SecWiki周刊(第82期)
2015/09/21-2015/09/27
安全资讯
[移动安全]  绿盟云:XcodeGhost分析及在线检测
http://blog.nsfocus.net/nsfocus-xcodeghost-online-detection/
[编程技术]  你为什么不分享
http://www.cnblogs.com/coffeedeveloper/p/4825177.html
[运维安全]  谈谈腾讯云安全
http://www.aqniu.com/neo-points/10334.html
安全技术
[Web安全]  dzscan:discuz插件漏洞扫描框架
https://github.com/code-scan/dzscan
[数据挖掘]  维基百科简体中文语料的获取
http://licstar.net/archives/262
[Web安全]  discuz-plugin-scan:扫discuz插件小工具
https://github.com/Tycx2ry/discuz-plugin-scan
[编程技术]  智普教育python就业培训视频教程
http://pan.baidu.com/s/1bnmFmAb
[漏洞分析]  CVE-2015-2546:从补丁比对到Exploit
http://drops.wooyun.org/papers/9276
[无线安全]  GSMem: Data Exfiltration from Air-Gapped Computers over GSM Frequencies
https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/guri
[Web安全]  Pupy: opensource RAT written in Python
https://github.com/n1nj4sec/pupy
[漏洞分析]  CVE-2015-5119 Flash ByteArray UaF: A beginner's walkthrough
https://labs.portcullis.co.uk/blog/cve-2015-5119-flash-bytearray-uaf-a-beginners-walkthrough/
[编程技术]  使用TaskManager爬取2万条代理IP实现自动投票功能
http://www.cnblogs.com/yanweidie/p/4800948.html
[编程技术]  9款国内外垂直领域的在线作图工具
http://www.csdn.net/article/2015-02-12/2823939
[数据挖掘]  漫谈大数据下的中文分词
http://yun.baidu.com/share/link?shareid=1728483051&uk=2890965790
[移动安全]  Xcode非官方版本恶意代码污染事件(XcodeGhost)的分析与综述
http://mp.weixin.qq.com/s?__biz=MjM5MTA3Nzk4MQ==&mid=211283363&idx=1&sn=0be9595fe5e4e9e43b749f53297c2f48&scene=1
[移动安全]  XCodeGhost详细分析报告
http://bbs.pediy.com/showthread.php?p=1393233#post1393233
[编程技术]  关于Python的面试题
https://github.com/taizilongxu/interview_python
[恶意分析]  Equation APT analysis using Security Data Science platform: BinSecSweeper
http://www.simonroses.com/2015/09/equation-apt-analysis-using-security-data-science-platform-binsecsweeper/
[漏洞分析]  A list of IDA Plugins
https://github.com/onethawt/idaplugins-list
[设备安全]  利用被入侵的路由器迈入内网
http://drops.wooyun.org/tips/9121
[恶意分析]  Packer templates for creating a basic malware analysis lab
https://github.com/m-dwyer/packer-malware
[漏洞分析]  FCatalog: Find similarities between binary functions
http://www.xorpd.net/pages/fcatalog.html
[编程技术]  SoundCloud:我们最终是如何使用微服务的?
http://dockone.io/article/695
[Web安全]  打造一个自动检测页面是否存在XSS的插件Ⅲ
http://www.freebuf.com/articles/web/79013.html
[Web安全]  Remote code execution via PHP [Unserialize]
https://www.notsosecure.com/2015/09/24/remote-code-execution-via-php-unserialize/
[Web安全]  PowerShell Memory Scraping for Credit Cards
http://www.shellntel.com/blog/2015/9/16/powershell-cc-memory-scraper
[移动安全]  XcodeGhost截胡攻击和服务端的复现
http://drops.wooyun.org/papers/9024
[Web安全]  GITS 2015 CTF 'aart' writeup
https://kitctf.de/writeups/gits2015/aart/
[设备安全]  Reversing Mobile Traffic Lights
http://www.bastibl.net/traffic-lights/
[Web安全]  Dotabuff Bbs Worm
http://linux.im/2015/09/20/Dotabuff-Worm.html
[其它]  Password_Storage_Cheat_Sheet
https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet
[视频]  CSAW15 solution videos
https://www.dgsec.net/csaw15-solution-videos/
[恶意分析]  XCodeGhost:信息分享及企业防护建议
http://weibo.com/p/1001603889454044583522
[恶意分析]  awesome-malware-analysis:恶意分析资料
https://github.com/rshipp/awesome-malware-analysis
[恶意分析]  Japanese Banking Trojan Shifu Combines Malware Tools
https://blogs.mcafee.com/mcafee-labs/japanese-banking-trojan-shifu-combines-malware-tools/
[数据挖掘]  基于Spark和Flask的一个可伸缩的电影推荐系统
http://python.jobbole.com/82207/
[恶意分析]  malcontrol:Malware Control Monitor
https://github.com/marcoramilli/malcontrol
[Web安全]  SQL profiling and introspection for applications using sqlalchemy
https://github.com/inconshreveable/sqltap
[移动安全]  外卖O2O App安全性分析:App漏洞评估平台技术细节
http://www.freebuf.com/articles/terminal/78699.html
[编程技术]  一次移动记账 App 的设计探索
http://isux.tencent.com/finance-mobile-app-design.html
[恶意分析]  XCodeGhost 'Materializes' on App Store
https://labs.opendns.com/2015/09/21/xcodeghost-materializes/
[运维安全]  Domain name permutation engine
https://github.com/elceef/dnstwist
[Web安全]  WordPress Vulnerability Analysis
http://drops.wooyun.org/papers/8988
[Web安全]  Detect potentially malicious PHP files
https://github.com/nbs-system/php-malware-finder
[设备安全]  儿童智能手表行业安全问题报告
http://drops.wooyun.org/papers/9164
[恶意分析]  UnityGhost的检测和回溯
http://xteam.baidu.com/?p=351
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第82期)