SecWiki周刊（第84期)

SecWiki周刊（第84期）

2015/10/05-2015/10/11

安全资讯

[无线安全] Hacking Wireless Printers With Phones on Drones
http://www.wired.com/2015/10/drones-robot-vacuums-can-spy-office-printer/

[视频] 方小顿《十二万个漏洞》
http://v.youku.com/v_show/id_XMTM0NjgxMzE1Mg==.html

[漏洞分析] What’s New with Microsoft Threat Modeling Tool 2016
http://blogs.microsoft.com/cybertrust/2015/10/07/whats-new-with-microsoft-threat-modeling-tool-2016/

[漏洞分析] Three High severity vulnerabilities of the last week
http://malwarelist.net/2015/10/06/cybersecurity-threats-2015-three-high-severity-vulnerabilities-of-the-last-week/

[漏洞分析] HackerOne推出免费漏洞协调成熟度模型工具
http://www.aqniu.com/tools/10582.html

[恶意分析] 2015年第40&41周安全通报
http://blog.topsec.com.cn/ad_lab/2015%e5%b9%b4%e7%ac%ac40-41%e5%91%a8%e5%ae%89%e5%85%a8%e9%80%9a%e6%8a%a5/

[恶意分析] Behind the NSA Details and images on almost 300 patents filed
https://medium.com/silk-stories/behind-the-nsa-e0bf2c3a40c0

安全技术

[论文] Financial Cryptography and Data Security 2015
http://fc15.ifca.ai/schedule.html

[其它] 浅析大规模DDOS防御架构-应对T级攻防
http://www.ayazero.com/?p=75

[比赛] CTF主办方指南之对抗搅屎棍
http://drops.wooyun.org/tips/9405

[其它] PwnWiki
http://pwnwiki.io

[其它] pentest-bookmarks
https://github.com/jhaddix/pentest-bookmarks/blob/master/wiki/BookmarksList.wiki

[运维安全] webshell检测－日志分析
http://danqingdani.blog.163.com/blog/static/18609419520158221409771/

[Web安全] Weblogic-Weakpassword-Scnner
https://github.com/dc3l1ne/Weblogic-Weakpassword-Scnner

[Web安全] 渗透测试tips
http://borghan.com/archives/penetration-tips.html

[数据挖掘] OpenGraphiti : Data Visualization Framework
http://www.opengraphiti.com/

[移动安全] APK decompiler online
http://www.javadecompilers.com/apk

[其它] 安全科研:优秀资料推荐
http://secdr.github.io/2015/05/03/good-papers/

[编程技术] Try Django 1.8 Tutorial 视频
http://www.bilibili.com/video/av3007483/

[漏洞分析] ROP Illmatic: Exploring Universal ROP on glibc x86-64 (en)
http://www.slideshare.net/inaz2/rop-illmatic-exploring-universal-rop-on-glibc-x8664-en-41595384

[Web安全] How I Hacked Hotmail
https://www.synack.com/labs/blog/how-i-hacked-hotmail/

[视频] Black Hat USA 2015 Video
https://www.youtube.com/playlist?list=PLwibn_3po6c9sA7_6sOCTyDWhX26eKJkd

[其它] Microsoft Threat Modeling Tool 2016
http://www.microsoft.com/en-us/download/details.aspx?id=49168

[移动安全] Kemoge: Another Mobile Malicious Adware Infecting Over 20 Countries
https://www.fireeye.com/blog/threat-research/2015/10/kemoge_another_mobi.html

[设备安全] MAC随机初始化脚本
http://www.borghan.com/archives/mac-random-initialization-script.html

[设备安全] BadUsb----结合实例谈此类外设的风险
http://drops.wooyun.org/tips/9336

[恶意分析] Duqu 2.0 Win32k Exploit Analysis
https://github.com/ohjeongwook/Publications/blob/master/Duqu%202.0%20Win32k%20Exploit%20Analysis.pdf

[编程技术] pwntools — pwntools 2.2.0 documentation
http://pwntools.readthedocs.org/en/latest/index.html

[工具] new-metasploit-tools-to-collect-microsoft-patches
https://community.rapid7.com/community/metasploit/blog/2015/10/08/new-metasploit-tools-to-collect-microsoft-patches

[Web安全] Nmap cheat sheet相关
https://duckduckgo.com/?q=nmap+cheat+sheet&t=canonical&ia=cheatsheet

[会议] VB2015 Prague Slide
https://www.virusbtn.com/conference/vb2015/slides/index

[Web安全] 发现网络空间里的“暗物质”情报
https://github.com/evilcos/papers/blob/master/%E5%8F%91%E7%8E%B0%E7%BD%91%E7%BB%9C%E7%A9%BA%E9%97%B4%E9%87%8C%E7%9A%84%E2%80%9C%E6%9A%97%E7%89%A9%E8%B4%A8%E2%80%9D%E6%83%85%E6%8A%A5.pptx

[漏洞分析] Fuzzing with american fuzzy lop [LWN.net]
http://lwn.net/Articles/657959/

[漏洞分析] Cisco Web VPNs Leveraged for Access and Persistence
http://www.volexity.com/blog/?p=179

[恶意分析] ODA - onlinedisassembler
https://www.onlinedisassembler.com/odaweb/

[数据挖掘] Big Data University
http://bigdatauniversity.com.cn/

[恶意分析] Writing Cisco IOS Rootkits
https://packetstormsecurity.com/files/133917/Writing-Cisco-IOS-Rootkits.html

[其它] OSXCollector : Automated forensic evidence collection & analysis for OS X
http://files.brucon.org/2015/Kuba_Sendor_OSXCollector.pdf

[Web安全] A survey of insecure Flash crossdomain policies – Alexa Top 10,000
http://blog.whatever.io/2015/10/03/a-survey-of-insecure-flash-crossdomain-policies-alexa-top-10000-case-study/

[运维安全] SNORT入侵检测系统
http://drops.wooyun.org/%e8%bf%90%e7%bb%b4%e5%ae%89%e5%85%a8/9232

[恶意分析] A Study in Bots: DiamondFox
http://blog.cylance.com/a-study-in-bots-diamondfox

[数据挖掘] Materials for my Pycon 2015 scikit-learn tutorial
https://github.com/jakevdp/sklearn_pycon2015

[Web安全] WordPress 利用 system.multicall RPC进行快速爆破
http://rickgray.me/2015/10/09/wordpress-xmlrpc-brute-force-in-one-request.html

[运维安全] Dradis:Effective Information Sharing
http://dradisframework.org/

[漏洞分析] Dynamic Analysis Of Adobe Flash Files
http://www.securityevaluators.com/knowledge/flash/flash.pdf

[编程技术] cpp con2015
https://github.com/CppCon/CppCon2015

[编程技术] python 安全类目推荐
http://zone.wooyun.org/content/23255

[恶意分析] Viper is a binary management and analysis framework
http://viper.li/

安全专题

大数据可视化开源库
https://www.sec-wiki.com/topic/64

-----微信ID：SecWiki-----
SecWiki，13年来一直专注安全技术资讯分析！
SecWiki：https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第84期)

SecWiki周刊（第84期）

最新公告

友情链接

SecWiki公众号

安全学术圈