SecWiki周刊（第85期)

SecWiki周刊（第85期）

2015/10/12-2015/10/18

安全资讯

[其它] TK，从“妇科圣手”到“黑客教主
http://mp.weixin.qq.com/s?__biz=MzIzMTAzNzUxMQ==&mid=212637987&idx=2&sn=80a99bf86a58d6b3db3a98ef12b80667&scene=23&srcid=1012zQnVKhOjtzd9pj4Ec5Mm#rd

[设备安全] Industrial control system security in 2014: trends and vulnerabilities
http://blog.ptsecurity.com/2015/10/industrial-control-system-security-in.html

[恶意分析] Holy Threat Intel Sharing
http://www.cyintanalysis.com/holy-threat-intel-sharing/

安全技术

[漏洞分析] CVE-2015-1641漏洞分析
https://security.alibaba.com/blog/blog.htm?spm=0.0.0.0.qRNloh&id=31

[Web安全] SkyWolf_Demo—PHP超强代码审计
http://v.youku.com/v_show/id_XMTM1NTY4ODI0MA==.html

[Web安全] 习科技能表
https://raw.githubusercontent.com/SecWiki/sec-chart/master/%E4%B9%A0%E7%A7%91%E6%8A%80%E8%83%BD%E8%A1%A8.jpg

[Web安全] php-security-scanner
https://github.com/ircmaxell/php-security-scanner

[文档] A Shodan Tutorial and Primer
https://danielmiessler.com/study/shodan/

[论文] 学术顶会-CCS-2015 录用论文
http://www.sigsac.org/ccs/CCS2015/ccs2015-toc.html

[文档] ISC2015公开PPT
http://8a7b5d.l61.yunpan.cn/lk/cHanFfxej65iG#/-0

[Web安全] 解析P2P金融的业务安全
http://www.freebuf.com/articles/others-articles/81062.html

[编程技术] REST API 安全设计指南
http://blog.nsfocus.net/rest-api-design-safety/

[Web安全] BlackHat 2015:Red Vs Blue Modern Active Directory Attacks, Detection
https://www.youtube.com/watch?v=ELT3jeV8J8U&list=PLwibn_3po6c9sA7_6sOCTyDWhX26eKJkd&index=48

[其它] 看美国司法部如何用twitter等社交媒体取证和质证
http://www.justice.gov/opa/file/784501/download

[运维安全] Logstash 最佳实践
https://github.com/chenryn/logstash-best-practice-cn

[视频] KCon 2015 黑客安全大会视频
http://www.ichunqiu.com/course/775

[漏洞分析] 漏洞挖掘基础之格式化字符串
http://drops.wooyun.org/papers/9426

[Web安全] Stored XSS in Akismet WordPress Plugin
https://blog.sucuri.net/2015/10/security-advisory-stored-xss-in-akismet-wordpress-plugin.html

[漏洞分析] Satoshi's note: Some Tips to Analyze PatchGuard
http://standa-note.blogspot.com/2015/10/some-tips-to-analyze-patchguard.html

[Web安全] libemu-scapy-for-shellcode-on-the-network
https://bwall.github.io/libemu-scapy-for-shellcode-on-the-network/

[其它] winsty: 我的PhD总结
http://www.52cs.org/?p=632

[其它] Pentest Box
https://pentestbox.com/

[其它] Monitoring tool for PasteBin-alike sites
https://github.com/cvandeplas/pystemon

[Web安全] 利用AFL Fuzz Server
http://puzzor.blogspot.de/2015/08/afl-fuzz-server_79.html

[数据挖掘] 如何创建用户画像
http://www.17bigdata.com/%e5%a6%82%e4%bd%95%e5%88%9b%e5%bb%ba%e7%94%a8%e6%88%b7%e7%94%bb%e5%83%8f.html

[数据挖掘] Topic Modeling FOIA Data
http://www.harvest.ai/blog/2015/10/12/topicmodelingfoiadata

[漏洞分析] Code coverage using dynamic symbolic execution
http://triton.quarkslab.com/blog/Code-coverage-using-dynamic-symbolic-execution/

[设备安全] Analysis of an encrypted HDD
https://www.sstic.org/media/SSTIC2015/SSTIC-actes/hardware_re_for_software_reversers/SSTIC2015-Article-hardware_re_for_software_reversers-czarny_rigo.pdf

[设备安全] Writing Cisco IOS Rootkits
https://dl.packetstormsecurity.net/papers/general/cisco_ios_rootkits.pdf

[恶意分析] The rise of .NET and powershell malware
https://securelist.com/blog/research/72417/the-rise-of-net-and-powershell-malware/

[Web安全] Using APT tactics and techniques in your pentests
http://strategicsec.com/using-apt-tactics-techniques-in-pentests/

[移动安全] iOS APP安全杂谈之三
http://drops.wooyun.org/papers/9598

[设备安全] Cybersecurity Research: Addressing the Legal Barriers and Disincentives
http://www.ischool.berkeley.edu/files/cybersec-research-nsf-workshop.pdf

[设备安全] studying an encrypted external HDD
http://hardwear.io/wp-content/uploads/2015/10/Slide-hardware_re_for_software_reversers-By-Czarny-Rigo.pdf

[恶意分析] Mapping FinFisher's Continuing Proliferation
http://citizenlab.org/2015/10/mapping-finfishers-continuing-proliferation/

[其它] PENTESTIT | Penetration Test Lab
https://lab.pentestit.ru/

[恶意分析] A close look at an operating botnet
http://conorpp.com/blog/a-close-look-at-an-operating-botnet/

[移动安全] Reverse shell over SMS (Exploiting CVE-2015-5897)
http://blog.gdssecurity.com/labs/2015/10/13/reverse-shell-over-sms-exploiting-cve-2015-5897.html

[移动安全] Android Vulnerabilities Database
http://androidvulnerabilities.org/

[Web安全] ICMP Tunnels- A Case Study
https://www.notsosecure.com/2015/10/15/icmp-tunnels-a-case-study/

[Web安全] 域渗透的金之钥匙
http://drops.wooyun.org/tips/9591

[恶意分析] New Javascript Deobfuscator Tool
http://www.kahusecurity.com/2015/new-javascript-deobfuscator-tool/

[恶意分析] Intelligence-Driven Risk Analysis
http://www.threatconnect.com/threat-intelligence-driven-risk-analysis/

安全专题

CTF 相关工具和资料
https://www.sec-wiki.com/topic/65

NoSQL 安全工具汇总
https://www.sec-wiki.com/topic/66

-----微信ID：SecWiki-----
SecWiki，12年来一直专注安全技术资讯分析！
SecWiki：https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第85期)

SecWiki周刊（第85期）

最新公告

友情链接

SecWiki公众号

安全学术圈