SecWiki周刊(第80期)
2015/09/07-2015/09/13
安全资讯
How we cracked millions of Ashley Madison bcrypt hashes efficiently
http://cynosureprime.blogspot.com/2015/09/how-we-cracked-millions-of-ashley.html
http://cynosureprime.blogspot.com/2015/09/how-we-cracked-millions-of-ashley.html
Apple and Other Tech Companies Tangle With U.S. Over Data Access
http://www.nytimes.com/2015/09/08/us/politics/apple-and-other-tech-companies-tangle-with-us-over-access-to-data.html
http://www.nytimes.com/2015/09/08/us/politics/apple-and-other-tech-companies-tangle-with-us-over-access-to-data.html
Researcher discloses zero-day vulnerability in FireEye
http://www.csoonline.com/article/2980937/vulnerabilities/researcher-discloses-zero-day-vulnerability-in-fireeye.html
http://www.csoonline.com/article/2980937/vulnerabilities/researcher-discloses-zero-day-vulnerability-in-fireeye.html
2015年第36周安全通报
http://blog.topsec.com.cn/ad_lab/2015%e5%b9%b4%e7%ac%ac36%e5%91%a8%e5%ae%89%e5%85%a8%e9%80%9a%e6%8a%a5/
http://blog.topsec.com.cn/ad_lab/2015%e5%b9%b4%e7%ac%ac36%e5%91%a8%e5%ae%89%e5%85%a8%e9%80%9a%e6%8a%a5/
The 2015 Higher Education Security Report
http://cdn2.hubspot.net/hubfs/533449/2015_Higher_Education_Security_Report.pdf
http://cdn2.hubspot.net/hubfs/533449/2015_Higher_Education_Security_Report.pdf
安全技术
hacking with php
http://www.hackingwithphp.com/
http://www.hackingwithphp.com/
AIS3 Final CTF Web Writeup (Race Condition & one-byte off SQL Injection)
http://blog.orange.tw/2015/09/ais3-final-ctf-web-writeup-race.html
http://blog.orange.tw/2015/09/ais3-final-ctf-web-writeup-race.html
faraday:Collaborative Penetration Test IDE
https://github.com/infobyte/faraday
https://github.com/infobyte/faraday
G DATA Mobile Malware Report
https://public.gdatasoftware.com/Presse/Publikationen/Malware_Reports/G_DATA_MobileMWR_Q2_2015_EN.pdf
https://public.gdatasoftware.com/Presse/Publikationen/Malware_Reports/G_DATA_MobileMWR_Q2_2015_EN.pdf
逆向基础——软件手动脱壳技术入门
http://drops.wooyun.org/tips/8296
http://drops.wooyun.org/tips/8296
罪恶家族hook007之潜伏篇
http://blogs.360.cn/blog/hoook007/
http://blogs.360.cn/blog/hoook007/
小黑视角:探秘钓鱼短信背后的那些事
http://mp.weixin.qq.com/s?__biz=MzIzNzAxMDE5NA==&mid=208084923&idx=1&sn=3b22f92624a9d92ed7ab9f6b856aa794&scene=23&srcid=0911Ro0EpZNiLJzfodp1PCAP
http://mp.weixin.qq.com/s?__biz=MzIzNzAxMDE5NA==&mid=208084923&idx=1&sn=3b22f92624a9d92ed7ab9f6b856aa794&scene=23&srcid=0911Ro0EpZNiLJzfodp1PCAP
webshell大集合
https://github.com/tennc/webshell
https://github.com/tennc/webshell
用alphafuzzer挖掘网络协议漏洞
http://blog.topsec.com.cn/ad_lab/alphafuzzer_npfuzz/
http://blog.topsec.com.cn/ad_lab/alphafuzzer_npfuzz/
Simple proxy checking script
https://github.com/chrisiaut/proxycheck_script
https://github.com/chrisiaut/proxycheck_script
Malware for iOS
https://www.theiphonewiki.com/wiki/Malware_for_iOS
https://www.theiphonewiki.com/wiki/Malware_for_iOS
windows 2012 抓明文密码方法
http://zone.wooyun.org/content/20310
http://zone.wooyun.org/content/20310
WMI Defense
http://drops.wooyun.org/tips/8290
http://drops.wooyun.org/tips/8290
BitTorrent DDoS放大攻击
http://blog.nsfocus.net/bittorrent-drdos/
http://blog.nsfocus.net/bittorrent-drdos/
基于PaX/Grsecurity & STIG & Sheild针对es的Docker场景化加固
http://hardenedlinux.org/system-security/2015/09/06/hardening-es-in-docker-with-grsec.html
