SecWiki周刊(第85期)
2015/10/12-2015/10/18
安全资讯
[其它]  TK,从“妇科圣手”到“黑客教主
http://mp.weixin.qq.com/s?__biz=MzIzMTAzNzUxMQ==&mid=212637987&idx=2&sn=80a99bf86a58d6b3db3a98ef12b80667&scene=23&srcid=1012zQnVKhOjtzd9pj4Ec5Mm#rd
[设备安全]  Industrial control system security in 2014: trends and vulnerabilities
http://blog.ptsecurity.com/2015/10/industrial-control-system-security-in.html
[恶意分析]  Holy Threat Intel Sharing
http://www.cyintanalysis.com/holy-threat-intel-sharing/
安全技术
[漏洞分析]  CVE-2015-1641漏洞分析
https://security.alibaba.com/blog/blog.htm?spm=0.0.0.0.qRNloh&id=31
[Web安全]  SkyWolf_Demo—PHP超强代码审计
http://v.youku.com/v_show/id_XMTM1NTY4ODI0MA==.html
[文档]  A Shodan Tutorial and Primer
https://danielmiessler.com/study/shodan/
[Web安全]  习科技能表
https://raw.githubusercontent.com/SecWiki/sec-chart/master/%E4%B9%A0%E7%A7%91%E6%8A%80%E8%83%BD%E8%A1%A8.jpg
[Web安全]  php-security-scanner
https://github.com/ircmaxell/php-security-scanner
[论文]  学术顶会-CCS-2015 录用论文
http://www.sigsac.org/ccs/CCS2015/ccs2015-toc.html
[Web安全]  解析P2P金融的业务安全
http://www.freebuf.com/articles/others-articles/81062.html
[文档]  ISC2015公开PPT
http://8a7b5d.l61.yunpan.cn/lk/cHanFfxej65iG#/-0
[Web安全]  BlackHat 2015:Red Vs Blue Modern Active Directory Attacks, Detection
https://www.youtube.com/watch?v=ELT3jeV8J8U&list=PLwibn_3po6c9sA7_6sOCTyDWhX26eKJkd&index=48
[编程技术]  REST API 安全设计指南
http://blog.nsfocus.net/rest-api-design-safety/
[其它]  看美国司法部如何用twitter等社交媒体取证和质证
http://www.justice.gov/opa/file/784501/download
[视频]  KCon 2015 黑客安全大会视频
http://www.ichunqiu.com/course/775
[运维安全]  Logstash 最佳实践
https://github.com/chenryn/logstash-best-practice-cn
[漏洞分析]  漏洞挖掘基础之格式化字符串
http://drops.wooyun.org/papers/9426
[Web安全]  Stored XSS in Akismet WordPress Plugin
https://blog.sucuri.net/2015/10/security-advisory-stored-xss-in-akismet-wordpress-plugin.html
[漏洞分析]  Satoshi's note: Some Tips to Analyze PatchGuard
http://standa-note.blogspot.com/2015/10/some-tips-to-analyze-patchguard.html
[其它]  winsty: 我的PhD总结
http://www.52cs.org/?p=632
[Web安全]  libemu-scapy-for-shellcode-on-the-network
https://bwall.github.io/libemu-scapy-for-shellcode-on-the-network/
[其它]  Pentest Box
https://pentestbox.com/
[数据挖掘]  如何创建用户画像
http://www.17bigdata.com/%e5%a6%82%e4%bd%95%e5%88%9b%e5%bb%ba%e7%94%a8%e6%88%b7%e7%94%bb%e5%83%8f.html
[Web安全]  利用AFL Fuzz Server
http://puzzor.blogspot.de/2015/08/afl-fuzz-server_79.html
[其它]  Monitoring tool for PasteBin-alike sites
https://github.com/cvandeplas/pystemon
[数据挖掘]  Topic Modeling FOIA Data
http://www.harvest.ai/blog/2015/10/12/topicmodelingfoiadata
[漏洞分析]  Code coverage using dynamic symbolic execution
http://triton.quarkslab.com/blog/Code-coverage-using-dynamic-symbolic-execution/
[设备安全]  Analysis of an encrypted HDD
https://www.sstic.org/media/SSTIC2015/SSTIC-actes/hardware_re_for_software_reversers/SSTIC2015-Article-hardware_re_for_software_reversers-czarny_rigo.pdf
[设备安全]  Writing Cisco IOS Rootkits
https://dl.packetstormsecurity.net/papers/general/cisco_ios_rootkits.pdf
[移动安全]  iOS APP安全杂谈之三
http://drops.wooyun.org/papers/9598
[恶意分析]  The rise of .NET and powershell malware
https://securelist.com/blog/research/72417/the-rise-of-net-and-powershell-malware/
[Web安全]  Using APT tactics and techniques in your pentests
http://strategicsec.com/using-apt-tactics-techniques-in-pentests/
[设备安全]  Cybersecurity Research: Addressing the Legal Barriers and Disincentives
http://www.ischool.berkeley.edu/files/cybersec-research-nsf-workshop.pdf
[设备安全]  studying an encrypted external HDD
http://hardwear.io/wp-content/uploads/2015/10/Slide-hardware_re_for_software_reversers-By-Czarny-Rigo.pdf
[恶意分析]  Mapping FinFisher's Continuing Proliferation
http://citizenlab.org/2015/10/mapping-finfishers-continuing-proliferation/
[其它]  PENTESTIT | Penetration Test Lab
https://lab.pentestit.ru/
[恶意分析]  A close look at an operating botnet
http://conorpp.com/blog/a-close-look-at-an-operating-botnet/
[移动安全]  Android Vulnerabilities Database
http://androidvulnerabilities.org/
[移动安全]  Reverse shell over SMS (Exploiting CVE-2015-5897)
http://blog.gdssecurity.com/labs/2015/10/13/reverse-shell-over-sms-exploiting-cve-2015-5897.html
[Web安全]  ICMP Tunnels- A Case Study
https://www.notsosecure.com/2015/10/15/icmp-tunnels-a-case-study/
[Web安全]  域渗透的金之钥匙
http://drops.wooyun.org/tips/9591
[恶意分析]  New Javascript Deobfuscator Tool
http://www.kahusecurity.com/2015/new-javascript-deobfuscator-tool/
[恶意分析]  Intelligence-Driven Risk Analysis
http://www.threatconnect.com/threat-intelligence-driven-risk-analysis/
安全专题
CTF 相关工具和资料
https://www.sec-wiki.com/topic/65
NoSQL 安全工具汇总
https://www.sec-wiki.com/topic/66
-----微信ID:SecWiki-----
SecWiki,13年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第85期)