SecWiki周刊(第138期)
2016/10/17-2016/10/23
安全资讯
[会议]  点融秋季安全沙龙:10月30日,上海,等你。
http://www.freebuf.com/fevents/117176.html
[新闻]  Russia Hackers to Blame for Wikileaks Emails
http://www.esquire.com/news-politics/a49791/russian-dnc-emails-hacked/
[新闻]  被捕的NSA合同工窃取了50TB的数据
http://www.solidot.org/story?sid=50083
[事件]  Yahoo Asks DNI to De-Classify Email Scanning Order
https://threatpost.com/yahoo-asks-dni-to-de-classify-email-scanning-order/121416/
安全技术
[Web安全]  phpmyadmin 某版本任意文件包含漏洞(无需登录)分析
https://www.92aq.com/2016/08/23/phpmyadmin-arbitrary-file-include.html
[Web安全]  【代码审计】对Beescms SQL注入漏洞的进一步思考
https://www.ohlinge.cn/php/beescms_login_sql.html
[Web安全]  Kali教程中英文版(离线)
https://github.com/louchaooo/kali-tools-zh
[移动安全]  告诉你被盗的iPhone是如何一步步被黑客解锁的
http://bobao.360.cn/news/detail/3670.html
[Web安全]  XSS跨站点脚本的介绍和代码防御
http://blog.csdn.net/qq_29277155/article/details/52895135
[移动安全]  AndroidLinker与SO加壳技术之上篇
http://yaq.qq.com/blog/14
[Web安全]  GourdScanV2: 被动式漏洞扫描系统
https://github.com/ysrc/GourdScanV2
[漏洞分析]  CVE-2016-6187: Exploiting Linux kernel heap off-by-one
https://cyseclabs.com/blog/cve-2016-6187-heap-off-by-one-exploit
[Web安全]  wooyun-wiki: wiki.wooyun.org的部分快照网页
https://github.com/l3m0n/wooyun-wiki
[恶意分析]  Hacking JasperReports:隐藏的SHELL特征
http://www.mottoin.com/90582.html
[漏洞分析]  NSA方程式组织BANANAGLEE工具集分析
http://blog.jowto.com/?p=180
[运维安全]  Malicious Outlook Rules
https://silentbreaksecurity.com/malicious-outlook-rules/
[数据挖掘]  机器学习之识别简单验证码
https://www.iswin.org/2016/10/15/Simple-CAPTCHA-Recognition-with-Machine-Learning/
[视频]  【ISC 2016视频集锦】HackPwn智能家居机器人破解秀
http://bobao.360.cn/course/detail/171.html
[漏洞分析]  Exploit generation and JavaScript analysis automation with WinDBG
http://theevilbit.blogspot.hk/2016/10/exploit-generation-and-javascript.html
[恶意分析]  Palo Alto Networks Discovers Two Adobe Reader Privileged JavaScript Zero-Days
http://researchcenter.paloaltonetworks.com/2016/10/unit42-palo-alto-networks-discovers-two-adobe-reader-privileged-javascript-zero-days/
[取证分析]  Vin.place and Airbag:美国机动车编号与人名查询平台
https://nullsecure.org/introducing-airbag-maltego-transforms-for-vehicles-and-addresses/
[漏洞分析]  “Dirty COW” Race Condition Privilege Escalation (SUID)
http://www.mottoin.com/90834.html
[恶意分析]  Decoders for 7ev3n ransomware
https://hshrzd.wordpress.com/2016/06/13/decoder-for-7ev3n-ransomware/
[比赛]  由HITCON 2016一道Web聊一聊PHP反序列化漏洞
http://www.freebuf.com/vuls/116705.html
[漏洞分析]  Spring Security OAuth RCE (CVE-2016-4977) 漏洞分析
http://paper.seebug.org/70/
[漏洞分析]  Dirty COW (CVE-2016-5195) privilege escalation vulnerability in the Linux
https://dirtycow.ninja/
[恶意分析]  MBRFilter:Open Source Tool to Protect Against 'Master Boot Record' Malware
http://thehackernews.com/2016/10/protect-mbr-malware.html
[Web安全]  BurpSuite插件分享:图形化重算sign和参数加解密插件
http://www.mottoin.com/90666.html
[数据挖掘]  Python 提取《釜山行》人物关系
http://www.jianshu.com/p/3bd06f8816d7#
[恶意分析]  Errata Security: Some notes on today's DNS DDoS
http://blog.erratasec.com/2016/10/some-notes-on-todays-dns-ddos.html
[Web安全]  使用 XML 内部实体绕过 Chrome 和 IE 的 XSS 过滤器
http://paper.seebug.org/80/
[取证分析]  Extracting LastPass Site Credentials from Memory
https://techanarchy.net/2016/10/extracting-lastpass-site-credentials-from-memory/
[编程技术]  inficere: Mac OS X rootkit - for learning purposes
https://github.com/enzolovesbacon/inficere
[数据挖掘]  使用sklearn进行数据挖掘
https://www.52ml.net/20158.html
[恶意分析]  Windows zero-day exploit used in targeted attacks by FruityArmor APT
https://securelist.com/blog/research/76396/windows-zero-day-exploit-used-in-targeted-attacks-by-fruityarmor-apt/
[数据挖掘]  使用sklearn做单机特征工程
https://www.52ml.net/20145.html
[其它]  中文技术文档的写作规范
http://www.ruanyifeng.com/blog/2016/10/document_style_guide.html
[杂志]  SecWiki周刊(第137期)
https://www.sec-wiki.com/weekly/137
[移动安全]  使用Spade Apk后门Hack任意Andorid手机
http://www.mottoin.com/90613.html
[其它]  谈一谈我在阿里的成长
http://www.barretlee.com/blog/2016/10/21/my-growth-at-alibaba/
[Web安全]  CSP的今世与未来
http://www.freebuf.com/articles/web/116836.html
[移动安全]  QQ手机浏览器“虫洞漏洞”挖掘分析全过程
http://appscan.360.cn/blog/?p=165
[移动安全]  android_vuln_poc-exp: pocs and exploits for android vulneribilities
https://github.com/jiayy/android_vuln_poc-exp
[数据挖掘]  An awesome list of high-quality open datasets
https://github.com/caesar0301/awesome-public-datasets
[论文]  Human or malware? Detection of malicious Web requests
https://e-collection.library.ethz.ch/eserv.php?pid=eth:49738&dsID=eth-49738-01.pdf
[设备安全]  【公益译文】关键基础设施系统攻击的检测、关联与呈现
http://blog.nsfocus.net/detection-association-presentation-critical-infrastructure-system-attacks/
[设备安全]  大量ZIO ROUTER路由器未授权访问
http://t.tips/?action=show&id=23417
[运维安全]  UAC攻击剖析
http://www.mottoin.com/90755.html
[杂志]  Android安全工程师-安全技能
https://www.sec-wiki.com/skill/8
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第138期)