http://hardenedlinux.org/system-security/2015/09/06/hardening-es-in-docker-with-grsec.html
XssSniper 扩展介绍
http://0kee.360.cn/domXss/
http://0kee.360.cn/domXss/
Django任意代码执行漏洞分析
http://blog.nsfocus.net/django-code-execution-vulnerability/
http://blog.nsfocus.net/django-code-execution-vulnerability/
Abusing Chrome's XSS auditor to steal tokens Detecting XSS Auditor
http://blog.portswigger.net/2015/08/abusing-chromes-xss-auditor-to-steal.html
http://blog.portswigger.net/2015/08/abusing-chromes-xss-auditor-to-steal.html
浅谈互联网公司业务安全
http://drops.wooyun.org/tips/8190
http://drops.wooyun.org/tips/8190
物联网操作系统安全性分析
http://drops.wooyun.org/wireless/8338
http://drops.wooyun.org/wireless/8338
Python Tutorials:From “Hello” to custom Python malware, and exploits
http://www.primalsecurity.net/tutorials/python-tutorials/
http://www.primalsecurity.net/tutorials/python-tutorials/
Second FireEye FLARE On Challenge (2015) Solutions
http://unhere.com/2015/09/09/fireeye-flare-on-challenge-2015-solutions/
http://unhere.com/2015/09/09/fireeye-flare-on-challenge-2015-solutions/
Fishing for Hackers: Analysis of a Linux Server Attack
https://sysdig.com/fishing-for-hackers/
https://sysdig.com/fishing-for-hackers/
Black Hat Arsenal peepdf Challenge 2015 writeup
https://quequero.org/2015/09/black-hat-arsenal-peepdf-challenge-2015-writeup/
https://quequero.org/2015/09/black-hat-arsenal-peepdf-challenge-2015-writeup/
Breaking UEFI security with software DMA attacks
http://blog.cr4.sh/2015/09/breaking-uefi-security-with-software.html
http://blog.cr4.sh/2015/09/breaking-uefi-security-with-software.html
扯淡 闲谈 威胁情报分析
http://weibo.com/p/1001603884551716890497
http://weibo.com/p/1001603884551716890497
Malware Forensic Field Guides: Tool Box
http://www.malwarefieldguide.com/LinuxChapter1.html
http://www.malwarefieldguide.com/LinuxChapter1.html
Proxying Bluetooth devices for security analysis using btproxy
http://conorpp.com/blog/proxying-bluetooth-devices-for-security-analysis-using-btproxy/
http://conorpp.com/blog/proxying-bluetooth-devices-for-security-analysis-using-btproxy/
Neural networks and deep learning
http://neuralnetworksanddeeplearning.com/
http://neuralnetworksanddeeplearning.com/
2015年第二季度移动安全报告
http://gw.alicdn.com/tfscom/TB1qfUiJXXXXXa8XpXXAeRbFXXX.pdf?spm=0.0.0.0.bAlc4S&file=TB1qfUiJXXXXXa8XpXXAeRbFXXX.pdf
http://gw.alicdn.com/tfscom/TB1qfUiJXXXXXa8XpXXAeRbFXXX.pdf?spm=0.0.0.0.bAlc4S&file=TB1qfUiJXXXXXa8XpXXAeRbFXXX.pdf
潜伏在身边的危机:智能设备安全
http://security.tencent.com/index.php/blog/msg/94
http://security.tencent.com/index.php/blog/msg/94
Playing with Fire:Attacking the FireEye® MPS
https://www.ernw.de/download/ERNW_44CON_PlayingWithFire_signed.pdf
https://www.ernw.de/download/ERNW_44CON_PlayingWithFire_signed.pdf
Php Codz Hacking
https://github.com/chtg/phpcodz
https://github.com/chtg/phpcodz
sec-chart:Security Flow Chart
https://github.com/SecWiki/sec-chart
https://github.com/SecWiki/sec-chart
Satellite Turla: APT Command and Control in the Sky
https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-control-in-the-sky/
https://securelist.com/blog/research/72081/satellite-turla-apt-command-and-control-in-the-sky/
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第80期)
