SecWiki周刊(第142期)
2016/11/14-2016/11/20
安全资讯
[其它]  国外网络安全博客Top 50
http://blog.feedspot.com/cyber_security_blogs/
[设备安全]  NIST 发布大规模物联网安全报告[PDF]
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-160.pdf
[新闻]  Kapustkiy 回归,下一个目标是谁?
http://www.mottoin.com/91952.html
[视频]  使用USRP追踪飞机
https://v.qq.com/x/page/e0346ll12xf.html
[事件]  加拿大政府官网疑似被攻破
http://www.mottoin.com/92296.html
[爆库]  Hacker Breaks into Italian Government Website, 45,000 Users Exposed
http://news.softpedia.com/news/hacker-breaks-into-italian-government-website-45-000-users-exposed-510332.shtml
[事件]  GitHub 800 万用户信息疑似泄露
http://www.mottoin.com/92180.html
[事件]  黑客暴露了AdultFriendFinder的4.12亿账户&& twitter 900W用户名数据
http://www.mottoin.com/91846.html
[事件]  全球招聘网站巨头PageGroup被黑,泄露数百万求职者信息
http://www.mottoin.com/91881.html
[会议]  周鸿祎帮你一篇文章看懂乌镇互联网大会两大热点:互联网经济下半场、人工智能
http://www.mottoin.com/92166.html
[恶意分析]  周鸿祎:IOT时代存在巨大威胁
http://www.mottoin.com/92059.html
[法规]  NIST耗时两年编撰《网络安全工程技术指南》 已正式发布
https://www.easyaq.com/newsdetail/id/1018922002.shtml
[事件]  锦行科技出奇•守正-幻云发布会即将重磅开启
http://www.mottoin.com/92201.html
[新闻]  中国央行招聘区块链专家开发数字货币
http://www.solidot.org/story?sid=50409
[恶意分析]  Secret Backdoor in Some U.S. Phones Sent Data to China
http://www.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html?_r=0
[新闻]  我国网络空间防御技术取得重大突破
http://news.sciencenet.cn/htmlnews/2016/11/360863.shtm
安全技术
[Web安全]  基于centos6.8的Suricata+Barnyard2的Snorby-IDS
http://blog.csdn.net/qq_29277155/article/details/53205582
[运维安全]  NIST特刊800-160:系统安全工程
https://cdn.easyaq.com/@/20161117/1479369118426090915.pdf
[书籍]  Python Data Science Handbook: Python数据分析手册书籍
https://github.com/jakevdp/PythonDataScienceHandbook
[移动安全]  How Can Drones Be Hacked? The updated list of vulnerable drones & attack tools
https://medium.com/@swalters/how-can-drones-be-hacked-the-updated-list-of-vulnerable-drones-attack-tools-dd2e006d6809#.j11w643iz
[移动安全]  DeGuard:apk-deguard 在线APK反混淆工具
http://www.apk-deguard.com/
[移动安全]  打造一个手机端的渗透平台
http://www.mottoin.com/92241.html
[Web安全]  jSQL Injection v0.77 - Java application for automatic SQL database injection
http://www.kitploit.com/2016/11/jsql-injection-v077-java-application.html
[无线安全]  无线之破解wpa2加密的wifi密码
http://www.mottoin.com/92122.html
[恶意分析]  滥用NPM库实现敏感数据提取
http://www.mottoin.com/91795.html
[移动安全]  Janus: 盘古团队打造的移动应用安全分析社区化平台
http://demo.appscan.io/web/search-rule.html#type=rule&page=1
[Web安全]  PHP Hacker代码审计秘籍
http://www.freebuf.com/articles/rookie/119969.html
[无线安全]  蓝牙攻击-基础篇
http://www.whitecell-club.org/?p=1524
[数据挖掘]  JDong: 京东数据爬虫接口
https://github.com/Chyroc/JDong
[数据挖掘]  大数据框架对比:Hadoop、Storm、Samza、Spark和Flink
http://www.infoq.com/cn/articles/hadoop-storm-samza-spark-flink
[恶意分析]  CHM渗透:从入门到“入狱”
http://www.freebuf.com/articles/system/119874.html
[运维安全]  终端安全产品的进化:终端安全检测和响应
http://bobao.360.cn/news/detail/3761.html
[运维安全]  DDoS黑产调研
http://www.arkteam.net/?p=1340
[无线安全]  一种新型攻击手法:监听WIFI变化嗅探手机输入
http://www.mottoin.com/91945.html
[Web安全]  命令执行和绕过的一些小技巧
http://bobao.360.cn/learning/detail/3192.html
[移动安全]  needle: IOS的安全测试框架
https://github.com/mwrlabs/needle
[运维安全]  企业级入侵检测系统及实时告警的开源实现
http://bobao.360.cn/learning/detail/3185.html
[Web安全]  lightbulb-framework: 一款WAF审计工具
https://github.com/lightbulb-framework/lightbulb-framework
[其它]  数据泄露信息发布网站
http://www.leakedin.com/
[工具]  poisontap:在锁定的计算中植入后门
https://github.com/samyk/poisontap
[移动安全]  OSXCollector: a forensic evidence collection & analysis toolkit for OSX.
