie.us/2014/09/exploiting-ammyy-admin-developing-an-0day/
New activity of The Blue Termite APT
https://securelist.com/blog/research/71876/new-activity-of-the-blue-termite-apt/
https://securelist.com/blog/research/71876/new-activity-of-the-blue-termite-apt/
DEFCON 23 CTF 战记
http://blog.ztrix.me/blog/2015/08/16/defcon-23/
http://blog.ztrix.me/blog/2015/08/16/defcon-23/
BlackHat议题分析:浅析BGP劫持利用
http://www.freebuf.com/articles/network/75305.html
http://www.freebuf.com/articles/network/75305.html
Deploying, Managing, and Leveraging Honeypots in the Enterprise
https://www.threatstream.com/blog/deploying-managing-and-leveraging-honeypots-in-the-enterprise-using-open-source-tools#When:17:11:00Z
https://www.threatstream.com/blog/deploying-managing-and-leveraging-honeypots-in-the-enterprise-using-open-source-tools#When:17:11:00Z
SQL注入速查表(上)
http://drops.wooyun.org/tips/7840
http://drops.wooyun.org/tips/7840
BinNavi binary analysis tool open sourced by Google
https://github.com/google/binnavi
https://github.com/google/binnavi
Snifflab: An environment for testing mobile devices
https://openeffect.ca/snifflab-an-environment-for-testing-mobile-devices/
https://openeffect.ca/snifflab-an-environment-for-testing-mobile-devices/
UAC Bypass Vulnerability in the Windows Script Host.
http://seclist.us/uac-bypass-vulnerability-in-the-windows-script-host.html
http://seclist.us/uac-bypass-vulnerability-in-the-windows-script-host.html
A Neat Stack Corruption, Reverse P/Invoke Structure Packing with Output Param
http://blogs.microsoft.co.il/sasha/2015/08/18/a-neat-stack-corruption/
http://blogs.microsoft.co.il/sasha/2015/08/18/a-neat-stack-corruption/
携程安全沙龙现场笔记&PPT
http://www.secpulse.com/archives/35915.html
http://www.secpulse.com/archives/35915.html
Stealth Techniques: Hiding Files in the Registry
http://www.codereversing.com/blog/archives/261
http://www.codereversing.com/blog/archives/261
Analysis of PS4's security and the state of hacking
http://cturt.github.io/ps4.html
http://cturt.github.io/ps4.html
Chaos Communication Camp 2015
https://media.ccc.de/browse/conferences/camp2015/index.html
https://media.ccc.de/browse/conferences/camp2015/index.html
-----微信ID:SecWiki-----
SecWiki,13年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第77期)
