SecWiki周刊(第130期)
2016/08/22-2016/08/28
安全资讯
[比赛]  Mayhem @ CGC
https://geekgazette.org/2016/08/mayhem-cgc/
[人物]  前辈之路(8) phunter_lau专访
http://www.52cs.org/?p=1078
[其它]  如何社工出王宝强在美国的房产
http://mp.weixin.qq.com/s?__biz=MzA5ODIyNDIxOA==&mid=2651132262&idx=1&sn=de5f240cff6b58d3e01cc53170f9eb11&scene=1
[移动安全]  腾讯移动安全实验室李伟:我所见证的移动安全历史
http://mp.weixin.qq.com/s?__biz=MzI1NzM0MTMzMg==&mid=2247483796&idx=1&sn=e2b470256d1375ab32837e8d27a90196&scene=0#rd
[恶意分析]  黑客组织名称和排名
http://mp.weixin.qq.com/s?__biz=MzA3NDk2MTgwMg==&mid=2650718125&idx=1&sn=e9e005b674e5668e3a013d6014ad608e&scene=1
[其它]  关于加强国家网络安全标准化工作的若干意见
http://www.cac.gov.cn/2016-08/22/m_1119430337.htm?from=timeline&isappinstalled=0
[恶意分析]  内部安全威胁的情况分析
http://mp.weixin.qq.com/s?__biz=MzI4ODA4MTcxMA==&mid=2649549740&idx=1&sn=023160781de5503aa7379c6ac44f6b85&scene=1
[事件]  真相依旧破朔迷离:5大问题回顾NSA被黑事件
http://www.freebuf.com/news/112663.html
安全技术
[漏洞分析]  一篇非常详细的AFL教程
https://foxglovesecurity.com/2016/03/15/fuzzing-workflows-a-fuzz-job-from-start-to-finish/
[无线安全]   使用SDR扫描嗅探GSM网络(二)
http://www.freebuf.com/articles/wireless/111577.html
[Web安全]  【PHP代码审计】 那些年我们一起挖掘SQL注入
http://www.cnbraid.com/2016/05/10/sql6/
[Web安全]  ECSHOP /admin/affiliate_ck.php sql注入
http://0day5.com/archives/4050
[Web安全]  WordPress Mail Masta Plugin 1.0 - Local File Inclusion
https://www.exploit-db.com/exploits/40290/
[设备安全]  三星智能监控摄像头被爆远程代码执行漏洞
http://bobao.360.cn/learning/detail/2964.html
[移动安全]  微信惊现任意代码执行漏洞 360手机卫士提供自检方案
http://bobao.360.cn/news/detail/3480.html
[文档]  ISC2016 中国互联网安全大会资料开放下载
http://security.360.cn/News/news/id/89.html
[文档]  2016携程信息安全沙龙ppt
https://share.weiyun.com/cb4e49cb58b1d4682bea4a7a59048491
[数据挖掘]  Introduction to CuckooML: Machine Learning for Cuckoo Sandbox
http://honeynet.org/node/1325
[Web安全]  Web安全扫描器Netsparker 4.6.1正式版(非破解版)
http://www.mottoin.com/88228.html
[编程技术]  webzmap: Web方式管理运行Zmap扫描任务
https://github.com/fengyouchao/webzmap
[恶意分析]  Cowrie蜜罐部署教程
http://www.freebuf.com/articles/network/112065.html
[比赛]  DEFCON 24 CTF參賽記
https://maskray.me/blog/2016-08-26-defcon-24-ctf
[Web安全]  代码审计——zcncms几处漏洞合集(二)
http://das.scusec.org/2016/08/23/code-audit-of-zcncms2/
[会议]  第22届国际数据挖掘与知识发现大会简介
http://weibo.com/ttarticle/p/show?id=2309404012419830657213
[Web安全]  Observatory:Mozilla自动化的网站安全测试工具
https://observatory.mozilla.org/
[Web安全]  autoFindXssAndCsrf: 自动化检测页面是否存在XSS和CSRF漏洞的浏览器插件
https://github.com/BlackHole1/autoFindXssAndCsrf
[Web安全]  渗透攻防Web篇-SQL注入攻击高级
http://bbs.ichunqiu.com/thread-10093-1-1.html?from=paper
[恶意分析]  GSoC16 summary of CuckooML: Machine Learning for Cuckoo Sandbox
https://honeynet.github.io/cuckooml/2016/08/21/gsoc16-summary/
[恶意分析]  PeiBackdoor: PEI stage backdoor for UEFI compatible firmware
https://github.com/Cr4sh/PeiBackdoor
[Web安全]  sqli-labs: SQLI labs to test error based, Blind boolean based, Time based.