http://yelp.github.io/osxcollector/
[漏洞分析]  CVE-2016-0176漏洞及利用详解
http://keenlab.tencent.com/zh/2016/11/18/A-Link-to-System-Privilege/
[移动安全]  iRET:IOS 逆向渗透测试工具套件
http://www.mottoin.com/91857.html
[Web安全]  CVE-2016-5007 Spring Security / MVC Path Matching Inconsistency
http://www.mottoin.com/92079.html
[恶意分析]  中文:使用Raspberry Pi Zero在锁定的计算机中安装后门
http://www.mottoin.com/92104.html
[Web安全]  使用nmap和自定义子域名文件发现目标子域
http://www.mottoin.com/92113.html
[工具]  国内几大cdn ip地址段
http://www.cmsky.com/cn-cdn-ip
[Web安全]  SHELLING - an offensive approach to the anatomy of improperly written OS command
https://github.com/ewilded/shelling
[漏洞分析]  a tool to perform static analysis of known vulnerabilities in docker
https://github.com/eliasgranderubio/check_docker_image
[编程技术]  大众点评订单系统分库分表实践 -
http://tech.meituan.com/dianping_order_db_sharding.html
[Web安全]  在SQLite中实现命令执行
http://www.mottoin.com/91908.html
[工具]  OWASP Directory Access scanner
https://github.com/stanislav-web/OpenDoor
[其它]  PowerShell Reverse HTTPs Shell
https://github.com/subTee/PoshRat
[运维安全]  验证码的前世今生(前世篇)
https://zhuanlan.zhihu.com/p/23326828
[移动安全]  New Hack: How to Bypass iPhone Passcode to Access Photos and Messages Wednesday
http://thehackernews.com/2016/11/iphone-hacking.html
[移动安全]  Google's tamper detection for Android 移动端威胁情报检测/风控SDK
https://koz.io/inside-safetynet/
[恶意分析]  dorothy2:开源的恶意软件/僵尸网络分析框架
http://www.mottoin.com/92101.html
[工具]  PowerShell Empire Web:基于web接口管理Empire
http://www.mottoin.com/91966.html
[运维安全]  NoSQLAttack: Python编写的开源的mongoDB攻击工具
https://github.com/youngyangyang04/NoSQLAttack
[无线安全]  使用USRP探索无线世界 Part 1:USRP从入门到追踪飞机飞行轨迹
http://www.freebuf.com/articles/wireless/119950.html
[编程技术]  A Better Login System: PHP编程实现基于ACL认证过程
https://code.tutsplus.com/tutorials/a-better-login-system--net-3461
[设备安全]  awesome-iot-hacks: A Collection of Hacks in IoT Space
https://github.com/nebgnahz/awesome-iot-hacks
[漏洞分析]  跨平台内核Fuzzer框架
https://n0where.net/cross-platform-kernel-fuzzer-framework/
[运维安全]  浅谈如何利用IP数据来辅助风控和安全系统
http://www.freebuf.com/special/120041.html
[Web安全]  绕过Ebay xss保护
http://www.mottoin.com/92305.html
[Web安全]  从XSS到RCE2.5 - Black Hat Europe Arsenal 2016
https://github.com/Varbaek/xsser
[Web安全]  使用Commix绕过安全防护利用命令执行漏洞
http://www.mottoin.com/91806.html
[编程技术]  为何我暂停了维护 Python 社区的志愿者工作
https://www.oschina.net/news/79150/why-i-took-october-off-from-oss-volunteering
[移动安全]  HackingTeam back for your Androids, now extra insecure!
http://rednaga.io/2016/11/14/hackingteam_back_for_your_androids/
[移动安全]  AndroidLinker与SO加壳技术之下篇
http://yaq.qq.com/blog/15
[漏洞分析]  VBulletin 核心插件 forumrunner SQL注入(CVE-2016-6195)漏洞分析
http://paper.seebug.org/116/
[Web安全]  Bypassing Two-Factor Authentication on OWA & Office365 Portals
http://www.blackhillsinfosec.com/?p=5396
[杂志]  SecWiki周刊(第141期)
https://www.sec-wiki.com/weekly/141
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第142期)