SecWiki周刊(第88期)
2015/11/02-2015/11/08
安全资讯
Is Internet Security getting better or worse
http://zombiecodekill.com/2015/11/02/is-internet-security-getting-better-or-worse/
http://zombiecodekill.com/2015/11/02/is-internet-security-getting-better-or-worse/
天融信在新三板成功挂牌
http://weibo.com/p/1001603904663517831260
http://weibo.com/p/1001603904663517831260
JSRC电商与智能安全沙龙
http://www.huodongxing.com/event/8307270934200
http://www.huodongxing.com/event/8307270934200
Details of UK website visits 'to be stored for year'
http://www.bbc.com/news/uk-politics-34715872
http://www.bbc.com/news/uk-politics-34715872
2015年第44周安全通报
http://blog.topsec.com.cn/ad_lab/2015%e5%b9%b4%e7%ac%ac44%e5%91%a8%e5%ae%89%e5%85%a8%e9%80%9a%e6%8a%a5/
http://blog.topsec.com.cn/ad_lab/2015%e5%b9%b4%e7%ac%ac44%e5%91%a8%e5%ae%89%e5%85%a8%e9%80%9a%e6%8a%a5/
CyberSecurity 2015 Q3报告(一):市场形势一派大好
http://www.freebuf.com/news/83465.html
http://www.freebuf.com/news/83465.html
【专访吴恩达】百度人工智能杀毒,探索深度神经网络查杀技术
http://mp.weixin.qq.com/s?__biz=MzI3MTA0MTk1MA==&mid=400323118&idx=1&sn=3b403af3c0b25f2491f0bd7310b612aa
http://mp.weixin.qq.com/s?__biz=MzI3MTA0MTk1MA==&mid=400323118&idx=1&sn=3b403af3c0b25f2491f0bd7310b612aa
安全技术
cansecwest
https://cansecwest.com/slides.html
https://cansecwest.com/slides.html
vBulletin 5 PreAuth RCE writeup
http://pastie.org/pastes/10527766/text?key=wq1hgkcj4afb9ipqzllsq
http://pastie.org/pastes/10527766/text?key=wq1hgkcj4afb9ipqzllsq
CS259D: Data Mining for Cyber Security
http://web.stanford.edu/class/cs259d/#hw
http://web.stanford.edu/class/cs259d/#hw
利用Powershell快速导出域控所有用户Hash
http://drops.wooyun.org/tips/10181
http://drops.wooyun.org/tips/10181
Research on Open Socket Apps
http://vdisk.weibo.com/s/zo_33fRAzXCZK
http://vdisk.weibo.com/s/zo_33fRAzXCZK
C&C控制服务的设计和侦测方法综述
http://drops.wooyun.org/tips/10232
http://drops.wooyun.org/tips/10232
Cisco IOS Rootkit工具该怎么写
http://drops.wooyun.org/papers/10045
http://drops.wooyun.org/papers/10045
使用docker安装部署Spark集群来训练CNN(含Python实例)
http://blog.csdn.net/cyh_24/article/details/49683221
http://blog.csdn.net/cyh_24/article/details/49683221
揭秘VxWorks——直击物联网安全罩门
http://mp.weixin.qq.com/s?__biz=MzA5OTMwMzY1NQ==&mid=400149980&idx=1&sn=37ef74024030e91408a3105ac52cc105
http://mp.weixin.qq.com/s?__biz=MzA5OTMwMzY1NQ==&mid=400149980&idx=1&sn=37ef74024030e91408a3105ac52cc105
vBulletin 5 远程命令执行(无需登录)
http://zone.wooyun.org/content/23777
http://zone.wooyun.org/content/23777
Firmware dumping technique for an ARM Cortex-M0 SoC
http://blog.includesecurity.com/2015/11/NordicSemi-ARM-SoC-Firmware-dumping-technique.html
http://blog.includesecurity.com/2015/11/NordicSemi-ARM-SoC-Firmware-dumping-technique.html
从数据挖掘的角度看草榴
http://1024data.sinaapp.com/
http://1024data.sinaapp.com/
Record Straight on Moplus SDK and the Wormhole Vulnerability
http://blog.trendmicro.com/trendlabs-security-intelligence/setting-the-record-straight-on-moplus-sdk-and-the-wormhole-vulnerability/
http://blog.trendmicro.com/trendlabs-security-intelligence/setting-the-record-straight-on-moplus-sdk-and-the-wormhole-vulnerability/
一个PC上的“WormHole”漏洞
http://weibo.com/p/1001603905821401598674
http://weibo.com/p/1001603905821401598674
BetaBot 木马分析报告
http://weibo.com/p/1001603906188252214814
http://weibo.com/p/1001603906188252214814
unserialize() 实战之 vBulletin 5.x.x 远程代码执行
http://rickgray.me/2015/11/06/unserialize-attack-with-vbulletin-5-x-x-rce.html
http://rickgray.me/2015/11/06/unserialize-attack-with-vbulletin-5-x-x-rce.html
HITBGSEC 2015 Singapore Video
