SecWiki周刊(第136期)
2016/10/03-2016/10/09
安全资讯
[新闻]  北极熊扫描器4.0发布
http://www.freebuf.com/sectool/115690.html
[新闻]  Source Code for IoT botnet responsible for World's largest DDoS Attack released
http://thehackernews.com/2016/10/mirai-source-code-iot-botnet.html
[新闻]   Exclusive: Yahoo secretly scanned customer emails for U.S. intelligence
http://www.reuters.com/article/us-yahoo-nsa-exclusive-idUSKCN1241YT
[事件]  NSA合同工因窃取机密被捕
http://www.solidot.org/story?sid=49890
[新闻]  雅虎开源分类色情图像的深度学习模型
http://www.solidot.org/story?sid=49865
[其它]  黑客小说:杀手(第四章 危机)
http://www.jianshu.com/p/c4e06774b130
安全技术
[Web安全]  SQL 注入的介绍与代码防御
http://blog.csdn.net/qq_29277155/article/details/52746329
[运维安全]  Scirius – Suricata Ruleset Management Web Application
https://link.zhihu.com/?target=https%3A//github.com/StamusNetworks/scirius/
[比赛]  2016 L-CTF writeup
http://bobao.360.cn/ctf/detail/168.html
[漏洞分析]  metasploitable3:Rapid出品的漏洞练习虚拟机环境
https://github.com/rapid7/metasploitable3
[书籍]  The Antivirus Hacker's Handbook
http://pan.baidu.com/s/1c2bZl3E
[Web安全]  bleach: 基于白名单的HTML富文本过滤器
https://github.com/mozilla/bleach
[Web安全]  Webshell进化史与中国菜刀
http://www.finsec.pw/756.html?from=timeline&isappinstalled=0
[Web安全]  linux 提权 实战Linux下三种不同方式的提权技巧
http://www.webshell.cc/5211.html
[书籍]  运维书籍: Site-Reliability-Engineering
https://github.com/hellorocky/Site-Reliability-Engineering
[漏洞分析]  Android漏洞CVE-2015-3825分析及exploit实战:从Crash到劫持Poc
http://www.ms509.com/?p=439
[数据挖掘]  PipelineIO: Extend ML Pipelines to Serve Production Users
https://pipeline.io/
[漏洞分析]  Announcing CERT Basic Fuzzing Framework Version 2.8
http://insights.sei.cmu.edu/cert/2016/10/announcing-cert-basic-fuzzing-framework-bff-28.html
[恶意分析]  ViperMonkey: A VBA parser and emulation engine to analyze malicious macros
https://github.com/decalage2/ViperMonkey
[运维安全]  《互联网企业安全高级指南》读书笔记
https://zhuanlan.zhihu.com/p/22770582
[编程技术]  awesome-spider: 各种爬虫实例集合,入门好帮手
https://github.com/facert/awesome-spider
[杂志]  SecWiki周刊(第135期)
https://www.sec-wiki.com/weekly/135
[编程技术]  Chardet:Python通用编码检测器
http://hao.jobbole.com/chardet/
[Web安全]  IntruderPayloads: A collection of Burpsuite Intruder payloads
https://github.com/1N3/IntruderPayloads
[数据挖掘]  25 Million Presidential Debate Tweets in Google BigQuery
https://www.jbencina.com/blog/2016/10/06/25-million-presidential-debate-tweets-in-google-big-query/
[漏洞分析]  渗透测试漏洞平台DVWA-参考答案
http://blog.csdn.net/qq_29277155/article/details/52726730
[取证分析]  Russia Hacks Bellingcat MH17 Investigation
https://www.threatconnect.com/blog/russia-hacks-bellingcat-mh17-investigation/
[无线安全]  Securing Your Raspberry Pi
http://www.madirish.net/566
[无线安全]  Breaking into WPA Enterprise networks with Air-Hammer
http://mikeallen.org/blog/2016-10-06-breaking-into-wpa-enterprise-networks-with-air-hammer/
[运维安全]  WAF Testing With Random User Agents.
https://jerrygamblin.com/2016/10/05/waf-testing-with-random-user-agents/
[恶意分析]  Mirai-Source-Code: For Research/IoC Development Purposes
https://github.com/jgamblin/Mirai-Source-Code
[恶意分析]  Introduction to PDF syntax
https://gendignoux.com/blog/2016/10/04/pdf-basics.html
[运维安全]  10个视频带你快速纵览2016 Linux安全峰会
http://www.77169.com/html/24174.html?from=timeline&isappinstalled=0
[无线安全]  ooktools: on-off keying tools for your sdr
https://leonjza.github.io/blog/2016/10/08/ooktools-on-off-keying-tools-for-your-sdr/
[Web安全]  自学成才的黑客(安全研究员)是从哪学到那些知识的
https://www.zhihu.com/question/23073812
[编程技术]  端口扫描原理及实现
http://xiaix.me/duan-kou-sao-miao-yuan-li-ji-shi-xian/
[Web安全]  Wordpress <= 4.6.1 使用语言文件任意代码执行 漏洞分析
https://paper.seebug.org/63/
[数据挖掘]  机器学习经典资料
http://www.52cs.org/?p=1220
[Web安全]  jSQL Injection: a Java application for automatic SQL database injection
https://github.com/ron190/jsql-injection
[恶意分析]  对“利比亚天蝎”网络间谍活动的分析调查(附样本下载)
http://www.freebuf.com/articles/network/115280.html
[书籍]  The Browser Hacker-s Handbook.pdf 密码#28sk
https://pan.baidu.com/s/1slH6mg1
[移动安全]  Android 10月安全补丁风险评估
http://appscan.360.cn/blog/?p=151
[编程技术]  awesome-wechat: 微信个人号/公众号相关项目整理
https://github.com/fritx/awesome-wechat
[恶意分析]  CVE-2016-1707 Chrome Address Bar URL Spoofing on IOS
http://xlab.tencent.com/en/2016/10/09/CVE-2016-1707-Chrome-Address-Bar-URL-Spoofing-on-IOS/
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第136期)