https://github.com/Audi-1/sqli-labs
[Web安全]  代码审计——zcncms后台SQL注入(一)
http://das.scusec.org/2016/08/23/code-audit-of-zcncms1/
[恶意分析]  威胁分析:Turla APT所用的多个IP隶属多家卫星服务运营商
http://www.freebuf.com/articles/network/112483.html
[漏洞分析]  Struts2 历史 RCE 漏洞回顾不完全系列
http://rickgray.me/2016/05/06/review-struts2-remote-command-execution-vulnerabilities.html
[恶意分析]  Misleading Trademark Registration Invoices and Scams
https://zeltser.com/misleading-trademark-invoices/
[Web安全]  apt2: automated penetration toolkit
https://github.com/MooseDojo/apt2
[Web安全]  Artsploit: [demo.paypal.com] Node.js code injection (RCE)
https://artsploit.blogspot.se/2016/08/pprce2.html
[运维安全]  云深不知处——2016企业上云安全策略指南
https://share.weiyun.com/ce612737a07f1fc7d487e5e4e5631416
[运维安全]  第三篇详解Gartner网络安全新趋势
http://mp.weixin.qq.com/s?__biz=MzAwNDE4Mzc1NA==&mid=2650824605&idx=1&sn=5649ed17d65cdf307e7bea8d027bcf9c&scene=1&srcid=0823AdbdpY67oZ6bW03r0b9y#rd
[无线安全]  Analysis of multiple vulnerabilities in different open source BTS products
https://blog.zimperium.com/analysis-of-multiple-vulnerabilities-in-different-open-source-bts-products/
[比赛]  Bypassing PHP Null Byte Injection protections – Part II – CTF Write-up
https://www.securusglobal.com/community/2016/08/19/abusing-php-wrappers/
[Web安全]  PHP序列化学习总结
http://das.scusec.org/2016/08/25/php-serialize/
[Web安全]  ToolSuite: 二进制安全工具集
https://github.com/codejanus/ToolSuite
[运维安全]  WebSnort Docker Container
http://jerrygamblin.com/2016/08/25/websnort-docker-container/
[Web安全]  Pattern language for a universal signature-based code analyzer
http://blog.ptsecurity.com/2016/08/pattern-language-for-univeral-signature.html
[Web安全]  BlackHat2016——JDNI注入/LDAP Entry污染攻击技术研究
http://blog.csdn.net/u011721501/article/details/52316225
[Web安全]  Dawnscanner v1.6.2 – Ruby Code Auditing Tool
https://dawnscanner.org/
[编程技术]  金融自动化报告现状、发展与未来
http://blog.memect.cn/?p=1789
[运维安全]  SANS:2016年网络威胁情报现状调研报告
http://yepeng.blog.51cto.com/3101105/1840843
[无线安全]  编号SL-14RB:浅谈卫星安全の第二弹
http://mp.weixin.qq.com/s?__biz=MzIzMzE2OTQyNA==&mid=2648946252&idx=1&sn=32e76f41955f27fe537c0c9084bb4a2d&scene=1
[恶意分析]  Major Events and Hacktivism #OpOlympicHacking
http://blogs.rsa.com/major-events-and-hacktivism-opolympichacking/?linkId=27871996
[运维安全]  nmapdb: Parse nmap's XML output files and insert them into an SQLite
https://github.com/argp/nmapdb
[恶意分析]  Maltese (Malware Traffic Emulating Software)
https://github.com/HPE-AppliedSecurityResearch/maltese
[Web安全]  漏洞检测的那些事儿
http://rickgray.me/2016/06/01/how-to-scan-and-check-vulnerabilities.html
[移动安全]  Google为macOS量身打造的恶意软件检测系统“Santa”已开源
http://bobao.360.cn/news/detail/3482.html
[恶意分析]  Operation Ghoul技术分析与防护方法
http://blog.nsfocus.net/operation-ghoul-technical-analysis-protection-methods/
[移动安全]  Pegasus – 针对iOS设备的APT攻击分析
http://blog.pangu.io/pegasus-apt/
[漏洞分析]   NSO Group's iPhone Zero-Days used against a UAE Human Rights Defender
https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第130期)