SecWiki周刊（第108期)

SecWiki周刊（第108期）

2016/03/21-2016/03/27

安全资讯

[其它] 2016信息安全创业机遇安在
http://mp.weixin.qq.com/s?__biz=MzIzMTAzNzUxMQ==&mid=404654875&idx=1&sn=a9de23216fdf646ee67ce0ab9ab406d1&scene=23

[其它] 段海新，没有什么能够阻挡你对自由的向往
https://mp.weixin.qq.com/s?__biz=MzIzMTAzNzUxMQ==&mid=404599177&idx=1&sn=af482c738b110085bfebd2b9dab6b3b8

安全技术

[移动安全] APP程序中的短信验证码真的安全么？
http://bigniu.com/article/view/15

[移动安全] Android系统漏洞提权
http://bigniu.com/article/view/1

[移动安全] 再谈APP网络端口开放问题
http://bigniu.com/article/view/10

[移动安全] 短信接口处理不当，被狂刷上万短信
http://bigniu.com/article/view/23

[漏洞分析] 64-bit Linux stack smashing tutorial: Part 1
http://blog.techorganic.com/2015/04/10/64-bit-linux-stack-smashing-tutorial-part-1/

[Web安全] FuzzerPwd: Fuzzer常见的弱口令作为字典
https://github.com/yunxu1/FuzzerPwd

[会议] BASec Meetup March’16
http://www.inforsec.org/wp/?p=689

[漏洞分析] 64-bit Linux stack smashing tutorial: Part 2
http://blog.techorganic.com/2015/04/21/64-bit-linux-stack-smashing-tutorial-part-2/

[Web安全] IE安全系列之——RES Protocol
http://drops.wooyun.org/papers/13898

[工具] Bugfighter C/C++
http://www.bugfighter-soft.com/index.php

[漏洞分析] infosec-central resources files
https://www.infosec-central.com/resources/files/

[漏洞分析] 64-bit Linux stack smashing tutorial: Part 3
http://blog.techorganic.com/2016/03/18/64-bit-linux-stack-smashing-tutorial-part-3/

[漏洞分析] Analyzing HTTPS Encrypted Traffic to Identify User’s Operating System, Browser a
http://arxiv.org/vc/arxiv/papers/1603/1603.04865v1.pdf

[编程技术] Fuzzing workflows; a fuzz job from start to finish
http://foxglovesecurity.com/2016/03/15/fuzzing-workflows-a-fuzz-job-from-start-to-finish/

[漏洞分析] Radare 2 in 0x1E minutes
http://blog.techorganic.com/2016/03/08/radare-2-in-0x1e-minutes/

[运维安全] Hack Like the Bad Guys – Using Tor for Firewall Evasion and Anonymous Remote Access
http://foxglovesecurity.com/2015/11/02/hack-like-the-bad-guys-using-tor-for-firewall-evasion-and-anonymous-remote-access/

[无线安全] 315晚会报道的无人机是怎么被劫持的？
https://security.tencent.com/index.php/blog/msg/103

[漏洞分析] Exploring SSTI in Flask/Jinja2
https://nvisium.com/blog/2016/03/09/exploring-ssti-in-flask-jinja2/

[设备安全] 工业控制信息安全资源汇总（国外篇）
http://plcscan.org/blog/2016/03/ics-security-resources-overview-2/

[Web安全] Exploring SSTI in Flask/Jinja2, Part II
https://nvisium.com/blog/2016/03/11/exploring-ssti-in-flask-jinja2-part-ii/

[漏洞分析] Car Hacking for Plebs – The Untold Story
http://foxglovesecurity.com/2015/10/26/car-hacking-for-plebs-the-untold-story/

[漏洞分析] IT Security Catalog
https://arthurgerkis.gitbooks.io/it-sec-catalog/content/index.html

[恶意分析] Let's Analyze: Dridex (Part 1)
http://www.malwaretech.com/2016/03/lets-analyze-dridex-part-1.html

[无线安全] When Whales Fly – Building a Wireless Pentest Environment using Docker
http://foxglovesecurity.com/2016/02/24/when-whales-fly-building-a-wireless-pentest-environment-using-docker/

[无线安全] WIFI WPA1/2 Crack for Windows
http://drops.wooyun.org/wireless/13968

-----微信ID：SecWiki-----
SecWiki，12年来一直专注安全技术资讯分析！
SecWiki：https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第108期)