SecWiki周刊(第81期)
2015/09/14-2015/09/20
安全资讯
[恶意分析]  我们来告诉你完整的XCodeGhost事件
http://security.tencent.com/index.php/blog/msg/96
[视频]  黑客相关的电视剧/电影
https://github.com/SecWiki/hack-movie
[会议]  (ISC)2北京分会沙龙第7期—工控攻防及漏洞挖掘
http://www.huodongxing.com/event/3299282474100
[移动安全]  大揭秘!苹果为何有毒 Xcode事件还原
http://v.youku.com/v_show/id_XMTMzOTUwMDYyNA==.html?%20%20f=26086617&ev=4
[运维安全]  对威胁情报分析的一些看法 (续篇)
http://weibo.com/p/1001603886785284467152
[其它]  2015安全事件全球之最:888起事件,2.46亿份档案被盗
http://www.aqniu.com/neo-points/10210.html
[其它]  FreeBuf全球安全事件纵览-2015年8月
http://www.freebuf.com/news/78481.html
[运维安全]  MD5 To Be Considered Harmful Someday
http://blog.acolyer.org/2015/09/15/md5-to-be-considered-harmful-someday/
安全技术
[无线安全]  mana:toolkit for wifi rogue AP attacks and MitM
https://github.com/sensepost/mana
[运维安全]  NFS配置不当那些事
http://drops.wooyun.org/tips/8659
[编程技术]  Galileo RCS – Installing the entire espionage platform
http://hyperionbristol.co.uk/galileo-rcs-installing-the-entire-espionage-platform/
[取证分析]  WireShark黑客发现之旅(5)—扫描探测
http://drops.wooyun.org/tips/8660
[论文]  RAID 2015 Program
http://www.raid2015.org/program.html
[取证分析]  TruSSH Worm分析报告
http://xteam.baidu.com/?p=300
[文档]  BambooFox 暑假 CTF 培训课件
https://bamboofox.torchpad.com/Class/training
[数据挖掘]  Stucco-Data:Cyber security data sources
http://stucco.github.io/data/
[运维安全]  浅析大规模DDOS防御架构-应对T级攻防
http://www.ayazero.com/?p=75
[移动安全]  Mobile-Security-Framework-MobSF
https://github.com/ajinabraham/Mobile-Security-Framework-MobSF
[编程技术]  Python网络攻防之第二层攻击
http://drops.wooyun.org/tips/8547
[文档]  2015软件定义安全SDS白皮书
http://blog.nsfocus.net/software-defined-security-whitepaper/
[运维安全]  关于反杀伤链的思考
http://www.sec-un.org/reflections-on-anti-anti-chain.html
[文档]   HITCON 2015 slide
http://hitcon.org/2015/CMT/agenda/
[文档]  44CON’s Presentations on SlideShare
http://www.slideshare.net/44Con/presentations
[漏洞分析]  利用BitmapData对象对抗Flash Player的隔离堆
http://weibo.com/p/1001603888587073565649
[移动安全]  Ghost Push —— Monkey Test & Time Service病毒分析报告
http://drops.wooyun.org/tips/8923
[Web安全]  讨论:边界之后下一步你会做什么
http://zone.wooyun.org/content/22990
[数据挖掘]  大数据可视化设计
http://blog.nsfocus.net/big-data-visualization/
[其它]  Windows CreateObjectTask TileUserBroker Privilege Escalation
https://www.exploit-db.com/exploits/38201/
[漏洞分析]  Exploit开发系列教程-Windows基础&shellcode
http://drops.wooyun.org/tips/8361
[运维安全]  In Search of SYNful Routers
https://zmap.io/synful/
[恶意分析]  MMD-0043-2015 - Polymorphic in ELF malware: Linux/Xor.DDOS
http://blog.malwaremustdie.org/2015/09/mmd-0042-2015-polymorphic-in-elf.html
[漏洞分析]  Readactor-Practical Code Randomization Resilient to Memory Disclosure
http://www.slideshare.net/ch0psticks/readactor-slides
[数据挖掘]  Document Classification with Apache Spark
https://www.slideshare.net/secret/hxWDB6dyDLRlNz
[运维安全]  Malware Analysis and Incident Response Tools for the Frugal and Lazy
http://postmodernsecurity.com/2015/09/11/malware-analysis-and-incident-response-tools-for-the-frugal-and-lazy/
[运维安全]  利用被入侵的路由器获取网络流量
http://drops.wooyun.org/tips/8641
[移动安全]  Defeating SSL Pinning in Coin's Android Application
http://rotlogix.com/2015/09/13/defeating-ssl-pinning-in-coin-for-android/
[恶意分析]  Satellite Turla: APT Command and Control in the Sky
http://drops.wooyun.org/papers/8644
[恶意分析]  SYNful Knock A cisco implant
https://www2.fireeye.com/rs/848-DID-242/images/rpt-synful-knock.pdf
[移动安全]  Hooker: Automated Dynamic Analysis of Android Applications
https://github.com/AndroidHooker/hooker
[漏洞分析]  Finding Vulnerabilities in Core WordPress: A Bug Hunter’s Trilogy, Part III – Ul
http://blog.checkpoint.com/2015/09/15/finding-vulnerabilities-in-core-wordpress-a-bug-hunters-trilogy-part-iii-ultimatum/
[Web安全]  2015年P2P金融网站安全漏洞分析报告
http://drops.wooyun.org/news/8705
[漏洞分析]  DbgKit: first GUI extension for Debugging Tools for Windows
http://www.andreybazhan.com/dbgkit.html
[移动安全]  XCode编译器里有鬼 – XCodeGhost样本分析
http://drops.wooyun.org/news/8864
[Web安全]  Phishing, Spiking, and Bad Hosting
https://labs.opendns.com/2015/09/14/phishing-spiking-and-bad-hosting/
[Web安全]  Blind Elephant Web Application Fingerprinter
https://community.qualys.com/blogs/securitylabs/2015/09/16/blindelephant--then-and-now
[文档]  Lightning training lab material and vms available for AppSecUSA
https://2015.appsecusa.org/agenda/lightning-trainings/
[恶意分析]  When Does Software Start Becoming Malware?
http://blogs.cisco.com/security/talos/infinity-toolkit
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第81期)