SecWiki周刊(第90期)
2015/11/16-2015/11/22
安全资讯
FreeBuf全球安全事件纵览(2015年10月):追着光影奔跑
http://www.freebuf.com/news/85800.html
http://www.freebuf.com/news/85800.html
关于下一代防火墙的几个思考
http://weibo.com/p/1001603909874978310484
http://weibo.com/p/1001603909874978310484
Kaspersky Security Bulletin. 2016 Predictions
https://securelist.com/analysis/kaspersky-security-bulletin/72771/kaspersky-security-bulletin-2016-predictions/
https://securelist.com/analysis/kaspersky-security-bulletin/72771/kaspersky-security-bulletin-2016-predictions/
安全技术
翻墙路由器的原理与实现
http://drops.wooyun.org/papers/10177
http://drops.wooyun.org/papers/10177
SecRepo:Samples of Security Related Data
http://www.secrepo.com/#3p_malware
http://www.secrepo.com/#3p_malware
我的通行你的证:cookie安全
http://pan.baidu.com/share/link?shareid=4177846603&uk=4077087174
http://pan.baidu.com/share/link?shareid=4177846603&uk=4077087174
RCTF2015-Mobile-出题思路及Writeup
http://drops.wooyun.org/mobile/10557
http://drops.wooyun.org/mobile/10557
XSS 攻击利用代码收集平台
http://www.xss-payloads.com/
http://www.xss-payloads.com/
Security Data Analysis
https://github.com/sooshie/Security-Data-Analysis
https://github.com/sooshie/Security-Data-Analysis
funder = Format-UNDERstander
https://code.google.com/p/funder/
https://code.google.com/p/funder/
GPS和WiFi位置时间攻击及防御
http://mp.weixin.qq.com/s?__biz=MzIwMTI4Nzk5Ng==&mid=400486988&idx=1&sn=8b5098334c521a7771ebceb6f42b5d7b&scene=1
http://mp.weixin.qq.com/s?__biz=MzIwMTI4Nzk5Ng==&mid=400486988&idx=1&sn=8b5098334c521a7771ebceb6f42b5d7b&scene=1
Xplico:Open Source Network Forensic Analysis Tool (NFAT)
http://www.xplico.org/
http://www.xplico.org/
OllyDbg 2.01 简明帮助手册
http://vdisk.weibo.com/s/zmw3AF3wa5ObF/1447817229
http://vdisk.weibo.com/s/zmw3AF3wa5ObF/1447817229
File Format Fuzzing in Android
http://blog.c22.cc/2015/11/19/deepsec-2015-file-format-fuzzing-in-android-giving-a-stagefright-to-the-android-installer/
http://blog.c22.cc/2015/11/19/deepsec-2015-file-format-fuzzing-in-android-giving-a-stagefright-to-the-android-installer/
结合个人经历总结的前端入门方法
http://mp.weixin.qq.com/s?__biz=MzAxODE2MjM1MA==&mid=400718192&idx=1&sn=6e00edbd0077589db5ea8a8de3e29c90&scene=23
http://mp.weixin.qq.com/s?__biz=MzAxODE2MjM1MA==&mid=400718192&idx=1&sn=6e00edbd0077589db5ea8a8de3e29c90&scene=23
Forensic analysis of a Sony PlayStation 4: A first look
http://www.sciencedirect.com/science/article/pii/S1742287615000146
http://www.sciencedirect.com/science/article/pii/S1742287615000146
“蜥蜴之尾”——长老木马四代分析报告
http://blogs.360.cn/360mobile/2015/11/16/analysis_of_fakedebuggerd_d/
http://blogs.360.cn/360mobile/2015/11/16/analysis_of_fakedebuggerd_d/
Swimming in the Sea of ELF
https://www.slideshare.net/secret/c0pBeVJcrqw2pc
https://www.slideshare.net/secret/c0pBeVJcrqw2pc
RCTF Web100, Web150 Writeup
http://insight-labs.org/?p=1987
http://insight-labs.org/?p=1987
HoneyPy:A low interaction honeypot
https://github.com/foospidy/HoneyPy
https://github.com/foospidy/HoneyPy
joomlavs:Joomla vulnerability scanner
https://github.com/rastating/joomlavs
https://github.com/rastating/joomlavs
VolatilityBot – An automated malicious code dumper
http://blog.fightingmalware.com/blog/?p=221
http://blog.fightingmalware.com/blog/?p=221
spring-social-core-vulnerability-disclosure
https://blog.srcclr.com/spring-social-core-vulnerability-disclosure/
https://blog.srcclr.com/spring-social-core-vulnerability-disclosure/
Bypassing SMEP Using vDSO Overwrites
http://itszn.com/blog/?p=21
http://itszn.com/blog/?p=21
awesome-incident-response
https://github.com/meirwah/awesome-incident-response
https://github.com/meirwah/awesome-incident-response
debug C++ code on Linux from Visual Studio.
