SecWiki周刊(第135期)
2016/09/26-2016/10/02
安全资讯
东湖大数据:2016中国国民网络安全诉求洞察报告
http://mp.weixin.qq.com/s?__biz=MzA4NTc1MTQ1MQ==&mid=2655080710&idx=4&sn=1b54c6da2826c766c42c6af390b068fe&mpshare=1&scene=1&srcid=09299aVZmX0G0O3wkketyFDO#rd
http://mp.weixin.qq.com/s?__biz=MzA4NTc1MTQ1MQ==&mid=2655080710&idx=4&sn=1b54c6da2826c766c42c6af390b068fe&mpshare=1&scene=1&srcid=09299aVZmX0G0O3wkketyFDO#rd
世界各大黑客技术论坛TOP排行榜
https://zhuanlan.zhihu.com/p/21583643
https://zhuanlan.zhihu.com/p/21583643
Exploiting the Firewall Beachhead: A History of Backdoors Into Critical Infrastr
http://www.circleid.com/posts/20160928_exploiting_firewall_beachhead_history_of_backdoors_infrastructure/
http://www.circleid.com/posts/20160928_exploiting_firewall_beachhead_history_of_backdoors_infrastructure/
亚美尼亚黑客泄露阿塞拜疆银行及军事数据
https://www.easyaq.com/newsdetail/id/458579701.shtml
https://www.easyaq.com/newsdetail/id/458579701.shtml
黑客 Only_Guest 讲述:如何优雅地手刃骗子
http://mp.weixin.qq.com/s?__biz=MzA4ODUxNjIwMg==&mid=2654323592&idx=1&sn=c5abe50b04d0447fe602c0951495ac7f&scene=1&srcid=0926RDrASm6NGHjbtByT57Bx#rd
http://mp.weixin.qq.com/s?__biz=MzA4ODUxNjIwMg==&mid=2654323592&idx=1&sn=c5abe50b04d0447fe602c0951495ac7f&scene=1&srcid=0926RDrASm6NGHjbtByT57Bx#rd
美国路易斯安那州290万选民个人信息遭泄露
https://www.easyaq.com/newsdetail/id/1827923592.shtml
https://www.easyaq.com/newsdetail/id/1827923592.shtml
Multiple Backdoors found in D-Link DWR-932 B LTE Router
http://thehackernews.com/2016/09/hacking-d-link-wireless-router.html
http://thehackernews.com/2016/09/hacking-d-link-wireless-router.html
黑客小说:杀手(第一章 网络杀手)
http://www.jianshu.com/p/7dfd2e344304
http://www.jianshu.com/p/7dfd2e344304
安全技术
MSSQL通过Agent Jobs实现命令执行(中文)
http://www.mottoin.com/89870.html
http://www.mottoin.com/89870.html
BinProxy介绍
http://www.mottoin.com/89877.html
http://www.mottoin.com/89877.html
ShadowSocks协议的弱点分析和改进
https://github.com/breakwa11/shadowsocks-rss/issues/38
https://github.com/breakwa11/shadowsocks-rss/issues/38
MailSniper: A Tool For Searching Every User’s Email for Sensitive Data
http://www.blackhillsinfosec.com/?p=5296
http://www.blackhillsinfosec.com/?p=5296
【代码审计初探】Beescms v4.0_R SQL注入
https://www.ohlinge.cn/php/beescms_sqli.html
https://www.ohlinge.cn/php/beescms_sqli.html
智能模糊测试工具Winafl的使用与分析
http://blog.jowto.com/?p=150
http://blog.jowto.com/?p=150
wyproxy: HTTP/HTTPS, Socks5代理服务器, 保存到后台数据库
https://github.com/ring04h/wyproxy
https://github.com/ring04h/wyproxy
CSRF protection bypass on any Django powered site via Google Analytics
https://hackerone.com/reports/26647
https://hackerone.com/reports/26647
Cobalt Strike 3.5发行增强linux后渗透功能(附Cracked)
http://www.mottoin.com/89862.html
http://www.mottoin.com/89862.html
tinyflow:build your own Deep Learning System in 2k Lines
https://github.com/tqchen/tinyflow
https://github.com/tqchen/tinyflow
无需密码攻击 SQL Server 的几种思路
http://www.mottoin.com/89825.html
http://www.mottoin.com/89825.html
威胁工控设备的经典Linux后门Backdoor.Wirenet分析
http://mp.weixin.qq.com/s?__biz=MzI4ODA4MTcxMA==&mid=2649549829&idx=1&sn=6d01f80fe6baf658c9c991d2b127b4cf&chksm=f3db9e44c4ac17527c49801ed26622fb84ef5ba4019c27cd821167d343bed3fd1527dfec732a&scene=0#rd
http://mp.weixin.qq.com/s?__biz=MzI4ODA4MTcxMA==&mid=2649549829&idx=1&sn=6d01f80fe6baf658c9c991d2b127b4cf&chksm=f3db9e44c4ac17527c49801ed26622fb84ef5ba4019c27cd821167d343bed3fd1527dfec732a&scene=0#rd
使用NETSHELL执行恶意DLLs实现主机持久化控制
http://www.mottoin.com/89905.html
http://www.mottoin.com/89905.html
从恶意文档中发现的虚拟机检测绕过技巧
http://www.mottoin.com/89888.html
http://www.mottoin.com/89888.html
Real-Time Crime Forecasting Challenge
http://www.nij.gov/funding/Pages/fy16-crime-forecasting-challenge.aspx
http://www.nij.gov/funding/Pages/fy16-crime-forecasting-challenge.aspx
MozillaSecurity/fuzzdata: Fuzzing resources for feeding various fuzzers with inp
https://github.com/MozillaSecurity/fuzzdata
https://github.com/MozillaSecurity/fuzzdata
Project APT: How to Build an ICS Network and Have fun at the Same Time
http://blog.talosintel.com/2016/09/apt-kegerator.html#more
http://blog.talosintel.com/2016/09/apt-kegerator.html#more
乌云知识库在线搜索平台
http://cb.drops.wiki/
http://cb.drops.wiki/
实践: Reverse Engineering challenges
https://challenges.re/
https://challenges.re/
dawnscanner: static analysis security scanner for ruby applications
https://github.com/thesp0nge/dawnscanner
https://github.com/thesp0nge/dawnscanner
DDoS攻击现状与防御机制浅析
http://bobao.360.cn/news/detail/3592.html
http://bobao.360.cn/news/detail/3592.html
价值1500美刀的PornHub存储型跨站
http://www.mottoin.com/89795.html
http://www.mottoin.com/89795.html
Luckystrike: An Evil Office Document Generator
http://www.shellntel.com/blog/2016/9/13/luckystrike-a-database-backed-evil-macro-generator
http://www.shellntel.com/blog/2016/9/13/luckystrike-a-database-backed-evil-macro-generator
书: Reverse Engineering for Beginners
https://beginners.re/RE4B-EN.pdf
https://beginners.re/RE4B-EN.pdf
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第135期)
