SecWiki周刊(第128期)
2016/08/08-2016/08/14
安全资讯
又一起以政府为目标的重大网络威胁——ProjectSauron Dota2论坛遭黑客入侵 泄露近200W用户数据 微软再曝安全漏洞:允许黑客绕过Windows安全启动 Palantir:神秘的独角兽公司,做产品还是做服务 阿里云安全算法挑战赛 钓鱼网站检测&WebShell通信检测 互联网上的污染 新三板最大并购案:南洋股份57亿人民币收购天融信切入信息安全行业 Data Breach At Oracle’s MICROS Point-of-Sale Division The DAO Hacker is Getting Away A New Wireless Hack Can Unlock 100 Million Volkswagens Dota 2 forum breach leaks 2 million user accounts
安全技术
USENIX Security '16 : 安全顶会议题及论文 WAF攻防研究之四个层次Bypass WAF 使用SDR扫描嗅探GSM网络 2016年中回顾:网络安全威胁TOP6分析报告 初探Windows Fuzzing神器----Winafl 浅谈安卓开发代码混淆技术 web 可用性监控工具 Urlooker Android安全开发之WebView中的地雷 https://github.com/ufrisk/pcileech 东巽科技2046Lab团队APT报告:“丰收行动” Earthworm:便携式网络穿透工具 Pure Off-path TCP attack demo by using a side channel in Recent Linux Kernel 如何挖掘Uber网站的XXE注入漏洞 无回显命令执行PoC编写方法(Apache Shiro Java反序列化) 追踪溯源:希拉里邮箱泄露事件 Web_Dionaea: 基于Docker的蜜罐系统-MottoIN 开源威胁情报工具和技术-MottoIN hacking-resources(典型漏洞的实际例子列表,国外) 乌云 Drops 文章在线浏览 The ITRC 2016 Data Breach Report Cracking HawkEye Keylogger Reborn 从栈溢出到简单的shellcode开发 DEF CON® 24 Hacking Conference Torrent BitBlaze: Binary Analysis for Computer Security 创建一个基于powershell的蠕虫(附POC) A Black Path Toward The Sun - HTTP Tunnel 工具简介 Reversing a Finite Field Multiplication Optimization bypasswaf: Burp extension to bypass some WAF products btlike BT搜索引擎 Playing Fasttracker 2 .XM files in Javascript – a1k0n.net Cracking Orcus RAT The DEFCON CTF VM Pcap-Analyzer: Python编写的简单的离线数据包分析器 企业信息安全之社工学审计 DECAF - Dynamic Executable Code Analysis Framework binary.ninja : a reverse engineering platform 怎样使用 Tripwire 来检测 Ubuntu VPS 服务器的入侵 Binmap: a system scanner SCAF - source-code-analysis-framework Return Oriented Exploitation (ROP) Implementing a Custom Directive Handler in Clang OSTrICa - Open Source Threat Intelligence Collector 浅谈工控安全|附送工控系统仿真程序和相关技术文档 PHP安全编码规范之安全配置篇 [Defcon24] Introduction to the Witchcraft Compiler Collection ics-default-passwords:List of default passwords for Industrial Control Systems DEF CON 24 Hacking Conference all Slides 也说DNS反弹Shell httphijack: 使用Javascript实现前端防御http劫持及防御XSS攻击 一次针对存储型XSS的fuzzing Triton under the hood Wordpress Joomla Drupal 最近十年漏洞类型分布 symantec - Security Response Custom Report toxic proxies bypassing https and vpns to pwn online identity How I Cracked a Keylogger and Ended Up in Someone's Inbox A brief survey of Fully Homomorphic Encryption, computing on encrypted data datasploit: A tool to perform various OSINT techniques BCBP登机牌安全研究一 David Brumley's Research ProjectSauron APT On Par With Equation, Flame, Duqu 机器的黎明 -- 第24届DEF CON CTF总决赛亚军队员访谈 IRMA v1.3.0 released BadTunnel利用之远程劫持任意内网主机流量 Xen exploitation part 3: XSA-182, Qubes escape 使用HTTP头去绕过WAF Keyringer: encrypted and distributed secret sharing software WASE - The Web Audit Search Engine Identifying Scam Infrastructure Xen exploitation part 1: XSA-105, from nobody to root coala: Language Independent Code Analysis Xen exploitation part 2: XSA-148, from guest to host Best DEF CON 24 Hacking Conference slides BCBP登机牌安全研究の第二弹-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com
本期原文地址: SecWiki周刊(第128期)