SecWiki周刊(第93期)
2015/12/07-2015/12/13
安全资讯
[其它]  2015年网络安全大事记
http://www.aqniu.com/neo-points/12333.html
[恶意分析]  数据为本,洞悉安全
http://yepeng.blog.51cto.com/3101105/1722160
安全技术
[漏洞分析]  JBoss JMXInvokerServlet 漏洞批量检测
https://github.com/az0ne/jboss_autoexploit
[Web安全]  偶遇BASH攻击,险入僵尸网络
http://lewisec.sinaapp.com/2015/12/01/bash-botnet/
[比赛]  2015 hctf7 all problems
https://github.com/hduisa/hctf2015-all-problems
[设备安全]  工控网络协议模糊测试:用peach对modbus协议进行模糊测试
http://www.freebuf.com/articles/security-management/88249.html
[漏洞分析]  IDA Pro 6.8 + All Decompilers Full Leak
http://www.52pojie.cn/thread-442702-1-1.html
[恶意分析]  Cybercrime in the Deep Web:暗网深度解析
http://drops.wooyun.org/news/10913
[无线安全]  狗汪汪玩转无线电 -- GPS Hacking (上)
http://drops.wooyun.org/tips/11155
[Web安全]  sqlmaps-tamper-scripts的作用说明
http://www.forkbombers.com/2013/05/sqlmaps-tamper-scripts.html
[文档]  ZeroNights Conference materials
http://2015.zeronights.org/materials.html
[其它]  0day DLL Hijacking vulnerabilities in Microsoft Office
http://www.greyhathacker.net/docs/OfficeDLLhijacking.zip
[运维安全]  Tutorial: How to reverse unknown protocols using Netzob
http://blog.amossys.fr/How_to_reverse_unknown_protocols_using_Netzob.html
[工具]  The Swift Programming Language(source code)
https://github.com/apple/swift
[恶意分析]  Best Practices: Indicator Rating and Confidence
https://www.threatconnect.com/best-practices-indicator-rating-and-confidence/
[设备安全]  SCADA网络fuzzing测试及防护
http://blog.nsfocus.net/scada-network-fuzzing-test-protection/
[论文]  2015年度CCF优秀博士学位论文奖初评结果
http://www.ccf.org.cn/sites/ccf/xhdtnry.jsp?contentId=2897719129810
[其它]  Unboxing the White-Box Practical attacks against Obfuscated Ciphers
http://www.limited-entropy.com/bheu15/eu-15-Sanfelix-Mune-DeHaas-Unboxing-The-White-Box-wp.pdf
[编程技术]  making-an-antivirus-engine-the-guidelines
http://www.adlice.com/making-an-antivirus-engine-the-guidelines/
[书籍]  Best Free Hacking E-Books (PDFs) • HaCoder
http://www.hacoder.com/2015/12/best-free-hacking-e-books-pdfs/
[漏洞分析]  SHURIKEN: Exploit throwing framework
https://github.com/samuraictf/shuriken-framework
[运维安全]  麻袋理财之反爬虫实践
https://github.com/grissomsh/antiwebcrawler/blob/master/antwebcrawler.md
[Web安全]  SPartan: Sharepoint pentest Tool
https://github.com/sensepost/SPartan
[数据挖掘]  TensorFlow tutorials and code examples for beginners
https://github.com/aymericdamien/TensorFlow-Examples
[Web安全]  Browser mitigations against memory corruption vulnerabilities
https://docs.google.com/document/d/19dspgrz35VoJwdWOboENZvccTSGudjQ_p8J4OPsYztM/edit?pli=1#heading=h.3bmhtfuce3n8
[恶意分析]  Malware Sakula - Evolutions v2.x-3.x (Part 2)
http://blog.airbuscybersecurity.com/post/2015/10/Malware-Sakula-Evolutions-%28Part-2/2%29
[取证分析]  Analysis of Telegram Crypto
http://cs.au.dk/~jakjak/master-thesis.pdf
[Web安全]  Data Exfiltration via Blind OS Command Injection
http://www.contextis.com/resources/blog/data-exfiltration-blind-os-command-injection/
[恶意分析]  Seven Years of a South American Threat Actor
https://citizenlab.org/2015/12/packrat-report/
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第93期)