SecWiki周刊(第62期)
2015/05/04-2015/05/10
安全资讯
[运维安全]  FIDO: Automated Security Incident Response
http://techblog.netflix.com/2015/05/introducing-fido-automated-security.html
[其它]  硅谷夜话之RSA2015 (1)
http://weibo.com/p/1001603840227939594309
[其它]  2015网络安全市场报告(下)
http://www.freebuf.com/news/special/66278.html
[其它]  国家安全法(草案二次审议稿)
http://www.npc.gov.cn/npc/xinwen/lfgz/flca/2015-05/06/content_1935766.htm
安全技术
[工具]  Fuzzing nginx - Hunting vulnerabilities with afl-fuzz
https://lolware.net/2015/04/28/nginx-fuzzing.html
[Web安全]  XSS via window.stop() - Google Safen Up
http://blog.bentkowski.info/2015/05/xss-via-windowstop-google-safen-up.html?m=1
[移动安全]  Android Native API Hooking with Library Injection and ELF Introspection
http://www.evilsocket.net/2015/05/04/android-native-api-hooking-with-library-injecto/
[恶意分析]  浅谈加密这把双刃剑
http://www.vonwei.com/post/ctb-locker.html
[移动安全]  安卓APP动态调试-IDA实用攻略
http://drops.wooyun.org/mobile/5942
[无线安全]  WPS Pixie Dust Attack (Offline WPS Attack)
https://forums.kali.org/showthread.php?24286
[运维安全]  pfSense: free network firewall distribution
https://www.pfsense.org/
[书籍]  scikit-learn-book
http://nbviewer.ipython.org/github/gmonce/scikit-learn-book/tree/master/
[Web安全]  ctf-tools:Some setup scripts for security research tools
https://github.com/zardus/ctf-tools
[Web安全]  xKungFoo 2015 PPT
http://xkungfoo.org/%E5%AE%98%E7%BD%91%E5%8F%91%E5%B8%83%E7%89%88.rar
[运维安全]  云端博弈——木马屠城
http://security.tencent.com/index.php/blog/msg/83
[恶意分析]  隐藏在显存中的基于GPU的rootkit和键盘记录器
https://0xicf.wordpress.com/2015/05/09/new-gpu-based-linux-rootkit-and-keylogger-proof-of-concept-gpu-rootkit-hides-in-vram-snoops-system-activities/
[恶意分析]  On the Arms Race in Spamming Botnet Mitigation
http://blog.ourren.com/2015/05/08/on-the-arms-race-in-spamming-botnet-mitigation/
[恶意分析]  Tinba - Yet another anti-sandbox tricks
https://www.f-secure.com/weblog/archives/00002810.html
[运维安全]  SSL/TLS协议安全系列:SSL/TLS概述
http://drops.wooyun.org/tips/6002
[运维安全]  jellyfish:Linux based userland gpu rootkit
https://github.com/x0r1/jellyfish
[Web安全]  commix:Automated All-in-One OS Command Injection and Exploitation Tool
https://github.com/stasinopoulos/commix
[恶意分析]  一例“无实体文件”恶意样本分析报告
http://mp.weixin.qq.com/s?__biz=MjM5MTA3Nzk4MQ==&mid=207025811&idx=1&sn=76130bdd0d6273af23f234e13faa160f#rd
[漏洞分析]  IIS at Risk: An In-depth Look into CVE-2015-1635
http://blog.trendmicro.com/trendlabs-security-intelligence/iis-at-risk-an-in-depth-look-into-cve-2015-1635/
[Web安全]  Forcing XXE Reflection through Server Error Messages
https://blog.netspi.com/forcing-xxe-reflection-server-error-messages/
[移动安全]  Instrumenting Android Applications with Frida
http://www.frida.re/news/2015/05/09/frida-4-0-0-released/
[Web安全]  Python tools for penetration testers
https://github.com/dloss/python-pentest-tools
[恶意分析]  New malicious Office docs trick
http://bartblaze.blogspot.com/2015/05/new-malicious-office-docs-trick.html
[恶意分析]  Deploying Dionaea on a Raspberry Pi using MHN
https://github.com/threatstream/mhn/wiki/Deploying-Dionaea-on-a-Raspberry-Pi
[设备安全]  Finding targets in drone and quadcopter video streams
http://www.pyimagesearch.com/2015/05/04/target-acquired-finding-targets-in-drone-and-quadcopter-video-streams-using-python-and-opencv/
[设备安全]  Attacking POS Supply Chains
https://blogs.rsa.com/attacking-a-pos-supply-chain-part-1/
[杂志]  (IN)SECURE Magazine:RSA 2015 SPECIAL ISSUE
http://www.net-security.org/insecuremag.php
[书籍]  Ios App Reverse Engineering
http://www.lulu.com/shop/zishe-sha/ios-app-reverse-engineering/ebook/product-22147315.html
[设备安全]  armpwn:memory corruption on the ARM platform
https://github.com/saelo/armpwn
[恶意分析]  Many ways of malware persistence
http://jumpespjump.blogspot.com/2015/05/many-ways-of-malware-persistence-that.html
[移动安全]  Dynamically inject a shared library into a running process on Android/ARM
http://www.evilsocket.net/2015/05/01/dynamically-inject-a-shared-library-into-a-running-process-on-androidarm/#sthash.P013X45P.dpbs
[漏洞分析]  OfficeDissector: parser library for static security analysis of Office
https://github.com/grierforensics/officedissector
[恶意分析]  malice:VirusTotal Wanna Be
https://github.com/blacktop/malice
[运维安全]  CYBERSECURITY MARKET REPORT
http://www.valleytalk.org/2015/05/05/cybersecurity-market-report/
[漏洞分析]  dumplib:Windows Kernel Dump Analyzer
https://github.com/nforest/dumplib
[漏洞分析]  Windows Kernel Exploitation Humla Mumbai
http://null.co.in/2015/05/07/windows-kernel-exploitation-hacksys-extreme-vulnerable-driver/
[恶意分析]  IE安全系列:脚本先锋(II)
http://drops.wooyun.org/tips/5765
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第62期)