SecWiki周刊(第122期)
2016/06/27-2016/07/03
安全资讯
6月安全大事件第二期
https://zhuanlan.zhihu.com/p/21457176
https://zhuanlan.zhihu.com/p/21457176
Large CCTV Botnet Leveraged in DDoS Attacks
https://blog.sucuri.net/2016/06/large-cctv-botnet-leveraged-ddos-attacks.html
https://blog.sucuri.net/2016/06/large-cctv-botnet-leveraged-ddos-attacks.html
用历史和数据来聊聊勒索软件
http://mp.weixin.qq.com/s?__biz=MzAxNTk5ODcxOQ==&mid=2247483674&idx=1&sn=1960f6692efbce41dc581c811d433f71
http://mp.weixin.qq.com/s?__biz=MzAxNTk5ODcxOQ==&mid=2247483674&idx=1&sn=1960f6692efbce41dc581c811d433f71
GitHub公布2015年透明度报告
https://github.com/blog/2202-github-s-2015-transparency-report
https://github.com/blog/2202-github-s-2015-transparency-report
Global Terrorism Database Leaked! Reveals 2.2 Million Suspected Terrorists
http://thehackernews.com/2016/06/world-check-terrorism-database.html
http://thehackernews.com/2016/06/world-check-terrorism-database.html
安全技术
人面狮行动——中东地区的定向攻击活动
http://drops.wooyun.org/news/17387
http://drops.wooyun.org/news/17387
Elasticsearch南京meetup
http://pan.baidu.com/share/link?shareid=1475289063&uk=574427180
http://pan.baidu.com/share/link?shareid=1475289063&uk=574427180
浅析HTTPS中间人攻击与证书校验
http://drops.wooyun.org/tips/17078
http://drops.wooyun.org/tips/17078
ChatBotCourse: 自己动手做聊天机器人教程
https://github.com/warmheartli/ChatBotCourse
https://github.com/warmheartli/ChatBotCourse
Uber渗透案例:我们是如何发现你是谁,你在哪,你要打车去哪!
http://drops.wooyun.org/tips/17228
http://drops.wooyun.org/tips/17228
如何获取安卓iOS上的微信聊天记录、通过Metasploit控制安卓
http://www.freebuf.com/articles/terminal/107801.html
http://www.freebuf.com/articles/terminal/107801.html
ActiveScan3Plus: Modified version of ActiveScan++ Burp Suite extension
https://github.com/silentsignal/ActiveScan3Plus
https://github.com/silentsignal/ActiveScan3Plus
华盟网6.25线下沙龙PPT及视频分享#解压密码twm2
http://pan.baidu.com/share/link?shareid=2236356038&uk=1985516394
http://pan.baidu.com/share/link?shareid=2236356038&uk=1985516394
H-WORM:简单而活跃的远控木马
http://drops.wooyun.org/papers/17374
http://drops.wooyun.org/papers/17374
REcon 2016 - How Do I Crack Satellite and Cable Pay TV
https://www.dropbox.com/s/6fkpn97x3119m74/REcon%202016%20-%20How%20Do%20I%20Crack%20Satellite%20and%20Cable%20Pay%20TV.pdf?dl=0
https://www.dropbox.com/s/6fkpn97x3119m74/REcon%202016%20-%20How%20Do%20I%20Crack%20Satellite%20and%20Cable%20Pay%20TV.pdf?dl=0
Introduction to Anti-Fuzzing: A Defence in Depth Aid
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2014/january/introduction-to-anti-fuzzing-a-defence-in-depth-aid/
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2014/january/introduction-to-anti-fuzzing-a-defence-in-depth-aid/
渗透技巧——Use AutoIt script to create a keylogger
http://drops.wooyun.org/tips/17211
http://drops.wooyun.org/tips/17211
新型XSS总结两则
http://drops.wooyun.org/web/17312
http://drops.wooyun.org/web/17312
All the open source code in GitHub now shared within BigQuery
https://medium.com/@hoffa/github-on-bigquery-analyze-all-the-code-b3576fd2b150#.uqcw8rpgc
https://medium.com/@hoffa/github-on-bigquery-analyze-all-the-code-b3576fd2b150#.uqcw8rpgc
Windows 10 UAC bypass with custom Meterpreter payloads
https://astr0baby.wordpress.com/2016/06/26/windows-10-uac-bypass-with-custom-meterpreter-payloads/
https://astr0baby.wordpress.com/2016/06/26/windows-10-uac-bypass-with-custom-meterpreter-payloads/
Cloakify Toolset - Data Exfiltration In Plain Sight
https://github.com/trycatchhcf/cloakify
https://github.com/trycatchhcf/cloakify
Teaching XSS to a machine
http://blog.tunnelshade.in/2016/03/teaching-xss-to-machine.html
http://blog.tunnelshade.in/2016/03/teaching-xss-to-machine.html
Exploring and exploiting Lenovo firmware secrets
http://blog.cr4.sh/2016/06/exploring-and-exploiting-lenovo.html
http://blog.cr4.sh/2016/06/exploring-and-exploiting-lenovo.html
pyfiscan: Free web-application vulnerability and version scanner
https://github.com/fgeek/pyfiscan
https://github.com/fgeek/pyfiscan
Detecting DNS Data Exfiltration
http://blog.talosintel.com/2016/06/detecting-dns-data-exfiltration.html
http://blog.talosintel.com/2016/06/detecting-dns-data-exfiltration.html
wafbypasser:WAF Bypasser module
https://github.com/owtf/wafbypasser
https://github.com/owtf/wafbypasser
Papers on Blockchain and Bitcoin: Student notes
http://securityandrisk.blogspot.com/2016/07/papers-on-blockchain-and-bitcoin.html
http://securityandrisk.blogspot.com/2016/07/papers-on-blockchain-and-bitcoin.html
Monitoring pfsense with Logstash / Elasticsearch / Kibana
http://www.ragingcomputer.com/2014/02/monitoring-pfsense-with-logstash-elasticsearch-kibana
http://www.ragingcomputer.com/2014/02/monitoring-pfsense-with-logstash-elasticsearch-kibana
PHP文件包含到远程代码执行
http://ecma.io/?p=364
http://ecma.io/?p=364
Published Router vulnerabilities and associated information.
https://github.com/darkarnium/secpub
https://github.com/darkarnium/secpub
Bypassing web application firewalls using HTTP headers
http://www.securityaegis.com/bypassing-web-application-firewalls-using-http-headers/
http://www.securityaegis.com/bypassing-web-application-firewalls-using-http-headers/
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第122期)
