SecWiki周刊（第87期)

SecWiki周刊（第87期）

2015/10/26-2015/11/01

安全资讯

[比赛] RuCTFE 2015
https://ructf.org/e/2015/

[比赛] 中国•西安2015 “华山杯” 网络安全技能大赛
http://lab.seclover.com/index.php?m=about

[文档] 2015中国网络安全人才需求调查结果
http://www.aqniu.com/news/11222.html

[会议] 华为第二届网络安全沙龙–问道
http://www.aqniu.com/news/11302.html

[工具] 腾讯云+校园计划
http://www.qcloud.com/event/qcloudSchool

[会议] 第四届全国网络与信息安全防护峰会（XDef安全峰会）
http://www.freebuf.com/fevents/83324.html

[会议] 唯品会安全沙龙
http://eqxiu.com/s/f7cC53KC?from=timeline&isappinstalled=0

[其它] 《中国网络安全企业50强》重磅发布
http://mp.weixin.qq.com/s?__biz=MjM5Njc3NjM4MA==&mid=400078382&idx=1&sn=12293ffb5a79b1f992fd299aae3802c1&scene=2

[会议] 2015 GeekPwn 活动概要
http://www.freebuf.com/news/82868.html

安全技术

[Web安全] BlueLotus_XSSReceiver:XSS数据接收平台
https://github.com/firesunCN/BlueLotus_XSSReceiver

[Web安全] 腾讯防刷负责人：基于用户画像大数据的电商防刷架构
http://mp.weixin.qq.com/s?__biz=MzAwMDU1MTE1OQ==&mid=400931866&idx=1&sn=b96873fc9f726e5705b2653968f1d992

[设备安全] Hack Naked TV
https://www.youtube.com/watch?v=Nrrj0-iai7o

[取证分析] WMI 的攻击，防御与取证分析技术之攻击篇
http://drops.wooyun.org/tips/9973

[运维安全] 数据防泄漏DLP技术深度剖析
http://blog.nsfocus.net/data-leak-prevention-technology/

[文档] CTF中的内存漏洞利用技巧
http://netsec.ccert.edu.cn/wp-content/uploads/2015/10/2015-1029-yangkun-Gold-Mining-CTF.pdf

[恶意分析] 基于攻击链的威胁感知系统
http://blog.nsfocus.net/threat-sensor-system-base-attack-chain/

[编程技术] Javascript缓存投毒学习与实战
http://drops.wooyun.org/tips/9947

[运维安全] How to Download a List of All Registered Domain Names
http://jordan-wright.com/blog/2015/09/30/how-to-download-a-list-of-all-registered-domain-names/

[其它] Windows 10 - pcap Driver Local Privilege Escalation
https://www.exploit-db.com/exploits/38533/

[编程技术] Virtualenv 教程
http://lcblog-wordpress.stor.sinaapp.com/uploads/2015/10/virtualenv%E6%95%99%E7%A8%8B.pdf

[Web安全] Weird New Tricks for Browser Fingerprinting
https://zyan.scripts.mit.edu/presentations/toorcon2015.pdf

[数据挖掘] 机器学习和数据挖掘的推荐书单
http://blog.jobbole.com/93520/

[Web安全] ob_start用于菜刀的可行性分析
http://blog.jowto.com/?p=107

[编程技术] 让你的Python代码更加pythonic
http://wuzhiwei.net/be_pythonic/

[恶意分析] Advanced JS Deobfuscation Via AST and Partial Evaluation
http://blog.mindedsecurity.com/2015/10/advanced-js-deobfuscation-via-ast-and.html

[文档] Elasticsearch国内开发者大会文档
http://pan.baidu.com/s/1o6iXaqe#path=%252FESCC%25234

[移动安全] 有米iOS恶意SDK分析
http://drops.wooyun.org/papers/10047

[编程技术] Code Review 指南
http://blog.psjay.com/posts/code-review-guide/

[恶意分析] Timing attack vulnerability in most Zeus server-sides
http://www.kerneronsec.com/2015/10/timing-attack-vulnerability-in-most.html

[恶意分析] Your Registry Blobs Belong to Me (RegHexDump)
http://sysforensics.org/2015/04/your-registry-blobs-belong-to-me-reghexdump/

[移动安全] the risk of the "auto-download" feature on Edge and Chrome
http://justhaifei1.blogspot.com/2015/10/watch-your-downloads-risk-of-auto.html

[编程技术] Information from Microsoft about the PDB.
https://github.com/Microsoft/microsoft-pdb

[Web安全] Attacking the Network Time Protocol
http://www.cs.bu.edu/~goldbe/papers/NTPattack.pdf

[恶意分析] New research: The underground market fueling for-profit abuse
https://googleonlinesecurity.blogspot.jp/2015/09/new-research-underground-market-fueling.html

[恶意分析] The Advanced Cyber Attack Landscape
http://www.security-finder.ch/fileadmin/dateien/pdf/studien-berichte/fireeye-advanced-cyber-attack-landscape-report.pdf

[文档] Windows 10 Sandboxed Mount Reparse Point Creation Mitigation Bypass
https://www.exploit-db.com/exploits/38474/

[Web安全] Targeted Workstation Compromise with SCCM
https://enigma0x3.wordpress.com/2015/10/27/targeted-workstation-compromise-with-sccm/

-----微信ID：SecWiki-----
SecWiki，13年来一直专注安全技术资讯分析！
SecWiki：https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第87期)