SecWiki周刊(第106期)
2016/03/07-2016/03/13
安全资讯
Evolution(进化): 谭晓生的RSAC 2016随笔
http://www.freebuf.com/articles/neopoints/98044.html
http://www.freebuf.com/articles/neopoints/98044.html
安全技术
antSword 远程命令执行
https://github.com/antoor/antSword/issues/3
https://github.com/antoor/antSword/issues/3
中国菜刀仿冒官网三百万箱子爆菊记
http://drops.wooyun.org/news/13471
http://drops.wooyun.org/news/13471
当骗子遇上谦虚的大牛,结果是?
http://mp.weixin.qq.com/s?__biz=MzIxNjA2OTYzNw==&mid=405029147&idx=1&sn=cf69c00765c5bb3f00333cea2e877b9b&scene=0#wechat_redirect
http://mp.weixin.qq.com/s?__biz=MzIxNjA2OTYzNw==&mid=405029147&idx=1&sn=cf69c00765c5bb3f00333cea2e877b9b&scene=0#wechat_redirect
Cyphercon 2016 Videos
http://www.irongeek.com/i.php?page=videos/cyphercon2016/mainlist
http://www.irongeek.com/i.php?page=videos/cyphercon2016/mainlist
用机器学习检测Android恶意代码
http://drops.wooyun.org/mobile/13428
http://drops.wooyun.org/mobile/13428
阿里发布2015移动安全漏洞年报
http://www.freebuf.com/vuls/98052.html
http://www.freebuf.com/vuls/98052.html
KACO 电源逆变器系统 XP100U
http://drops.wooyun.org/tips/13578
http://drops.wooyun.org/tips/13578
A curated list of Awesome Threat Intelligence resources
https://github.com/hslatman/awesome-threat-intelligence
https://github.com/hslatman/awesome-threat-intelligence
富文本存储型XSS的模糊测试之道
http://drops.wooyun.org/web/13124
http://drops.wooyun.org/web/13124
Threat Intelligence Foundations: Crawl, Walk, Analysis
https://community.rapid7.com/community/infosec/blog/2016/03/11/threat-intelligence-foundations-crawl-walk-analyze-part-3
https://community.rapid7.com/community/infosec/blog/2016/03/11/threat-intelligence-foundations-crawl-walk-analyze-part-3
Java 反序列化之 CommonsBeanUtils 分析
http://blog.knownsec.com/2016/03/java-deserialization-commonsbeanutils-pop-chains-analysis/
http://blog.knownsec.com/2016/03/java-deserialization-commonsbeanutils-pop-chains-analysis/
drozer模块的编写及模块动态加载问题研究
http://drops.wooyun.org/tips/13239
http://drops.wooyun.org/tips/13239
工业控制信息安全资源汇总(国内篇)
http://plcscan.org/blog/2016/03/ics-security-resources-overview-1/
http://plcscan.org/blog/2016/03/ics-security-resources-overview-1/
Rails Security (上)
http://drops.wooyun.org/web/12750
http://drops.wooyun.org/web/12750
Hacking Magento eCommerce For Fun And 17.000 USD
http://karmainsecurity.com/hacking-magento-ecommerce-for-fun-and-17000-usd
http://karmainsecurity.com/hacking-magento-ecommerce-for-fun-and-17000-usd
Proceedings of the 12th International Conference on Security and Cryptography
http://www.scitepress.org/DigitalLibrary/ProceedingsDetails.aspx?ID=isegUqXGJF8=&t=1
http://www.scitepress.org/DigitalLibrary/ProceedingsDetails.aspx?ID=isegUqXGJF8=&t=1
The Problem with Dynamic Program Analysis
http://blog.trailofbits.com/2016/03/09/the-problem-with-dynamic-program-analysis/
http://blog.trailofbits.com/2016/03/09/the-problem-with-dynamic-program-analysis/
PyYAML 对象类型解析导致的命令执行问题
http://rickgray.me/2016/03/09/pyyaml-tags-parse-to-command-execution.html
http://rickgray.me/2016/03/09/pyyaml-tags-parse-to-command-execution.html
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第106期)
