SecWiki周刊(第113期)
2016/04/25-2016/05/01
安全资讯
军火库(第一期):无线电硬件安全大牛都用哪些利器?
http://www.freebuf.com/sectool/102998.html
http://www.freebuf.com/sectool/102998.html
澳大利亚政府公开网络安全战略
http://www.freebuf.com/news/102568.html
http://www.freebuf.com/news/102568.html
安全技术
国外开源威胁情报feed站点相关介绍
https://mp.weixin.qq.com/s?__biz=MzI5MTA1Mzg1OA==&mid=2650500980&idx=1&sn=ee5d06927fa6650917e60a64c67287d0
https://mp.weixin.qq.com/s?__biz=MzI5MTA1Mzg1OA==&mid=2650500980&idx=1&sn=ee5d06927fa6650917e60a64c67287d0
如何对西数硬盘固件进行逆向分析(下)
http://www.freebuf.com/geek/102983.html
http://www.freebuf.com/geek/102983.html
Struts2方法调用远程代码执行漏洞(CVE-2016-3081)分析
http://blog.nsfocus.net/tech/%E6%8A%80%E6%9C%AF%E5%88%86%E4%BA%AB/2016/04/26/Struts2%E6%96%B9%E6%B3%95%E8%B0%83%E7%94%A8%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E-CVE-2016-3081-%E5%88%86%E6%9E%90.html
http://blog.nsfocus.net/tech/%E6%8A%80%E6%9C%AF%E5%88%86%E4%BA%AB/2016/04/26/Struts2%E6%96%B9%E6%B3%95%E8%B0%83%E7%94%A8%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E-CVE-2016-3081-%E5%88%86%E6%9E%90.html
routersploit: The Router Exploitation Framework
https://github.com/reverse-shell/routersploit
https://github.com/reverse-shell/routersploit
撰写安全合格的REST API
https://zhuanlan.zhihu.com/p/20034107
https://zhuanlan.zhihu.com/p/20034107
努特创始人兼CEO龙国东
https://mp.weixin.qq.com/s?__biz=MjM5Njc3NjM4MA==&mid=2651066530&idx=1&sn=d3febce6cda7f02a48d6d8d98ae5d957
https://mp.weixin.qq.com/s?__biz=MjM5Njc3NjM4MA==&mid=2651066530&idx=1&sn=d3febce6cda7f02a48d6d8d98ae5d957
银行先进的反欺诈是如何设计的?
http://www.freebuf.com/articles/database/103132.html
http://www.freebuf.com/articles/database/103132.html
使用HackRF+GNU Radio 破解吉普车钥匙信号
http://www.freebuf.com/vuls/102593.html
http://www.freebuf.com/vuls/102593.html
DarkMobileBank跟踪分析报告
http://blog.avlsec.com/2016/04/3006/darkmobilebank/
http://blog.avlsec.com/2016/04/3006/darkmobilebank/
明枪易躲暗箭难防 – JSONView 0day
http://blog.knownsec.com/2016/04/%e6%98%8e%e6%9e%aa%e6%98%93%e8%ba%b2%e6%9a%97%e7%ae%ad%e9%9a%be%e9%98%b2-jsonview-0day/
http://blog.knownsec.com/2016/04/%e6%98%8e%e6%9e%aa%e6%98%93%e8%ba%b2%e6%9a%97%e7%ae%ad%e9%9a%be%e9%98%b2-jsonview-0day/
rtcp2udp: 反向端口转发工具 v 1.0
https://github.com/ring04h/rtcp2udp
https://github.com/ring04h/rtcp2udp
利用蜜罐采集攻击者行为信息
https://mp.weixin.qq.com/s?__biz=MjM5OTk4MDE2MA==&mid=2655111862&idx=3&sn=ccaad8721860582326af1dd8325e019e
https://mp.weixin.qq.com/s?__biz=MjM5OTk4MDE2MA==&mid=2655111862&idx=3&sn=ccaad8721860582326af1dd8325e019e
内网渗透中转发工具总结
http://drops.wooyun.org/tools/15000
http://drops.wooyun.org/tools/15000
Whitewidow - SQL Vulnerability Scanner
http://www.kitploit.com/2016/04/whitewidow-sql-vulnerability-scanner.html
http://www.kitploit.com/2016/04/whitewidow-sql-vulnerability-scanner.html
Verizon's 2016 Data Breach Investigations Report
http://www.verizonenterprise.com/verizon-insights-lab/dbir/2016/insiders/
http://www.verizonenterprise.com/verizon-insights-lab/dbir/2016/insiders/
冒充最高检网络电信诈骗之追溯
http://drops.wooyun.org/news/15345
http://drops.wooyun.org/news/15345
企业级无线渗透之PEAP
http://drops.wooyun.org/wireless/15269
http://drops.wooyun.org/wireless/15269
Common Industrial Protocol based device scanner over the internet
https://github.com/ayushman4/SCADA-CIP-Discovery
https://github.com/ayushman4/SCADA-CIP-Discovery
针对路由器的Linux木马
http://drops.wooyun.org/tips/15222
http://drops.wooyun.org/tips/15222
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第113期)
