SecWiki周刊（第98期)

SecWiki周刊（第98期）

2016/01/11-2016/01/17

安全资讯

[漏洞分析] SSH Backdoor for FortiGate OS Version 4.x up to 5.0.7
http://seclists.org/fulldisclosure/2016/Jan/26

[恶意分析] 如何选择威胁情报厂商（含推荐清单）
http://www.sec-un.org/how-to-choose-the-threat-information-vendors-featured-list.html

[运维安全] 数字丝绸之路是对世界互联网安全的贡献
http://www.valleytalk.org/2016/01/14/%e4%ba%91%e8%ae%a1%e7%ae%97%e5%ae%89%e5%85%a8%e4%b9%8b%e6%88%91%e8%a7%81%e4%b8%80-%e6%95%b0%e5%ad%97%e4%b8%9d%e7%bb%b8%e4%b9%8b%e8%b7%af%e6%98%af%e5%af%b9%e4%b8%96%e7%95%8c%e4%ba%92%e8%81%94/

安全技术

[Web安全] HTTP头注入发现方法（有案例）
http://www.moonsec.com/post-184.html

[Web安全] HTTP头注入的发现和工具化利用
http://loudong.360.cn/blog/view/id/14

[恶意分析] 浅谈硬件固件后门的危害和固件安全检测的必要性
http://mp.weixin.qq.com/s?__biz=MzA4MjYwODg0OQ==&mid=401751513&idx=1&sn=273132f9bd64136f74510319f4fe7e03#rd

[漏洞分析] ESET CrackMe Challenge 2015 Walkthrough
https://quequero.org/2016/01/eset-crackme-challenge-2015-walkthrough/

[恶意分析] Exploring Peer to Peer Botnets
http://www.malwaretech.com/2016/01/exploring-peer-to-peer-botnets.html

[恶意分析] Hunting for Malware with Machine Learning
http://blog.cylance.com/hunting-for-malware-with-machine-learning

[会议] 2015 WitAwards互联网安全Slide(PW: 369b)
http://pan.baidu.com/s/1gengcAB

[Web安全] HITCON CTF 2015 Final Webful Writeup
http://5alt.me/posts/2015/12/HITCON%20CTF%202015%20Final%20Webful%20Writeup.html

[运维安全] 下一代防火墙的几个思考
http://blog.nsfocus.net/thoughts-next-generation-firewall/

[杂志] 书安-第五期
http://down.jdsec.com/secbook-5/%E4%B9%A6%E5%AE%89-%E7%AC%AC%E4%BA%94%E6%9C%9F.pdf

[Web安全] (xss)when-reflected-becomes-stored
https://respectxss.blogspot.de/2016/01/when-reflected-becomes-stored.html

[恶意分析] JavaScript Deobfuscation Tool
https://isc.sans.edu/forums/diary/JavaScript+Deobfuscation+Tool/20619/

[数据挖掘] 六款大数据采集平台的架构分析
http://www.36dsj.com/archives/39854

[移动安全] 陈恺：面向海量软件的未知恶意代码检测方法
http://www.inforsec.org/wp/?p=489

[漏洞分析] Palantir in a number of parts - Part 11 - Expansion
http://about80minutes.blogspot.com/search/label/Palantir

[Web安全] 从活动目录获取域管理员权限的各种姿势
http://drops.wooyun.org/tips/12021

[设备安全] 乌克兰电力攻击事件分析及防护方案
http://blog.nsfocus.net/ukraine-power-plant-attack-analysis-protection-programs/

[Web安全] Top 10 Web Hacking Techniques of 2015
http://blog.whitehatsec.com/top-10-web-hacking-techniques-of-2015/

[设备安全] ICS Security Tools, Tips, and Trade
https://github.com/ITI/ICS-Security-Tools

[恶意分析] Ascending the Ranks: The Brazilian Cybercriminal Underground in 2015
http://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/brazilian-cybercriminal-underground-2015

[Web安全] WEB 应用安全的总结 – 乌托邦
http://sbilly.com/2015/04/15/web-application-security-2016/#fnref-6-7

-----微信ID：SecWiki-----
SecWiki，13年来一直专注安全技术资讯分析！
SecWiki：https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第98期)