SecWiki周刊（第82期)

SecWiki周刊（第82期）

2015/09/21-2015/09/27

安全资讯

[移动安全] 绿盟云：XcodeGhost分析及在线检测
http://blog.nsfocus.net/nsfocus-xcodeghost-online-detection/

[其它] 缔造网络世界的乌托邦，我是方小顿
http://mp.weixin.qq.com/s?__biz=MzIzMTAzNzUxMQ==&mid=212081191&idx=1&sn=205b0b6588f0510bf9bfc968a42348ec&scene=23&srcid=09218dF7fsGciQljg1Kkmm5T#rd

[编程技术] 你为什么不分享
http://www.cnblogs.com/coffeedeveloper/p/4825177.html

[运维安全] 谈谈腾讯云安全
http://www.aqniu.com/neo-points/10334.html

[其它] 侠客方兴
http://mp.weixin.qq.com/s?__biz=MzIzMTAzNzUxMQ==&mid=211211306&idx=1&sn=ecbd6718cda78fd402806e7db51ed7e7&scene=20&scene=23&srcid=0921ExCklh54cX4myw4Nm60P#rd

安全技术

[Web安全] dzscan:discuz插件漏洞扫描框架
https://github.com/code-scan/dzscan

[Web安全] 基于WVS的批量扫描工具
http://www.n0tr00t.com/2015/09/22/WVS_Patcher-Assistant-for-WVS-Scaner.html

[取证分析] 安全威胁情报标准STIX介绍
http://www.sec-un.org/security-threat-intelligence-introduce-standard-stix.html

[数据挖掘] 维基百科简体中文语料的获取
http://licstar.net/archives/262

[Web安全] discuz-plugin-scan:扫discuz插件小工具
https://github.com/Tycx2ry/discuz-plugin-scan

[编程技术] 智普教育python就业培训视频教程
http://pan.baidu.com/s/1bnmFmAb

[漏洞分析] CVE-2015-2546：从补丁比对到Exploit
http://drops.wooyun.org/papers/9276

[Web安全] Pupy: opensource RAT written in Python
https://github.com/n1nj4sec/pupy

[无线安全] GSMem: Data Exfiltration from Air-Gapped Computers over GSM Frequencies
https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/guri

[漏洞分析] CVE-2015-5119 Flash ByteArray UaF: A beginner's walkthrough
https://labs.portcullis.co.uk/blog/cve-2015-5119-flash-bytearray-uaf-a-beginners-walkthrough/

[编程技术] 使用TaskManager爬取2万条代理IP实现自动投票功能
http://www.cnblogs.com/yanweidie/p/4800948.html

[编程技术] 9款国内外垂直领域的在线作图工具
http://www.csdn.net/article/2015-02-12/2823939

[数据挖掘] 漫谈大数据下的中文分词
http://yun.baidu.com/share/link?shareid=1728483051&uk=2890965790

[移动安全] Xcode非官方版本恶意代码污染事件（XcodeGhost）的分析与综述
http://mp.weixin.qq.com/s?__biz=MjM5MTA3Nzk4MQ==&mid=211283363&idx=1&sn=0be9595fe5e4e9e43b749f53297c2f48&scene=1

[移动安全] XCodeGhost详细分析报告
http://bbs.pediy.com/showthread.php?p=1393233#post1393233

[编程技术] 关于Python的面试题
https://github.com/taizilongxu/interview_python

[恶意分析] Equation APT analysis using Security Data Science platform: BinSecSweeper
http://www.simonroses.com/2015/09/equation-apt-analysis-using-security-data-science-platform-binsecsweeper/

[漏洞分析] A list of IDA Plugins
https://github.com/onethawt/idaplugins-list

[设备安全] 利用被入侵的路由器迈入内网
http://drops.wooyun.org/tips/9121

[恶意分析] CAMERASHY APT 报告
http://cdn2.hubspot.net/hubfs/454298/Project_CAMERASHY_ThreatConnect_Copyright_2015.pdf?t=1443030820943&submissionGuid=d81c5151-1781-4a0a-ac89-deaf7244db74

[恶意分析] Packer templates for creating a basic malware analysis lab
https://github.com/m-dwyer/packer-malware

[漏洞分析] FCatalog: Find similarities between binary functions
http://www.xorpd.net/pages/fcatalog.html

