SecWiki周刊(第83期)
2015/09/28-2015/10/04
安全资讯
[比赛]  2015 HITCON CTF
http://ctf.hitcon.org/
[漏洞分析]  500 million users at risk of compromise via unpatched WinRAR bug
http://www.net-security.org/secworld.php?id=18914
[会议]  Black Hat Arsenal Europe 2015 Line-Up
http://www.toolswatch.org/2015/10/black-hat-arsenal-europe-2015-line-up/
[编程技术]  程序员如何经营个人品牌
http://ink.csdn.net/articles/show/56014b2b3945a5dc26d12e46
[会议]  Black Hat Europe 2015 Briefings
https://www.blackhat.com/eu-15/briefings.html
[恶意分析]  Scottrade Breach Hits 4.6 Million Customers
http://krebsonsecurity.com/2015/10/scottrade-breach-hits-4-6-million-customers/
安全技术
[Web安全]  relative path overwrite
http://www.mbsd.jp/Whitepaper/rpo.pdf
[移动安全]  qark:Quick Android Review Kit
https://github.com/linkedin/qark
[取证分析]  Lpk.dll劫持+ 飞客蠕虫病毒取证
http://drops.wooyun.org/tips/9106
[Web安全]  Concise Courses Hacker Tools Videos
https://www.concise-courses.com/hacking-tools/videos/
[比赛]  绿盟科技网络攻防赛资料下载
http://blog.nsfocus.net/nsctf-network-attack-defence-game-download/
[运维安全]  Gitrob: Putting the Open Source in OSINT
http://michenriksen.com/blog/gitrob-putting-the-open-source-in-osint/
[数据挖掘]  10 种机器学习算法的要点(附 Python 和 R 代码)
http://blog.jobbole.com/92021/
[移动安全]  Android应用程序通用自动脱壳方法研究
http://drops.wooyun.org/papers/9214
[杂志]  黑客防线2015年第6期杂志
http://www.hacker.com.cn/show-7-2749-1.html
[比赛]  TrendMicro CTF 2015 : Poison Ivy (Defense 300) write-up
https://blog.0xbadc0de.be/archives/256
[设备安全]  ICS 工业控制系统安全风险分析
http://ftps.zdnet.com.cn/files/3/22758.pdf
[漏洞分析]  Revisiting Apple IPC: (1) Distributed Objects
http://googleprojectzero.blogspot.com/2015/09/revisiting-apple-ipc-1-distributed_28.html
[移动安全]  美团Android资源混淆保护实践
http://tech.meituan.com/mt-android-resource-obfuscation.html
[无线安全]  Attacking ZigBee and IEEE 802.15.4 networks: KillerBee
https://n0where.net/attacking-zigbee/
[恶意分析]  DUKES----持续七年的俄罗斯网络间谍组织大起底
http://drops.wooyun.org/papers/9292
[Web安全]  Bypassing IE's XSS Filter with HZ-GB-2312 escape sequence
http://mksben.l0.cm/2015/09/bypassing-xss-filter-hzgb2312.html
[漏洞分析]  Abusing GDI for ring0 exploit primitives
https://blog.coresecurity.com/2015/09/28/abusing-gdi-for-ring0-exploit-primitives/
[Web安全]  awesome pentest collection
https://github.com/enaqx/awesome-pentest
[设备安全]  [Part 1][EN] Hacking NETGEAR JWNR2010v5 Router
http://www.shellshocklabs.com/2015/09/part-1en-hacking-netgear-jwnr2010v5.html
[其它]  syscall graphs include linux,windox,os x bsd
https://w3challs.com/syscalls/
[编程技术]  使用cProfile分析Python程序性能
http://xianglong.me/article/analysis-python-application-performance-using-cProfile/
[恶意分析]  3,000 High-Profile Japanese Sites Hit By Massive Malvertising Campaign
http://blog.trendmicro.com/trendlabs-security-intelligence/3000-high-profile-japanese-sites-hit-by-massive-malvertising-campaign/
[数据挖掘]  Full Reddit Submission Corpus now available (2006 thru August 2015)
https://www.reddit.com/r/datasets/comments/3mg812/full_reddit_submission_corpus_now_available_2006/
[恶意分析]  基础数据与 威胁情报实战应⽤ 基础数据部分
http://874998.l18.yunpan.cn/lk/cH2QHnFYFthyk
[移动安全]  安卓动态调试七种武器之离别钩 – Hooking(上)
http://drops.wooyun.org/papers/9300
[设备安全]  How I hacked my IP camera, and found this backdoor account
http://jumpespjump.blogspot.tw/2015/09/how-i-hacked-my-ip-camera-and-found.html
[设备安全]  [Part 2][EN] Hacking NETGEAR JWNR2010v5 Router
http://www.shellshocklabs.com/2015/09/part-2en-hacking-netgear-jwnr2010v5.html
[移动安全]  OS X平台的Dylib劫持技术(上)
http://drops.wooyun.org/tips/9249
[Web安全]  Open-Source Phishing Toolkit
https://github.com/jordan-wright/gophish
[编程技术]  如何写好一份设计文档
http://www.jianshu.com/p/6eb0125b6518
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第83期)