SecWiki周刊(第78期)
2015/08/24-2015/08/30
安全资讯
[比赛]  2015 DEF CON CTF Final Scores
https://blog.legitbs.net/2015/08/2015-def-con-ctf-final-scores.html
[取证分析]  Ashley Madison hackers leave footprints that may help investigators
http://arstechnica.com/security/2015/08/ashley-madison-hackers-leave-footprints-that-may-help-investigators/
[取证分析]  How Much Threat Intelligence Is Too Much?
http://www.darkreading.com/partner-perspectives/tenable/how-much-threat-intelligence-is-too-much/a/d-id/1321843
[其它]  首次威胁情报研讨沙龙
http://www.aqniu.com/news/9862.html
[其它]  美国爱因斯坦计划最新动态201508
http://yepeng.blog.51cto.com/3101105/1689128
[其它]  EFF Announces 2015 Pioneer Award Winners
https://www.eff.org/press/releases/eff-announces-2015-pioneer-award-winners-caspar-bowden-citizen-lab-anriette
安全技术
[恶意分析]  Malware Analysis Tutorials: a Reverse Engineering Approach
http://fumalwareanalysis.blogspot.com/p/malware-analysis-tutorials-reverse.html
[Web安全]  Cookies Lack Integrity: Real-World Implications
http://netsec.ccert.edu.cn/duanhx/files/2015/08/sec15_cookies-lack-integrity-published.pdf
[工具]  去哪儿网 MySQL 语法审核工具
https://github.com/mysql-inception/inception
[Web安全]  fd上公布的vBulletin rce 0day分析
http://seclab.dbappsecurity.com.cn/?p=461
[取证分析]  maltelligence:a Malware/Threat Analyst Desktop
https://github.com/maltelligence/maltelligence
[取证分析]  GasPot: honeypot for Veeder Root Gaurdian AST
https://github.com/sjhilt/GasPot
[Web安全]  SQLChop - 一个新型 SQL 注入检测引擎
http://blog.chaitin.com/sqlchop-the-sqli-detection-engine/
[文档]  冰眼科技安全沙龙PPT
http://pan.baidu.com/s/1bnfRVQZ
[移动安全]  Offensive & Defensive Android Reverse Engineering
https://github.com/rednaga/training/tree/master/DEFCON23
[设备安全]  极路由安全设计分析姐妹篇
http://www.freebuf.com/articles/terminal/76046.html
[Web安全]  SQL注入速查表(下)与Oracle注入速查表
http://drops.wooyun.org/tips/8242
[设备安全]  逆向路由器固件之敏感信息泄露 Part2
http://www.freebuf.com/articles/terminal/76481.html
[恶意分析]  APT攻击现状及揭露实践
http://pan.baidu.com/s/1jGEjxtW
[移动安全]  iOS安全系列汇总
http://esoftmobile.com/2014/02/14/ios-security/
[编程技术]  How browsers work
http://domenicodefelice.blogspot.com/2015/08/how-browsers-work.html?t=2
[移动安全]  HIDden Treasures - TaiG 2
http://newosxbook.com/articles/HIDeAndSeek.html
[Web安全]  那些 Web Hacking 中的奇技淫巧
http://blog.orange.tw/2015/08/hitcon-2015-community-web-hacking.html
[移动安全]  越狱插件盗取22万个苹果账号样本分析
http://blog.pangu.io/wy-2015-0136806/
[其它]  Linux_Security_Summit_2015
http://kernsec.org/wiki/index.php/Linux_Security_Summit_2015#Schedule
[取证分析]  攻击洋葱路由(Tor)匿名服务的一些综述
http://drops.wooyun.org/papers/8265
[Web安全]  WMI Attacks
http://drops.wooyun.org/tips/8189
[数据挖掘]  业务系统异常行为检测
http://mp.weixin.qq.com/s?__biz=MjM5ODYyMTM4MA==&mid=209072562&idx=1&sn=61bb0c4cd1cb8ccc9a80784c0e73a5cf&scene=23
[Web安全]  使用exp进行SQL报错注入
http://drops.wooyun.org/tips/8166
[Web安全]  sonar:A Framework for Scanning and Exploiting Internal Hosts With a Webpage
http://thehackerblog.com/sonar-a-framework-for-scanning-and-exploiting-internal-hosts-with-a-webpage/
[设备安全]  Exploit PLC on the internet
http://plcscan.org/blog/2015/08/china-knownsec-kcon-2015/
[文档]  Hacking ipcam like Harold in POI
http://hackdog.me/ipcam/#/step-1
[恶意分析]  Abusing Web Query (.iqy) files for effective phishing
http://www.labofapenetrationtester.com/2015/08/abusing-web-query-iqy-files.html
[恶意分析]  揭秘Neutrino僵尸网络生成器
http://drops.wooyun.org/tips/8186
[漏洞分析]  Self-patching Microsoft XML with misalignments and factorials
http://www.phrack.org/papers/self-patching-msxml.html
[Web安全]  What I learned from cracking 4000 Ashley Madison passwords
http://www.pxdojo.net/2015/08/what-i-learned-from-cracking-4000.html
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第78期)