[运维安全] TcpDump使用手册
http://drops.wooyun.org/%e8%bf%90%e7%bb%b4%e5%ae%89%e5%85%a8/8885

[编程技术] SoundCloud：我们最终是如何使用微服务的？
http://dockone.io/article/695

[Web安全] 打造一个自动检测页面是否存在XSS的插件Ⅲ
http://www.freebuf.com/articles/web/79013.html

[Web安全] Remote code execution via PHP [Unserialize]
https://www.notsosecure.com/2015/09/24/remote-code-execution-via-php-unserialize/

[Web安全] PowerShell Memory Scraping for Credit Cards
http://www.shellntel.com/blog/2015/9/16/powershell-cc-memory-scraper

[移动安全] XcodeGhost截胡攻击和服务端的复现
http://drops.wooyun.org/papers/9024

[Web安全] GITS 2015 CTF 'aart' writeup
https://kitctf.de/writeups/gits2015/aart/

[数据挖掘] 时间图：长时间内离散事件的可视化
http://card.weibo.com/article/h5/s?from=timeline&isappinstalled=0#cid=1001603889475154487219&from=1054093010&wm=3333_2001&ip=27.38.4.33

[设备安全] Reversing Mobile Traffic Lights
http://www.bastibl.net/traffic-lights/

[Web安全] Dotabuff Bbs Worm
http://linux.im/2015/09/20/Dotabuff-Worm.html

[其它] Password_Storage_Cheat_Sheet
https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet

[视频] CSAW15 solution videos
https://www.dgsec.net/csaw15-solution-videos/

[文档] 网络安全与美中关系
http://www.brookings.edu/~/media/research/files/papers/2012/2/23-cybersecurity-china-us-singer-lieberthal/0223_cybersecurity_china_us_lieberthal_singer_pdf_english.pdf

[恶意分析] XCodeGhost：信息分享及企业防护建议
http://weibo.com/p/1001603889454044583522

[Web安全] CSAW CTF 2015 - Web 200 Writeup
http://jordan-wright.com/blog/2015/09/21/csaw-ctf-2015-web-200-writeup/

[设备安全] DEFCON 23 Badge Challenge
http://potatohatsecurity.tumblr.com/post/126411303994/defcon-23-badge-challenge

[恶意分析] awesome-malware-analysis:恶意分析资料
https://github.com/rshipp/awesome-malware-analysis

[恶意分析] Japanese Banking Trojan Shifu Combines Malware Tools
https://blogs.mcafee.com/mcafee-labs/japanese-banking-trojan-shifu-combines-malware-tools/

[数据挖掘] 基于Spark和Flask的一个可伸缩的电影推荐系统
http://python.jobbole.com/82207/

[恶意分析] Kaspersky: Mo Unpackers, Mo Problems
http://googleprojectzero.blogspot.com/2015/09/kaspersky-mo-unpackers-mo-problems.html

[恶意分析] malcontrol:Malware Control Monitor
https://github.com/marcoramilli/malcontrol

[Web安全] SQL profiling and introspection for applications using sqlalchemy
https://github.com/inconshreveable/sqltap

[移动安全] 外卖O2O App安全性分析：App漏洞评估平台技术细节
http://www.freebuf.com/articles/terminal/78699.html

[恶意分析] XCodeGhost 'Materializes' on App Store
https://labs.opendns.com/2015/09/21/xcodeghost-materializes/

[运维安全] Domain name permutation engine
https://github.com/elceef/dnstwist

[编程技术] 一次移动记账 App 的设计探索
http://isux.tencent.com/finance-mobile-app-design.html

[Web安全] Ways To Load Kerberos Tickets
http://carnal0wnage.attackresearch.com/2015/09/ways-to-load-kerberos-tickets.html

[Web安全] WordPress Vulnerability Analysis
http://drops.wooyun.org/papers/8988

[Web安全] Detect potentially malicious PHP files
https://github.com/nbs-system/php-malware-finder

[设备安全] 儿童智能手表行业安全问题报告
http://drops.wooyun.org/papers/9164

[恶意分析] UnityGhost的检测和回溯
http://xteam.baidu.com/?p=351

-----微信ID：SecWiki-----
SecWiki，12年来一直专注安全技术资讯分析！
SecWiki：https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第82期)

SecWiki周刊（第82期）

最新公告

友情链接

SecWiki公众号

安全学术圈