SecWiki周刊(第80期)
2015/09/07-2015/09/13
安全资讯
[其它]  How we cracked millions of Ashley Madison bcrypt hashes efficiently
http://cynosureprime.blogspot.com/2015/09/how-we-cracked-millions-of-ashley.html
[文档]  The 2015 Higher Education Security Report
http://cdn2.hubspot.net/hubfs/533449/2015_Higher_Education_Security_Report.pdf
安全技术
[Web安全]  hacking with php
http://www.hackingwithphp.com/
[Web安全]  AIS3 Final CTF Web Writeup (Race Condition & one-byte off SQL Injection)
http://blog.orange.tw/2015/09/ais3-final-ctf-web-writeup-race.html
[Web安全]  faraday:Collaborative Penetration Test IDE
https://github.com/infobyte/faraday
[恶意分析]  逆向基础——软件手动脱壳技术入门
http://drops.wooyun.org/tips/8296
[其它]  安全产品的自我修养
http://security.tencent.com/index.php/blog/msg/95
[Web安全]  webshell大集合
https://github.com/tennc/webshell
[漏洞分析]  用alphafuzzer挖掘网络协议漏洞
http://blog.topsec.com.cn/ad_lab/alphafuzzer_npfuzz/
[Web安全]   Simple proxy checking script
https://github.com/chrisiaut/proxycheck_script
[Web安全]  windows 2012 抓明文密码方法
http://zone.wooyun.org/content/20310
[Web安全]  WMI Defense
http://drops.wooyun.org/tips/8290
[运维安全]  BitTorrent DDoS放大攻击
http://blog.nsfocus.net/bittorrent-drdos/
[Web安全]  Django任意代码执行漏洞分析
http://blog.nsfocus.net/django-code-execution-vulnerability/
[运维安全]  基于PaX/Grsecurity & STIG & Sheild针对es的Docker场景化加固
http://hardenedlinux.org/system-security/2015/09/06/hardening-es-in-docker-with-grsec.html
[恶意分析]  罪恶家族hook007之潜伏篇
http://blogs.360.cn/blog/hoook007/
[Web安全]  XssSniper 扩展介绍
http://0kee.360.cn/domXss/
[Web安全]  Abusing Chrome's XSS auditor to steal tokens Detecting XSS Auditor
http://blog.portswigger.net/2015/08/abusing-chromes-xss-auditor-to-steal.html
[设备安全]  物联网操作系统安全性分析
http://drops.wooyun.org/wireless/8338
[Web安全]  浅谈互联网公司业务安全
http://drops.wooyun.org/tips/8190
[书籍]  Python Tutorials:From “Hello” to custom Python malware, and exploits
http://www.primalsecurity.net/tutorials/python-tutorials/
[漏洞分析]  Second FireEye FLARE On Challenge (2015) Solutions
http://unhere.com/2015/09/09/fireeye-flare-on-challenge-2015-solutions/
[运维安全]  Fishing for Hackers: Analysis of a Linux Server Attack
https://sysdig.com/fishing-for-hackers/
[恶意分析]  Black Hat Arsenal peepdf Challenge 2015 writeup
https://quequero.org/2015/09/black-hat-arsenal-peepdf-challenge-2015-writeup/
[恶意分析]  扯淡 闲谈 威胁情报分析
http://weibo.com/p/1001603884551716890497
[恶意分析]  Proxying Bluetooth devices for security analysis using btproxy
http://conorpp.com/blog/proxying-bluetooth-devices-for-security-analysis-using-btproxy/
[漏洞分析]  Breaking UEFI security with software DMA attacks
http://blog.cr4.sh/2015/09/breaking-uefi-security-with-software.html
[书籍]  Neural networks and deep learning
http://neuralnetworksanddeeplearning.com/
[取证分析]  Malware Forensic Field Guides: Tool Box
http://www.malwarefieldguide.com/LinuxChapter1.html
[设备安全]  潜伏在身边的危机:智能设备安全
http://security.tencent.com/index.php/blog/msg/94
[文档]  Playing with Fire:Attacking the FireEye® MPS
https://www.ernw.de/download/ERNW_44CON_PlayingWithFire_signed.pdf
[Web安全]  Php Codz Hacking
https://github.com/chtg/phpcodz
[书籍]  sec-chart:Security Flow Chart
https://github.com/SecWiki/sec-chart
[恶意分析]  Satellite Turla: APT Command and Control in the Sky
https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-control-in-the-sky/
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第80期)