SecWiki周刊（第76期)

SecWiki周刊（第76期）

2015/08/10-2015/08/16

安全资讯

[工具] kali linux 2.0官方下载（非泄漏镜像）
https://www.kali.org/downloads/

[数据挖掘] Data, Technologies and Security - Part 1
http://blog.binaryedge.io/2015/08/10/data-technologies-and-security-part-1/

[恶意分析] Hacking Team: a zero-day market case study
https://tsyrklevich.net/2015/07/22/hacking-team-0day-market/

[恶意分析] AT&T and NSA’s Longstanding Surveillance Partnership
https://www.eff.org/deeplinks/2015/08/eff-claims-government-spying-atts-help-further-confirmed-new-york-times-article

[会议] Blackhat2015展商指南
http://www.sec-un.org/blackhat2015-exhibitors.html

安全技术

[Web安全] 乌云2015年白帽子大会（ppt)
http://pan.baidu.com/s/1gd6Nrqz

[Web安全] 乌云白帽子大会全部PPT公开
http://zone.wooyun.org/content/22310

[取证分析] 大数据之hive安装及分析web日志实例
https://www.91ri.org/13896.html

[数据挖掘] 从Theano到Lasagne：基于Python的深度学习的框架和库
http://python.jobbole.com/81896/

[会议] Blackhat2015参会指南_议题详情
http://pan.baidu.com/s/1bnCtPgz

[漏洞分析] Java and Flash both vulnerable—again—to new 0-day attacks
http://arstechnica.com/security/2015/07/two-new-flash-exploits-surface-from-hacking-team-combine-with-java-0-day/

[Web安全] Bypass WAF Cookbook
http://drops.wooyun.org/tips/7883

[漏洞分析] Exploiting MS15-076 (CVE-2015-2370)
http://silentbreaksecurity.com/exploiting-ms15-076-cve-2015-2370/

[漏洞分析] 空指针漏洞防护技术-初级篇
http://blog.nsfocus.net/null-pointer-vulnerability-analysis-defense/

[Web安全] blackhat2015 ppt
http://pan.baidu.com/s/1DJb7S

[Web安全] PortDog - Simple Python Script to Detect Port Scanning Techniques
http://www.kitploit.com/2015/08/portdog-simple-python-script-to-detect.html

[恶意分析] Relyze 1.1 with Interactive Binary Diffing
http://blog.relyze.com/2015/06/relyze-11-with-interactive-binary.html

[运维安全] BGP Hijacking – why you need to care!
https://blog.team-cymru.org/2015/07/bgp-hijacking-why-do-you-need-to-care/

[Web安全] The Sleepy Puppy XSS Payload Management Framework
https://danielmiessler.com/blog/the-sleepy-puppy-xss-payload-management-framework/

[漏洞分析] OS X Zero-days on the Rise
http://blog.trendmicro.com/trendlabs-security-intelligence/os-x-zero-days-on-the-rise-a-2015-midyear-review-on-advanced-attack-surfaces/

[漏洞分析] Vm ware fuzzing
http://www.slideshare.net/DefconRussia/vm-ware-fuzzing-trolololo

[漏洞分析] PFP - A Python Interpreter for 010 Templates
http://d0cs4vage.blogspot.com/2015/08/pfp-python-interpreter-for-010-templates.html

[Web安全] BGP Hijacking for Cryptocurrency Profit
http://www.secureworks.com/cyber-threat-intelligence/threats/bgp-hijacking-for-cryptocurrency-profit/

[运维安全] 一个数据包消灭一台服务器的 DNS 漏洞
https://ring0.me/2015/08/exploit-dns-server-with-one-packet/

[运维安全] DDoS攻击工具演变
http://blog.nsfocus.net/evolution-of-ddos-attack-tools/

[Web安全] Metasploit AV Evasion
http://www.kitploit.com/2015/08/metasploit-av-evasion-metasploit.html?utm_source=dlvr.it&utm_medium=twitter

[漏洞分析] Write a simple universal memory editor (game trainer) on OSX/iOS from scratch
http://bbs.iosre.com/t/write-a-simple-universal-memory-editor-game-trainer-on-osx-ios-from-scratch/115

[漏洞分析] 空指针漏洞防护技术提高篇
http://blog.nsfocus.net/null-pointer-vulnerability-defense/

[设备安全] Remote Exploitation of an Unaltered Passenger Vehicle
http://illmatics.com/Remote%20Car%20Hacking.pdf

[恶意分析] Firefox Under Fire: Anatomy of latest 0-day attack
http://www.welivesecurity.com/2015/08/11/firefox-under-fire-anatomy-of-latest-0-day-attack/

[编程技术] Git 使用规范流程
http://www.ruanyifeng.com/blog/2015/08/git-use-process.html

[漏洞分析] Vm ware fuzzing - defcon russia 20
http://www.sec-wiki.com/tougao/create/?u=http%3A%2F%2Fwww.sec-wiki.com%2Ftougao%2Fcreate%2F%3Fu%3Dhttp%253A%252F%252Fwww.slideshare.net%252FDefconRussia%252Fvm-ware-fuzzing-trolololo%26t%3DVm%2520ware%2520fuzzing&t=%E9%A1%B5%E9%9D%A2%E8%BD%BD%E5%85%A

[运维安全] sqlchop:A novel SQL injection detection engine
https://github.com/chaitin/sqlchop

-----微信ID：SecWiki-----
SecWiki，12年来一直专注安全技术资讯分析！
SecWiki：https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第76期)