SecWiki周刊(第81期)
2015/09/14-2015/09/20
安全资讯
我们来告诉你完整的XCodeGhost事件
http://security.tencent.com/index.php/blog/msg/96
http://security.tencent.com/index.php/blog/msg/96
《2015MSC移动安全挑战赛》15万奖金等你赢!
http://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=207454569&idx=1&sn=dfe3f6d6d6cf7ea64e1aaccf66b8602a&scene=0#rd
http://mp.weixin.qq.com/s?__biz=MjM5NTc2MDYxMw==&mid=207454569&idx=1&sn=dfe3f6d6d6cf7ea64e1aaccf66b8602a&scene=0#rd
黑客相关的电视剧/电影
https://github.com/SecWiki/hack-movie
https://github.com/SecWiki/hack-movie
(ISC)2北京分会沙龙第7期—工控攻防及漏洞挖掘
http://www.huodongxing.com/event/3299282474100
http://www.huodongxing.com/event/3299282474100
对威胁情报分析的一些看法 (续篇)
http://weibo.com/p/1001603886785284467152
http://weibo.com/p/1001603886785284467152
大揭秘!苹果为何有毒 Xcode事件还原
http://v.youku.com/v_show/id_XMTMzOTUwMDYyNA==.html?%20%20f=26086617&ev=4
http://v.youku.com/v_show/id_XMTMzOTUwMDYyNA==.html?%20%20f=26086617&ev=4
2015安全事件全球之最:888起事件,2.46亿份档案被盗
http://www.aqniu.com/neo-points/10210.html
http://www.aqniu.com/neo-points/10210.html
FreeBuf全球安全事件纵览-2015年8月
http://www.freebuf.com/news/78481.html
http://www.freebuf.com/news/78481.html
MD5 To Be Considered Harmful Someday
http://blog.acolyer.org/2015/09/15/md5-to-be-considered-harmful-someday/
http://blog.acolyer.org/2015/09/15/md5-to-be-considered-harmful-someday/
安全技术
mana:toolkit for wifi rogue AP attacks and MitM
https://github.com/sensepost/mana
https://github.com/sensepost/mana
ACSAC 2015 Program
https://acsac.org/2015/openconf/modules/request.php?module=oc_program&action=program.php
https://acsac.org/2015/openconf/modules/request.php?module=oc_program&action=program.php
NFS配置不当那些事
http://drops.wooyun.org/tips/8659
http://drops.wooyun.org/tips/8659
WireShark黑客发现之旅(5)—扫描探测
http://drops.wooyun.org/tips/8660
http://drops.wooyun.org/tips/8660
Galileo RCS – Installing the entire espionage platform
http://hyperionbristol.co.uk/galileo-rcs-installing-the-entire-espionage-platform/
http://hyperionbristol.co.uk/galileo-rcs-installing-the-entire-espionage-platform/
RAID 2015 Program
http://www.raid2015.org/program.html
http://www.raid2015.org/program.html
TruSSH Worm分析报告
http://xteam.baidu.com/?p=300
http://xteam.baidu.com/?p=300
BambooFox 暑假 CTF 培训课件
https://bamboofox.torchpad.com/Class/training
https://bamboofox.torchpad.com/Class/training
Stucco-Data:Cyber security data sources
http://stucco.github.io/data/
http://stucco.github.io/data/
浅析大规模DDOS防御架构-应对T级攻防
http://www.ayazero.com/?p=75
http://www.ayazero.com/?p=75
Mobile-Security-Framework-MobSF
https://github.com/ajinabraham/Mobile-Security-Framework-MobSF
https://github.com/ajinabraham/Mobile-Security-Framework-MobSF
Python网络攻防之第二层攻击
http://drops.wooyun.org/tips/8547
http://drops.wooyun.org/tips/8547
2015软件定义安全SDS白皮书
http://blog.nsfocus.net/software-defined-security-whitepaper/
http://blog.nsfocus.net/software-defined-security-whitepaper/
HITCON 2015 slide
http://hitcon.org/2015/CMT/agenda/
http://hitcon.org/2015/CMT/agenda/
44CON’s Presentations on SlideShare
http://www.slideshare.net/44Con/presentations
http://www.slideshare.net/44Con/presentations
Ghost Push —— Monkey Test & Time Service病毒分析报告
http://drops.wooyun.org/tips/8923
http://drops.wooyun.org/tips/8923
利用BitmapData对象对抗Flash Player的隔离堆
http://weibo.com/p/1001603888587073565649
http://weibo.com/p/1001603888587073565649
Slides from Security Onion Conference
http://blog.securityonion.net/2015/09/slides-from-security-onion-conference.html
http://blog.securityonion.net/2015/09/slides-from-security-onion-conference.html
讨论:边界之后下一步你会做什么
http://zone.wooyun.org/content/22990
http://zone.wooyun.org/content/22990
Windows CreateObjectTask TileUserBroker Privilege Escalation
https://www.exploit-db.com/exploits/38201/
https://www.exploit-db.com/exploits/38201/
