SecWiki周刊(第62期)
2015/05/04-2015/05/10
安全资讯
[运维安全]  FIDO: Automated Security Incident Response
http://techblog.netflix.com/2015/05/introducing-fido-automated-security.html
[其它]  硅谷夜话之RSA2015 (1)
http://weibo.com/p/1001603840227939594309
[其它]  2015网络安全市场报告(下)
http://www.freebuf.com/news/special/66278.html
[其它]  国家安全法(草案二次审议稿)
http://www.npc.gov.cn/npc/xinwen/lfgz/flca/2015-05/06/content_1935766.htm
安全技术
[工具]  Fuzzing nginx - Hunting vulnerabilities with afl-fuzz
https://lolware.net/2015/04/28/nginx-fuzzing.html
[Web安全]  XSS via window.stop() - Google Safen Up
http://blog.bentkowski.info/2015/05/xss-via-windowstop-google-safen-up.html?m=1
[移动安全]  Android Native API Hooking with Library Injection and ELF Introspection
http://www.evilsocket.net/2015/05/04/android-native-api-hooking-with-library-injecto/
[恶意分析]  浅谈加密这把双刃剑
http://www.vonwei.com/post/ctb-locker.html
[移动安全]  安卓APP动态调试-IDA实用攻略
http://drops.wooyun.org/mobile/5942
[无线安全]  WPS Pixie Dust Attack (Offline WPS Attack)
https://forums.kali.org/showthread.php?24286
[运维安全]  pfSense: free network firewall distribution
https://www.pfsense.org/
[Web安全]  ctf-tools:Some setup scripts for security research tools
https://github.com/zardus/ctf-tools
[运维安全]  云端博弈——木马屠城
http://security.tencent.com/index.php/blog/msg/83
[恶意分析]  On the Arms Race in Spamming Botnet Mitigation
http://blog.ourren.com/2015/05/08/on-the-arms-race-in-spamming-botnet-mitigation/
[运维安全]  SSL/TLS协议安全系列:SSL/TLS概述
http://drops.wooyun.org/tips/6002
[恶意分析]  Tinba - Yet another anti-sandbox tricks
https://www.f-secure.com/weblog/archives/00002810.html
[运维安全]  jellyfish:Linux based userland gpu rootkit
https://github.com/x0r1/jellyfish
[Web安全]  commix:Automated All-in-One OS Command Injection and Exploitation Tool
https://github.com/stasinopoulos/commix
[Web安全]  Forcing XXE Reflection through Server Error Messages
https://blog.netspi.com/forcing-xxe-reflection-server-error-messages/
[移动安全]  Instrumenting Android Applications with Frida
http://www.frida.re/news/2015/05/09/frida-4-0-0-released/
[Web安全]  Python tools for penetration testers
https://github.com/dloss/python-pentest-tools
[恶意分析]  Deploying Dionaea on a Raspberry Pi using MHN
https://github.com/threatstream/mhn/wiki/Deploying-Dionaea-on-a-Raspberry-Pi
[设备安全]  Attacking POS Supply Chains
https://blogs.rsa.com/attacking-a-pos-supply-chain-part-1/
[杂志]  (IN)SECURE Magazine:RSA 2015 SPECIAL ISSUE
http://www.net-security.org/insecuremag.php
[设备安全]  armpwn:memory corruption on the ARM platform
https://github.com/saelo/armpwn
[移动安全]  Dynamically inject a shared library into a running process on Android/ARM
http://www.evilsocket.net/2015/05/01/dynamically-inject-a-shared-library-into-a-running-process-on-androidarm/#sthash.P013X45P.dpbs
[漏洞分析]  OfficeDissector: parser library for static security analysis of Office
https://github.com/grierforensics/officedissector
[恶意分析]  malice:VirusTotal Wanna Be
https://github.com/blacktop/malice
[运维安全]  CYBERSECURITY MARKET REPORT
http://www.valleytalk.org/2015/05/05/cybersecurity-market-report/
[漏洞分析]  dumplib:Windows Kernel Dump Analyzer
https://github.com/nforest/dumplib
[恶意分析]  IE安全系列:脚本先锋(II)
http://drops.wooyun.org/tips/5765
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第62期)