SecWiki周刊(第65期)
2015/05/25-2015/05/31
安全资讯
[无线安全]  Sniffing and tracking wearable tech and smartphones
http://www.net-security.org/secworld.php?id=18422
[Web安全]  携程全线瘫痪,传言代码被恶意删除
http://www.freebuf.com/news/68558.html
[漏洞分析]  Exodus Intelligence 2015 Training Courses
http://blog.exodusintel.com/2014/12/11/2015-training-courses/
[其它]  企业安全涵盖哪些事情
http://www.ayazero.com/?p=19
[Web安全]  成人交友站AdultFriendFinder数据库泄露
http://silic.org:81/post/AdultFriendFinder_Database_Dumped
安全技术
[Web安全]  从Web页面直接调用USB接口API
http://reillyeon.github.io/webusb/
[工具]  CodeXplorer自动识别虚表调用
https://github.com/REhints/HexRaysCodeXplorer/releases/tag/1.7
[论文]  KDD 2015 Accepted Papers
http://www.kdd.org/kdd2015/program.html#
[移动安全]  用Python解密手机QQ聊天记录
http://www.freebuf.com/articles/terminal/68224.html
[恶意分析]  用机器学习识别随机生成的C&C域名
http://drops.wooyun.org/tips/6220
[漏洞分析]  Android 9patch 图片解析堆溢出漏洞分析(CVE-2015-1532)
http://security.tencent.com/index.php/blog/msg/85
[漏洞分析]  When is something overflowing
https://speakerdeck.com/zer0mem/when-is-something-overflowing
[运维安全]  Reconnaissance tool for GitHub organizations
https://github.com/michenriksen/gitrob
[Web安全]  PHP自动化白盒审计技术与实现
http://drops.wooyun.org/tips/6261
[Web安全]  新开普Newcapec高校一卡通渗透思路
http://silic.org:81/post/Newcapec_Card_System_Cracked
[漏洞分析]  Snowman: a native code to C/C++ decompiler
https://github.com/yegord/snowman
[其它]  Official Kali Linux Docker Images | Kali Linux
https://www.kali.org/news/official-kali-linux-docker-images/
[设备安全]  来自 ttyS0 的 Netgear 固件逆向
http://dwz.cn/MjZDK
[漏洞分析]  eu-14-Javed-Revisiting-XSS-Sanitization-wp.pdf
https://www.blackhat.com/docs/eu-14/materials/eu-14-Javed-Revisiting-XSS-Sanitization-wp.pdf
[恶意分析]  200 的开放源码项目后: 源代码静态分析经验
http://dwz.cn/MjZCy
[漏洞分析]  HackSys 极其脆弱的驱动
https://github.com/hacksysteam/HackSysExtremeVulnerableDriver
[恶意分析]  kaggle competition Microsoft malware classification
https://github.com/xiaozhouwang/kaggle_Microsoft_Malware
[恶意分析]  Analysis of a MICROSOFT WORD INTRUDER sample
http://blog.0x3a.com/post/117760824504/analysis-of-a-microsoft-word-intruder-sample
[文档]  hitbsecconf 2015 ams slide
https://conference.hitb.org/hitbsecconf2015ams/materials/
[漏洞分析]  angr, a static and concolic binary analysis framework
http://angr.re/
[恶意分析]  OWASP dependency-check
https://github.com/jeremylong/DependencyCheck
[恶意分析]  Embedded Device Security & Zollard Botnet Analysis
http://blog.balicbilisim.com/embedded-device-security-zollard-botnet-analysis/
[恶意分析]  NitlovePOS: Another New POS Malware
https://www.fireeye.com/blog/threat-research/2015/05/nitlovepos_another.html
[漏洞分析]  WebPwn3r - Web Applications Security Scanner
http://www.kitploit.com/2014/04/webpwn3r-web-applications-security.html
[设备安全]  利用固件和硬件攻击虚拟机监控程序
http://dwz.cn/MjZDO
[杂志]  黑客防线2015年第4期杂志
http://www.hacker.com.cn/show-7-2747-1.html
[漏洞分析]  Exploiting PHP Part 3: Popping Remote Shells
http://www.inulledmyself.com/2015/05/exploiting-memory-corruption-bugs-in.html
[漏洞分析]  JIT 引擎触发 RowHammer 可行性研究
http://vdisk.weibo.com/s/qn_cPhjlNXSG2
[恶意分析]  IDA PLUG-IN WRITING IN C/C++
http://www.binarypool.com/idapluginwriting/idapw.pdf
[恶意分析]  Naikon APT 与 MsnMM 运动
http://dwz.cn/LBVFO
[数据挖掘]  Netflix工程总监眼中的分类算法:深度学习优先级最低
http://www.csdn.net/article/2015-05-24/2824758
[漏洞分析]  从客户端游戏漏洞看开发中的安全隐患
http://drops.wooyun.org/papers/6238
[恶意分析]  CVE-2015-3090 (Flash up to 17.0.0.169) and Exploit Kits
http://malware.dontneedcoffee.com/2015/05/cve-2015-3090-flash-up-to-1700169-and.html
[文档]  HITB 2015 阿姆斯特丹会议资料下载
http://dwz.cn/MjZCD
[恶意分析]  DAMM - Differential Analysis of Malware in Memory
http://www.kitploit.com/2014/11/damm-differential-analysis-of-malware.html
[其它]  We Don’t Know Sh—. You Don’t Know Sh—.
https://securosis.com/blog/we-dont-know-sh-.-you-dont-know-sh
[书籍]  The RESTful cookbook
http://restcookbook.com/
[编程技术]  Python识别网站验证码
http://drops.wooyun.org/tips/6313
[取证分析]  TRAFFIC ANALYSIS EXERCISE
http://malware-traffic-analysis.net/2015/05/08/index.html
[漏洞分析]  idaref:IDA Pro Instruction Reference Plugin
https://github.com/nologic/idaref
[恶意分析]  Tracking Internet threats by visualizing IP and DNS data
https://www.youtube.com/watch?v=QbCCLXFhuls&feature=youtu.be
[恶意分析]  一例针对中国政府机构的准APT攻击中所使用的样本分析
http://www.antiy.com/response/APT-TOCS.html
[漏洞分析]  Tool to detect and correct vulnerabilities in PHP
http://www.kitploit.com/2014/11/web-application-protection-tool-to.html
[其它]  Mixed-Mode Malware and Its Analysis
http://ranger.uta.edu/~csallner/papers/aboughadareh14mixed.pdf
[恶意分析]  Angler Exploit kit breaks Referer chain using HTTPS to HTTP redirection
https://hiddencodes.wordpress.com/2015/05/29/angler-exploit-kit-breaks-referer-chain-using-https-to-http-redirection/
[比赛]  Bandit Walkthrough
http://drops.wooyun.org/tips/6211
[漏洞分析]  二进制漏洞之——邪恶的printf
http://drops.wooyun.org/binary/6259
[恶意分析]  RSA Incident Response: An APT Case Study
https://blogs.rsa.com/wp-content/uploads/2015/05/RSA-IR-Case-Study.pdf
[漏洞分析]  DD - DebugDetector
https://github.com/zer0fl4g/DebugDetector
[Web安全]  XSS Theory Framework.png
http://www.pkav.net/XSS.png
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第65期)