MMD-0043-2015 - Polymorphic in ELF malware: Linux/Xor.DDOS
http://blog.malwaremustdie.org/2015/09/mmd-0042-2015-polymorphic-in-elf.html
http://blog.malwaremustdie.org/2015/09/mmd-0042-2015-polymorphic-in-elf.html
Exploit开发系列教程-Windows基础&shellcode
http://drops.wooyun.org/tips/8361
http://drops.wooyun.org/tips/8361
In Search of SYNful Routers
https://zmap.io/synful/
https://zmap.io/synful/
Document Classification with Apache Spark
https://www.slideshare.net/secret/hxWDB6dyDLRlNz
https://www.slideshare.net/secret/hxWDB6dyDLRlNz
Readactor-Practical Code Randomization Resilient to Memory Disclosure
http://www.slideshare.net/ch0psticks/readactor-slides
http://www.slideshare.net/ch0psticks/readactor-slides
XCode版本更新记录和Swift语法变更历史
https://numbbbbb.gitbooks.io/-the-swift-programming-language-/content/chapter1/03_revision_history.html
https://numbbbbb.gitbooks.io/-the-swift-programming-language-/content/chapter1/03_revision_history.html
Malware Analysis and Incident Response Tools for the Frugal and Lazy
http://postmodernsecurity.com/2015/09/11/malware-analysis-and-incident-response-tools-for-the-frugal-and-lazy/
http://postmodernsecurity.com/2015/09/11/malware-analysis-and-incident-response-tools-for-the-frugal-and-lazy/
Defeating SSL Pinning in Coin's Android Application
http://rotlogix.com/2015/09/13/defeating-ssl-pinning-in-coin-for-android/
http://rotlogix.com/2015/09/13/defeating-ssl-pinning-in-coin-for-android/
利用被入侵的路由器获取网络流量
http://drops.wooyun.org/tips/8641
http://drops.wooyun.org/tips/8641
Hooker: Automated Dynamic Analysis of Android Applications
https://github.com/AndroidHooker/hooker
https://github.com/AndroidHooker/hooker
Satellite Turla: APT Command and Control in the Sky
http://drops.wooyun.org/papers/8644
http://drops.wooyun.org/papers/8644
SYNful Knock A cisco implant
https://www2.fireeye.com/rs/848-DID-242/images/rpt-synful-knock.pdf
https://www2.fireeye.com/rs/848-DID-242/images/rpt-synful-knock.pdf
Finding Vulnerabilities in Core WordPress: A Bug Hunter’s Trilogy, Part III – Ul
http://blog.checkpoint.com/2015/09/15/finding-vulnerabilities-in-core-wordpress-a-bug-hunters-trilogy-part-iii-ultimatum/
http://blog.checkpoint.com/2015/09/15/finding-vulnerabilities-in-core-wordpress-a-bug-hunters-trilogy-part-iii-ultimatum/
2015年P2P金融网站安全漏洞分析报告
http://drops.wooyun.org/news/8705
http://drops.wooyun.org/news/8705
DbgKit: first GUI extension for Debugging Tools for Windows
http://www.andreybazhan.com/dbgkit.html
http://www.andreybazhan.com/dbgkit.html
XCode编译器里有鬼 – XCodeGhost样本分析
http://drops.wooyun.org/news/8864
http://drops.wooyun.org/news/8864
Phishing, Spiking, and Bad Hosting
https://labs.opendns.com/2015/09/14/phishing-spiking-and-bad-hosting/
https://labs.opendns.com/2015/09/14/phishing-spiking-and-bad-hosting/
Blind Elephant Web Application Fingerprinter
https://community.qualys.com/blogs/securitylabs/2015/09/16/blindelephant--then-and-now
https://community.qualys.com/blogs/securitylabs/2015/09/16/blindelephant--then-and-now
Lightning training lab material and vms available for AppSecUSA
https://2015.appsecusa.org/agenda/lightning-trainings/
https://2015.appsecusa.org/agenda/lightning-trainings/
Hunting Asynchronous Vulnerabilities
http://blog.portswigger.net/2015/09/hunting-asynchronous-vulnerabilities.html
http://blog.portswigger.net/2015/09/hunting-asynchronous-vulnerabilities.html
List of Attack Vectors
http://www.tecapi.com/public/relative-vulnerability-rating-gui.jsp
http://www.tecapi.com/public/relative-vulnerability-rating-gui.jsp
When Does Software Start Becoming Malware?
http://blogs.cisco.com/security/talos/infinity-toolkit
http://blogs.cisco.com/security/talos/infinity-toolkit
-----微信ID:SecWiki-----
SecWiki,13年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第81期)
