SecWiki周刊(第74期)
2015/07/27-2015/08/02
安全资讯
[恶意分析]  Announcing the Second FLARE On Challenge
https://www.fireeye.com/blog/threat-research/2015/07/announcing_the_secon.html
[运维安全]  BIND Update Patches Critical DoS Vulnerability
http://www.securityweek.com/bind-update-patches-critical-dos-vulnerability
[恶意分析]  The Anthem Hack: All Roads Lead to China
http://www.threatconnect.com/the-anthem-hack-all-roads-lead-to-china/
安全技术
[取证分析]  XorDDos木马,难逃铁穹检测法眼。
http://www.aptno1.com/YC/102.html
[Web安全]  python 安全编码&代码审计
http://drops.wooyun.org/web/7490
[数据挖掘]  Tf-idf :: A Single-Page Tutorial
http://www.tfidf.com/
[漏洞分析]  一步一步学ROP之linux_x64篇
http://drops.wooyun.org/papers/7551
[运维安全]  DDoS botnet常见类型及特点
http://blog.nsfocus.net/ddos-botnet-common-features/
[数据挖掘]  知识图谱——机器大脑中的知识库
http://book.thunlp.org/knowledge_graph/
[恶意分析]  HAMMERTOSS: Stealthy Tactics Define a Russian Cyber Threat Group
https://www.fireeye.com/blog/threat-research/2015/07/hammertoss_stealthy.html
[Web安全]  Non-alphanumeric code With JavaScript & PHP by Gareth Heyes
https://www.owasp.org/images/6/66/OWASP_Manchester_Nonalpha.pdf
[漏洞分析]  浅析Peach Fuzz
http://blog.nsfocus.net/peach-fuzz/
[工具]  基于js的在线16进制编辑器
https://hexed.it/
[运维安全]  传统企业的IPS运维
http://lewisec.sinaapp.com/2015/07/30/ips-daily-work/
[设备安全]  Sudo 1.8.14 - Unauthorized Privilege Vulnerability
https://www.exploit-db.com/exploits/37710/
[运维安全]  bettercap:A complete, modular, portable and easily extensible MITM framework
http://www.bettercap.org/
[数据挖掘]  安全威胁情报之HackingTeam邮件分析
http://www.sec-un.org/analysis-on-the-hackingteam-mail-security-threat-intelligence-2.html
[恶意分析]  Transparent MITM with Cuckoo Sandbox
http://jbremer.org/mitm/
[恶意分析]  恶意文件分析系统中的数字签名验证
http://blog.nsfocus.net/digital-signature-with-malware-analysis/
[漏洞分析]  抛砖引玉——Stagefright漏洞初探
http://drops.wooyun.org/mobile/7491
[漏洞分析]  overflow in .NET Framework System.DirectoryServices.Protocols.Utility class
https://www.securify.nl/advisory/SFY20150501/integer_overflow_in__net_framework_system_directoryservices_protocols_utility_class.html
[移动安全]  How to use old GSM protocols/encodings to know if a user is Online on the GSM
http://www.evilsocket.net/2015/07/27/how-to-use-old-gsm-protocolsencodings-know-if-a-user-is-online-on-the-gsm-network-aka-pingsms-2-0/
[编程技术]  Business Logic Security Testing with Acunetix v10
http://www.acunetix.com/blog/articles/business-logic-security-testing-with-acunetix-v10/
[恶意分析]  Cyber Campaigns Central (List and Descriptions)
http://cybercampaigns.net/
[恶意分析]  PlagueScanner:Open source multiple AV scanner framework
https://github.com/PlagueScanner/PlagueScanner
[运维安全]  shinken:Flexible and scalable monitoring framework
https://github.com/naparuba/shinken
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第74期)