SecWiki周刊(第72期)
2015/07/13-2015/07/19
安全资讯
[比赛]  How We Fared in the Cyber Grand Challenge
http://blog.trailofbits.com/2015/07/15/how-we-fared-in-the-cyber-grand-challenge/
[恶意分析]  14 days running a secret Dark Web pedophile honeypot
http://geekslop.com/2015/catching-pedophiles-running-secret-dark-web-tor-honeypot
[恶意分析]  Feds bust through huge Tor-hidden child porn site using questionable malware
http://arstechnica.com/tech-policy/2015/07/feds-bust-through-huge-tor-hidden-child-porn-site-using-questionable-malware/
[Web安全]   2015年上半年数据库漏洞威胁报告
http://www.aqniu.com/security-reports/8620.html
安全技术
[Web安全]  Dedecms远程写文件漏洞分析
http://blog.nsfocus.net/dedecms-write-file-vuln/
[漏洞分析]  Advanced cfg bypass on adobe flash player 18 defcon russia 23
http://www.slideshare.net/DefconRussia/advanced-cfg-bypass-on-adobe-flash-player-18
[取证分析]  反黑逆向溯源追踪之:某某某局入侵事件分析
http://lcx.cc/?i=4555
[运维安全]  Hacking Team Helped Italian Special Group with BGP Routing Hijack
https://labs.opendns.com/2015/07/12/how-hacking-team-helped-italian-special-operations-group-with-bgp-routing-hijack/
[Web安全]  永别了 SQL 注入
http://www.chaitin.com/dl/sqlchop-ali-20150710.pdf
[恶意分析]  Hacking Team's "Bad BIOS": A Commercial Rootkit for UEFI Firmware
http://www.intelsecurity.com/advanced-threat-research/blog.html
[漏洞分析]  AlphaFuzzer:多功能的漏洞挖掘工具
http://blog.topsec.com.cn/ad_lab/alphafuzzer/
[取证分析]  chainbreaker:Mac OS X Keychain Forensic Tool
https://github.com/n0fate/chainbreaker
[恶意分析]  Significant Flash exploit mitigations are live in v18.0.0.209
http://googleprojectzero.blogspot.com/2015/07/significant-flash-exploit-mitigations_16.html
[恶意分析]  Hacking Team Mac OSX 64位 Shellcode 技术分析
http://security.tencent.com/index.php/blog/msg/89
[杂志]  《安全参考》HACKCTO-201507-31-渗透测试上
http://pan.baidu.com/s/1o6qrJPS
[编程技术]  SlimerJS:A scriptable browser for Web developers
http://slimerjs.org/
[编程技术]  SmmBackdoor:System Management Mode backdoor for UEFI
https://github.com/Cr4sh/SmmBackdoor
[Web安全]  MultiProxies 支持多代理的渗透测试框架
http://p.x0day.me/
[运维安全]  大数据安全分析——分析篇
http://www.jianshu.com/p/15f2d92fc9c3
[编程技术]  如何在 virtualenv 环境下搭建 Python Web
http://segmentfault.com/a/1190000002991175
[数据挖掘]  Exercises for my tutorials on Theano
https://github.com/goodfeli/theano_exercises
[Web安全]  A cheat-sheet for password crackers
http://www.unix-ninja.com/p/A_cheat-sheet_for_password_crackers
[运维安全]  基于数据分析的邮件系统安全
http://drops.wooyun.org/tips/7086
[设备安全]  解密“智魁”攻击行动——针对路由器蠕虫攻击事件分析报告
http://security.alibaba.com/blog/blog.htm?spm=0.0.0.0.mO6T6P&id=26
[杂志]  黑客防线2015年第5期杂志
http://www.hacker.com.cn/show-7-2748-1.html
[设备安全]  国内工控网络安全产品目录
http://plcscan.org/blog/2015/07/ics-security-products-from-chinese-market/
[数据挖掘]  ipcat:Categorization of IP Addresses
https://github.com/client9/ipcat
[文档]  2015阿里安全峰会
http://pan.baidu.com/s/1o6EEley
[Web安全]  GET来的漏洞
http://drops.wooyun.org/web/7112
[恶意分析]  黑狐木马最新变种——“肥兔”详细分析
http://drops.wooyun.org/papers/7117
[漏洞分析]  Hacking Team Flash 0Day 分析分享
http://blog.nsfocus.net/2015/07/hacking-team-flash-0day/
[恶意分析]  CapTipper:Malicious HTTP traffic explorer
https://github.com/omriher/CapTipper
安全专题
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第72期)