http://blogs.msdn.com/b/vcblog/archive/2015/11/18/announcing-the-vs-gdb-debugger-extension.aspx
http://blogs.msdn.com/b/vcblog/archive/2015/11/18/announcing-the-vs-gdb-debugger-extension.aspx
DZ 6.x getshell [20151117]
http://www.unhonker.com/bug/1856.html
http://www.unhonker.com/bug/1856.html
Nishang: A Post-Exploitation Framework
http://resources.infosecinstitute.com/nishang-a-post-exploitation-framework/
http://resources.infosecinstitute.com/nishang-a-post-exploitation-framework/
Powershell Hids DEMO
http://www.xtiger.net/2015/11/18/powershell-hids-demo/
http://www.xtiger.net/2015/11/18/powershell-hids-demo/
Redis事件综合分析
http://weibo.com/p/1001603909861770434271
http://weibo.com/p/1001603909861770434271
Linux/FileCoder (Linux.Encoder)
http://www.kernelmode.info/forum/viewtopic.php?f=16&t=4097&p=27253#p27253
http://www.kernelmode.info/forum/viewtopic.php?f=16&t=4097&p=27253#p27253
Best of Oracle Security 2015
http://www.red-database-security.com/wp/best_of_oracle_security_2015.pdf
http://www.red-database-security.com/wp/best_of_oracle_security_2015.pdf
The Landscape of Internet Threats
http://netsec.ccert.edu.cn/course/Tsinghua-Landscape.Nov15.pdf
http://netsec.ccert.edu.cn/course/Tsinghua-Landscape.Nov15.pdf
(browser narly) - browser exploitation/exploration tool
https://github.com/d0c-s4vage/bnarly
https://github.com/d0c-s4vage/bnarly
Manual and Automatic Program Analysis/
https://isis.poly.edu/pa/
https://isis.poly.edu/pa/
Black Hat Europe 2015 slides
https://www.blackhat.com/eu-15/briefings.html#automating-linux-malware-analysis-using-limon-sandbox
https://www.blackhat.com/eu-15/briefings.html#automating-linux-malware-analysis-using-limon-sandbox
Bug Bounty Web List
http://hackersonlineclub.com/bug-bounty-web-lists/
http://hackersonlineclub.com/bug-bounty-web-lists/
How to Write a Great Research Paper
https://www.youtube.com/watch?v=g3dkRsTqdDA
https://www.youtube.com/watch?v=g3dkRsTqdDA
APK Studio by vaibhavpandeyvpz
http://github.vaibhavpandey.com/apkstudio/
http://github.vaibhavpandey.com/apkstudio/
Getting started with TSK & Autopsy pt. 2
http://digitalresidue.blogspot.tw/2015/11/getting-started-with-tsk-autopsy-pt-2.html
http://digitalresidue.blogspot.tw/2015/11/getting-started-with-tsk-autopsy-pt-2.html
Inspecting Heap Objects with LLDB
http://rotlogix.com/2015/11/19/inspecting-heap-objects-with-lldb/
http://rotlogix.com/2015/11/19/inspecting-heap-objects-with-lldb/
CANAPE Network Testing Tool
https://github.com/ctxis/canape
https://github.com/ctxis/canape
-----微信ID:SecWiki-----
SecWiki,13年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第90期)
