SecWiki周刊(第114期)
2016/05/02-2016/05/08
安全资讯
2016数据泄露报告
http://www.aqniu.com/industry/15571.html
http://www.aqniu.com/industry/15571.html
Craig Wright is not Satoshi Nakamoto
http://www.nikcub.com/posts/craig-wright-is-not-satoshi-nakamoto/
http://www.nikcub.com/posts/craig-wright-is-not-satoshi-nakamoto/
加拿大金矿公司被黑 14.8GB数据被盗
http://www.aqniu.com/threat-alert/15557.html
http://www.aqniu.com/threat-alert/15557.html
安全技术
翰海源面试题2之MSN加密过程逆向及未公开漏洞分析
http://pan.baidu.com/s/1eRL7UBg
http://pan.baidu.com/s/1eRL7UBg
Write Up: Remote Command Execute in Wordpress 4.5.1
http://ricterz.me/posts/Write%20Up:%20Remote%20Command%20Execute%20in%20Wordpress%204.5.1
http://ricterz.me/posts/Write%20Up:%20Remote%20Command%20Execute%20in%20Wordpress%204.5.1
Class Intro, WebApp sec basics, and burp suite basics
https://www.youtube.com/watch?list=PL8JzjH888lZVNJgGr7KyJ2QdozxM5fGz4&v=6gz_vob8uK0
https://www.youtube.com/watch?list=PL8JzjH888lZVNJgGr7KyJ2QdozxM5fGz4&v=6gz_vob8uK0
Analyzing ImageTragick Exploits in the Wild
https://blog.sucuri.net/2016/05/analyzing-imagetragick-exploits-in-the-wild.html
https://blog.sucuri.net/2016/05/analyzing-imagetragick-exploits-in-the-wild.html
Exploring CVE-2015-2545 and its users
http://pwc.blogs.com/cyber_security_updates/2016/05/exploring-cve-2015-2545-and-its-users.html
http://pwc.blogs.com/cyber_security_updates/2016/05/exploring-cve-2015-2545-and-its-users.html
xKungfoo2016 演讲稿下载
http://xkungfoo.org/xKungfoo2016-Shanghai-PDF.zip
http://xkungfoo.org/xKungfoo2016-Shanghai-PDF.zip
0con&0ctf 2016
http://0con.0ops.net/
http://0con.0ops.net/
The 10 Worst Vulnerabilities of The Last 10 Years
http://www.darkreading.com/vulnerabilities---threats/the-10-worst-vulnerabilities-of-the-last-10-years/d/d-id/1325425
http://www.darkreading.com/vulnerabilities---threats/the-10-worst-vulnerabilities-of-the-last-10-years/d/d-id/1325425
CCTF Web WriteUp
http://www.math1as.com/index.php/archives/244/
http://www.math1as.com/index.php/archives/244/
DIMVA 2016 Accepted Paper List
http://dimva2016.mondragon.edu/en/program
http://dimva2016.mondragon.edu/en/program
Securing PowerShell in the Enterprise
http://www.asd.gov.au/publications/protect/Securing_PowerShell.pdf
http://www.asd.gov.au/publications/protect/Securing_PowerShell.pdf
How the Pwnedlist Got Pwned
http://krebsonsecurity.com/2016/05/how-the-pwnedlist-got-pwned/
http://krebsonsecurity.com/2016/05/how-the-pwnedlist-got-pwned/
Raptor - WAF - Web application firewall using DFA
https://github.com/CoolerVoid/raptor_waf
https://github.com/CoolerVoid/raptor_waf
yet-another-padding-oracle-in-openssl-cbc-ciphersuit
https://blog.cloudflare.com/yet-another-padding-oracle-in-openssl-cbc-ciphersuites/
https://blog.cloudflare.com/yet-another-padding-oracle-in-openssl-cbc-ciphersuites/
Phrack Magazine #63
http://phrack.org/issues/69/1.html
http://phrack.org/issues/69/1.html
利用 Java Binary Webshell 对抗静态检测
https://security.tencent.com/index.php/blog/msg/104
https://security.tencent.com/index.php/blog/msg/104
A Decade of Exploit Database Data
https://www.offensive-security.com/offsec/decade-of-exploit-database-data/
https://www.offensive-security.com/offsec/decade-of-exploit-database-data/
Apache OpenMeetings 会议系统getshell 二探
http://zone.wooyun.org/content/27047
http://zone.wooyun.org/content/27047
Proof of Concepts for CVE-2016–3714:ImageTragick
https://github.com/ImageTragick/PoCs
https://github.com/ImageTragick/PoCs
wafCheck.py DEMO - Hook urllib2 / requests
http://www.n0tr00t.com/2016/05/03/wafCheck_demo.html
http://www.n0tr00t.com/2016/05/03/wafCheck_demo.html
Acunetix 0day RCE - (SYSTEM)
https://github.com/dzonerzy/acunetix_0day
https://github.com/dzonerzy/acunetix_0day
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第114期)
