SecWiki周刊(第68期)
2015/06/15-2015/06/21
安全资讯
[视频]  Deep Web纪录片
http://www.solidot.org/story?sid=44514
[移动安全]  Game-over HTTPS defects in dozens of Android apps expose user passwords
http://arstechnica.com/security/2015/06/game-over-https-defects-in-dozens-of-android-apps-expose-user-passwords/
[取证分析]  Encrypting Windows Hard Drives
https://www.schneier.com/blog/archives/2015/06/encrypting_wind.html
[Web安全]  LastPass Hacked, Change Your Master Password Now
http://lifehacker.com/lastpass-hacked-time-to-change-your-master-password-1711463571
[恶意分析]  Watering holes exploiting JSONP hijacking to track users in China
https://www.alienvault.com/open-threat-exchange/blog/watering-holes-exploiting-jsonp-hijacking-to-track-users-in-china
[运维安全]  不同规模企业下的安全管理
http://www.ayazero.com/?p=38
[运维安全]  安全建设需求:生态级公司vs平台级公司
http://www.ayazero.com/?p=42
安全技术
[Web安全]  使用sqlmapapi.py批量化扫描实践
http://drops.wooyun.org/tips/6653
[数据挖掘]  WePay机器学习反欺诈实践:Python+scikit-learn+随机森林
http://www.csdn.net/article/2015-05-18/2824689
[Web安全]  Understanding and Monitoring Embedded Web Scripts
http://blog.ourren.com/2015/06/18/understanding-and-monitoring-embedded-web-scripts/
[Web安全]  海莲花深度分析报告(35P)
http://www.nsfocus.com.cn/content/details_141_1949.html
[移动安全]  XARA Attack Demos
https://sites.google.com/site/xaraflaws/home
[漏洞分析]  远程安全漏洞扫描
http://pan.baidu.com/s/1o65jmRK
[Web安全]  分享一个jsonp劫持造成的新浪某社区CSRF蠕虫
https://www.leavesongs.com/HTML/sina-jsonp-hijacking-csrf-worm.html
[Web安全]  undetected-meterpreter-stagers:Custom stagers with python encrypting proxy
https://github.com/DiabloHorn/undetected-meterpreter-stagers
[运维安全]  聊一聊chkrookit的误信和误用
http://xteam.baidu.com/?p=237
[杂志]  《安全参考》HACKCTO-201506-30
http://pan.baidu.com/s/1kT6AZpP
[漏洞分析]  Analysis of CVE-2015-2360 – Duqu 2.0 Zero Day Vulnerability
http://blog.trendmicro.com/trendlabs-security-intelligence/analysis-of-cve-2015-2360-duqu-2-0-zero-day-vulnerability/
[取证分析]  VolDiff: Malware Memory Footprint Analysis based on Volatility
https://github.com/aim4r/VolDiff
[Web安全]  Shodan Developer API document
https://developer.shodan.io/
[Web安全]  JSONP挖掘与高级利用
http://drops.wooyun.org/papers/6630
[漏洞分析]  Understanding type confusion vulnerabilities: CVE-2015-0336
http://blogs.technet.com/b/mmpc/archive/2015/06/18/understanding-type-confusion-vulnerabilities-cve-2015-0336.aspx
[编程技术]  How to Create A Simple Chat System in PHP
http://taha-sh.com/blog/how-to-create-a-simple-chat-system-in-php
[设备安全]  How to Unlock a Door: 11 Steps (with Pictures)
http://www.wikihow.com/Unlock-a-Door
[移动安全]  Femtocell安全漏洞分析
http://jaq.alibaba.com/blog.htm?spm=0.0.0.0.3zwaJ3&id=73
[Web安全]  利用PDO::FETCH_FUNC特性留后门
http://www.secoff.net/archives/436.html
[编程技术]  the-art-of-command-line
https://github.com/jlevy/the-art-of-command-line
[Web安全]  利用JSONP进行水坑攻击
http://drops.wooyun.org/papers/6612
[Web安全]  2015 360初赛 writeup
http://blog.sycsec.com/?p=716
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第68期)