SecWiki周刊(第70期)
2015/06/29-2015/07/05
安全资讯
[其它]  CCID: 2014-2015年度中国信息安全产品市场研究年度报告
http://yepeng.blog.51cto.com/3101105/1670556
[恶意分析]  Which providers have the most phishing content?
https://labs.opendns.com/2015/07/01/which-providers-have-the-most-phishing-content/
[其它]  Cisco to Acquire OpenDNS for $635 Million
http://www.securityweek.com/cisco-acquire-opendns-635-million
[运维安全]  VPNs are so insecure you might as well wear a KICK ME sign
http://www.theregister.co.uk/2015/06/30/worlds_best_vpns_fall_flat_in_security_tests/
[视频]  how we put Facebook on the path to 1 billion users
https://www.youtube.com/watch?v=raIUQP71SBU
[其它]  大潘:新形势下的安全新思路、新观念、新技术
http://yepeng.blog.51cto.com/3101105/1669947
[恶意分析]  Software Update LG Phones Vulnerable To MITM Attack
http://malwarebattle.blogspot.com/2015/06/software-update-lg-phones-vulnerable-to.html
[取证分析]  关于网络空间情报、威胁情报的一些定义
http://yepeng.blog.51cto.com/3101105/1668851
[其它]  中华人民共和国国家安全法
http://news.xinhuanet.com/legal/2015-07/01/c_1115787801.htm
[漏洞分析]  Automatic bug repair
http://newsoffice.mit.edu/2015/automatic-code-bug-repair-0629
[会议]  2015中国网络安全大会之大师讲堂
http://www.aqniu.com/neo-points/8404.html
安全技术
[Web安全]  J2EEScan - J2EE Security Scanner Burp Suite Plugin
https://github.com/ilmila/J2EEScan
[恶意分析]  Getting Shellcode from ARM Binaries
https://osandamalith.wordpress.com/2015/07/02/getting-shellcode-from-arm-binaries/
[漏洞分析]  在调试器中进行污点分析
http://www.persistencelabs.com/blog/2015/2/28/semtrax-is-now-available
[漏洞分析]  将网络流量反汇编为汇编指令
http://www.haka-security.org/blog/2015/06/23/instruction-disassembly.html
[漏洞分析]  "好的"内存损坏漏洞是什么?
http://googleprojectzero.blogspot.sg/2015/06/what-is-good-memory-corruption.html
[恶意分析]  Transparent Deobfuscation with IDA Processor Module Extensions
http://www.msreverseengineering.com/blog/2015/6/29/transparent-deobfuscation-with-ida-processor-module-extensions
[编程技术]  基于Github参与开源项目指南
http://yeungeek.com/2015/07/01/%E5%9F%BA%E4%BA%8EGithub%E5%8F%82%E4%B8%8E%E5%BC%80%E6%BA%90%E9%A1%B9%E7%9B%AE%E6%8C%87%E5%8D%97/
[文档]  SecureHangzhou 会议
http://www.isc2china.org/?page_id=2429
[漏洞分析]  Ptrace challenge | Blog of Osanda
https://osandamalith.wordpress.com/2015/06/26/solving-root-me-ptrace-challenge/
[恶意分析]  检测恶意文件中隐藏的 Shellcode
http://digital-forensics.sans.org/blog/2015/06/28/detecting-shellcode
[编程技术]  In search of the perfect URL validation regex
https://mathiasbynens.be/demo/url-regex
[会议]  NSC2015中国网络安全大会-日程
http://nsc.skdlabs.com/rc.html#t1
[移动安全]  Android动态调试系列教程
http://drops.wooyun.org/tips/6840
[恶意分析]  The Duqu 2.0 Technical Details(安天翻译)
http://www.antiy.com/response/Duqu-2.pdf
[Web安全]  Using Google Cloud to Bypass NoScript
http://labs.detectify.com/post/122837757551/using-google-cloud-to-bypass-noscript
[移动安全]  高级 Android 应用程序安全案例谈
https://github.com/flankerhqd/presentations/blob/master/geekpwn-session2015.6/main.pdf
[运维安全]  Manually enforcing HSTS in Google Chrome
https://scotthelme.co.uk/manually-enforcing-hsts-chrome/
[编程技术]  q-shell Unix Remote Login And Rootkit Shell Tool
http://blog.hackersonlineclub.com/2015/07/q-shell-unix-remote-login-and-rootkit.html
[漏洞分析]  Metasploit: More Flash Exploits in the Framework
https://community.rapid7.com/community/metasploit/blog/2015/06/30/more-on-flash-exploits-into-the-framework
[运维安全]  Cybersecurity Framework - Industry Resources
http://www.nist.gov/cyberframework/cybersecurity-framework-industry-resources.cfm
[文档]  OWASP 2015中国应用安全论坛
http://www.owasp.org.cn/OWASP_Conference/owasp-2015fh/yc
[数据挖掘]  Adam:大规模分布式机器学习框架
http://www.52cs.org/?p=590
[编程技术]  前端自动化测试探索
http://fex.baidu.com/blog/2015/07/front-end-test/
[Web安全]  一个 Chrome XSS Filter Bypass 的分析
http://drops.wooyun.org/papers/6905
[移动安全]  Reversing Prince Harming's kiss of death
https://reverse.put.as/2015/07/01/reversing-prince-harmings-kiss-of-death/
[Web安全]  业务安全漏洞挖掘归纳总结
http://drops.wooyun.org/web/6917
[运维安全]   Install Snort + Barnyard2 on Ubuntu 14.04
http://www.r00tsec.com/2015/06/howto-install-snort-barnyard2-on-ubuntu.html
[Web安全]  LFi Freak – An Automated File Inclusion Exploiter
https://osandamalith.wordpress.com/2015/03/29/lfi-freak/
[恶意分析]  detux:Multiplatform Linux Sandbox
http://detux.org/
[移动安全]  iOS APP安全杂谈
http://drops.wooyun.org/tips/6826
[Web安全]  Analyzing a Facebook Clickbait Worm
https://blog.sucuri.net/2015/06/analyzing-a-facebook-clickbait-worm.html
[无线安全]  汽车无线钥匙通信安全的一点科普
http://www.freebuf.com/geek/71556.html
[Web安全]  Injection Detector Plug-In for FindBugs
https://github.com/edwardsamuel/FindBugs-Injection-Detector
[移动安全]  Android L&M中绕过安全软件证书白名单
http://blog.avlyun.com/2015/06/2353/android-lm%e4%b8%ad%e7%bb%95%e8%bf%87%e5%ae%89%e5%85%a8%e8%bd%af%e4%bb%b6%e8%af%81%e4%b9%a6%e7%99%bd%e5%90%8d%e5%8d%95/
[Web安全]  Safely Dumping Domain Hashes, with Meterpreter
https://community.rapid7.com/community/metasploit/blog/2015/07/01/safely-dumping-domain-hashes-with-meterpreter
[漏洞分析]  NutShell of Kernel Security
http://www.k33nteam.org/noks.html
[Web安全]  q-shell:Unix remote login tool, rootkit shell tool
https://github.com/qianshanhai/q-shell/
安全专题
Deep learning with python
https://www.sec-wiki.com/topic/62
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第70期)