SecWiki周刊(第134期)
2016/09/19-2016/09/25
安全资讯
[文档]  网安创企获投列表[所有安全公司投资记录]
https://share.weiyun.com/e1be74f1616fb831e56c2950fab797ff
[爆库]  维基解密再次爆出猛料,民主党卖官,媒体操控选民数据
http://mp.weixin.qq.com/s?__biz=MjM5OTA3NjQ4MQ==&mid=2650097166&idx=1&sn=b5ead732ba615a7fc86475e0b74fd540
[新闻]  DARPA如何定义网络作战空间
http://www.freebuf.com/articles/others-articles/114692.html
[新闻]  沈昌祥:培养急需的网络安全人才要特事特办
http://www.china.com.cn/txt/2016-09/21/content_39345477.htm
[事件]  第三届国家网络安全宣传周开幕 19名网络安全先进典型受表彰
http://www.cidf.net/2016-09/19/c_1119585933.htm
[爆库]  660万明文密码泄露,知名广告公司Clixsence被黑客端了个底朝天
http://www.freebuf.com/news/114670.html
[爆库]  雅虎承认发生大规模数据泄露 2亿账户信息被盗
http://c.m.163.com/news/a/C1JDTV94002580S6.html?spss=newsapp&spsw=1
[恶意分析]  SWIFT Confirms Banks Still Being Targeted, Announces Mitigation Tool
https://threatpost.com/swift-confirms-banks-still-being-targeted-announces-mitigation-tool/120776/
安全技术
[Web安全]  Windows域横向渗透
http://www.mottoin.com/89413.html
[漏洞分析]  Detecting analysts before installing the malware
https://www.brokenbrowser.com/detecting-apps-mimetype-malware/
[设备安全]  Unlocking my Lenovo laptop, part 3
http://www.zmatt.net/unlocking-my-lenovo-laptop-part-3/
[无线安全]  Android平台渗透测试套件--zANTI2.5
http://blog.csdn.net/qq_29277155/article/details/52589166
[移动安全]  VoIP Checklist for Penetration Testers
https://pentestlab.wordpress.com/2016/09/18/voip-checklist-for-penetration-testers/
[编程技术]  zxcvbn: 注册时密码强度检测库「支持各种语言」
https://github.com/dropbox/zxcvbn
[Web安全]   Burpsuite实战指南
https://t0data.gitbooks.io/burpsuite/content/
[移动安全]  ProxyDroid:Android全局代理应用
http://www.mottoin.com/89774.html
[恶意分析]  Powershell Empire + CVE-2016-0189 = Profit
https://www.cgsec.co.uk/powershell-empire-cve-2016-0189-profit/
[恶意分析]  laureline-firmware: Firmware for the Laureline GPS NTP Server
https://github.com/mtharp/laureline-firmware
[设备安全]  腾讯科恩实验室最新研究成果:对特斯拉的无物理接触远程攻击
http://keenlab.tencent.com/zh/2016/09/19/Keen-Security-Lab-of-Tencent-Car-Hacking-Research-Remote-Attack-to-Tesla-Cars/?from=timeline&isappinstalled=0
[Web安全]  uRAT: Opensource modular Remote Administration Tool
https://github.com/UbbeLoL/uRAT
[比赛]  CSAW Quals 2016 Pwn 500 - Mom's Spaghetti
http://ctfhacker.com/pwn/2016/09/19/csaw-moms-spaghetti.html
[Web安全]  Windows提权基础
http://www.mottoin.com/89355.html
[设备安全]  工业互联网联盟发布工业物联网安全框架
http://www.aqniu.com/industry/19811.html
[漏洞分析]  Introducing Ponce: One-click symbolic execution
http://research.trust.salesforce.com/Introducing-Ponce-One-click-symbolic-execution/
[比赛]  Cyber Grand Challenge及DEFCON 24 CTF決賽介紹
http://maskray.me/blog/2016-09-24-cgc-defcon-ctf-presentation
[Web安全]  绕过CDN查找网站真实IP
http://xiaix.me/rao-guo-cdncha-zhao-wang-zhan-zhen-shi-ip/
[恶意分析]  解惑|威胁情报指南
http://www.aqniu.com/learn/19675.html
[Web安全]  记一下PythonWeb代码审计应该注意的地方
http://blog.neargle.com/2016/07/25/log-of-simple-code-review-about-python-base-webapp/
[Web安全]  通过non-interactive shell转发请求到内网
http://www.mottoin.com/89743.html
[Web安全]  libpywebhack: Web hacking asstistance toolkit
https://github.com/beched/libpywebhack
[运维安全]  DDOS攻击简介
http://ohroot.com/2016/09/18/ddos-introduction/
[Web安全]  Babadook:无连接的powershell持续性反弹后门
http://www.mottoin.com/89554.html
[编程技术]  哪些 Python 库让你相见恨晚?
https://www.zhihu.com/question/24590883#answer-44650916
[运维安全]  美团数据库运维自动化系统构建之路
http://tech.meituan.com/the-construction-of-database-automation-system.html
[Web安全]  解读《McAfee Labs季度威胁报告》
http://www.mottoin.com/89512.html
[Web安全]  如何用Cross-Site Scripting和MITM绕过NoScript安全套件
http://www.mottoin.com/89396.html
[Web安全]  Flask源码学习之意外在Debugger上发现通用XSS
http://blog.neargle.com/2016/09/21/flask-src-review-get-a-xss-from-debuger/
[Web安全]  Rails动态模板路径的风险
http://www.mottoin.com/89466.html
[移动安全]  APP漏洞自动化扫描专业评测报告(下篇)
http://www.freebuf.com/articles/terminal/114453.html
[数据挖掘]  TensorFlow深度学习,一篇文章就够了
http://www.52cs.org/?p=1157
[设备安全]  Veil-Evasion:基于Python的免杀Payload生成工具
http://www.mottoin.com/89616.html
[Web安全]  价值1w6美刀的Facebooe页面接管漏洞
http://www.mottoin.com/89391.html
[Web安全]  全球近80万FTP服务器账号可被未授权访问
http://www.freebuf.com/articles/system/114884.html
[运维安全]  通过PowerShell访问Windows Api
http://www.mottoin.com/89568.html
[Web安全]  redis利用姿势收集
http://www.webshell.cc/5154.html
[设备安全]  smod: MODBUS Penetration Testing Framework
https://github.com/enddo/smod
[Web安全]  Safari's URL redirection XSS
http://www.mbsd.jp/blog/20160921_2.html
[工具]  PowerUpSQL:攻击SQL SERVER的Powershell脚本框架
http://www.mottoin.com/89457.html
[Web安全]  Abusing WebVTT and CORS for fun and profit
http://blog.k3170makan.com/2016/09/abusing-webvtt-and-cors-for-fun-and.html
[Web安全]  TheFatRat: generate backdoor for Remote Access
https://github.com/Screetsec/TheFatRat
[漏洞分析]  MSSQL Agent Jobs for Command Execution
https://www.optiv.com/blog/mssql-agent-jobs-for-command-execution
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第134期)