https://www.youtube.com/playlist?list=PLmv8T5-GONwSuEm2XTeIVi6toZ8stS6J2
https://www.youtube.com/playlist?list=PLmv8T5-GONwSuEm2XTeIVi6toZ8stS6J2
Android SO逆向1-ARM介绍
http://drops.wooyun.org/mobile/10009
http://drops.wooyun.org/mobile/10009
Remote arbitrary file read on Huawei CPEs
https://github.com/ud2/advisories/tree/master/embedded/huawei/cve-2015-7254
https://github.com/ud2/advisories/tree/master/embedded/huawei/cve-2015-7254
华山杯|web ak write up|收获
http://www.math1as.com/index.php/archives/131/
http://www.math1as.com/index.php/archives/131/
Practice CTF List
http://captf.com/practice-ctf/
http://captf.com/practice-ctf/
WPA/2 Cracking Using HashCat
http://www.rootsh3ll.com/2015/10/rwsps-wpa2-cracking-using-hashcat-cloud-ch5pt2/
http://www.rootsh3ll.com/2015/10/rwsps-wpa2-cracking-using-hashcat-cloud-ch5pt2/
How I nearly almost saved the Internet, starring afl-fuzz and dnsmasq
https://blog.skullsecurity.org/2015/how-i-nearly-almost-saved-the-internet-starring-afl-fuzz-and-dnsmasq
https://blog.skullsecurity.org/2015/how-i-nearly-almost-saved-the-internet-starring-afl-fuzz-and-dnsmasq
2015 Ruxcon Security Conference Slides
https://ruxcon.org.au/slides/?year=2015
https://ruxcon.org.au/slides/?year=2015
SecTor 2015 Presentations
http://sector.ca/presentations
http://sector.ca/presentations
Check Point Discovers Critical vBulletin 0-Day
http://blog.checkpoint.com/2015/11/05/check-point-discovers-critical-vbulletin-0-day/
http://blog.checkpoint.com/2015/11/05/check-point-discovers-critical-vbulletin-0-day/
利用joomla 3.2.0 – 3.4.4 注入漏洞到getshell
http://www.cngrayhat.org/archives/562
http://www.cngrayhat.org/archives/562
webshell sample for WebShell Log Analysis
https://github.com/tanjiti/webshellSample
https://github.com/tanjiti/webshellSample
What Do WebLogic, WebSphere, JBoss, Jenkins, OpenNMS
http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/
http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/
Revolver: An Automated Approach to the Detection of Evasive Web-based Malware
https://www.lastline.com/papers/revolver.pdf
https://www.lastline.com/papers/revolver.pdf
The Torte Botnet: A SpamBot Investigation
https://www.stateoftheinternet.com/downloads/pdfs/SpamBot-Investigation-whitepaper-R3.pdf
https://www.stateoftheinternet.com/downloads/pdfs/SpamBot-Investigation-whitepaper-R3.pdf
高校网络信息安全研讨会议题
http://sec.sjtu.edu.cn/challenges
http://sec.sjtu.edu.cn/challenges
sql-injection-for-microsoft-access
https://milo2012.wordpress.com/2012/02/18/sql-injection-for-microsoft-access/
https://milo2012.wordpress.com/2012/02/18/sql-injection-for-microsoft-access/
A few things about Redis security
http://antirez.com/news/96
http://antirez.com/news/96
Rooting the Cisco Linksys x2000 router: system() strikes again
http://meat.pisto.horse/2015/11/rooting-linksys-x2000-router-system.html
http://meat.pisto.horse/2015/11/rooting-linksys-x2000-router-system.html
WormHole虫洞漏洞分析报告
http://drops.wooyun.org/papers/10061
http://drops.wooyun.org/papers/10061
Data Mining Tools for Malware Detection
http://pan.baidu.com/s/1pJszBWf
http://pan.baidu.com/s/1pJszBWf
Data Science Driven Malware Detection
http://www.slideshare.net/Pivotal/data-science-driven-malware-detection
http://www.slideshare.net/Pivotal/data-science-driven-malware-detection
Dive into Machine Learning with Jupyter and scikit-learn
https://github.com/hangtwenty/dive-into-machine-learning
https://github.com/hangtwenty/dive-into-machine-learning
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第88期)
