SecWiki周刊(第85期)
2015/10/12-2015/10/18
安全资讯
[设备安全]  Industrial control system security in 2014: trends and vulnerabilities
http://blog.ptsecurity.com/2015/10/industrial-control-system-security-in.html
[恶意分析]  Holy Threat Intel Sharing
http://www.cyintanalysis.com/holy-threat-intel-sharing/
安全技术
[Web安全]  SkyWolf_Demo—PHP超强代码审计
http://v.youku.com/v_show/id_XMTM1NTY4ODI0MA==.html
[文档]  A Shodan Tutorial and Primer
https://danielmiessler.com/study/shodan/
[Web安全]  php-security-scanner
https://github.com/ircmaxell/php-security-scanner
[论文]  学术顶会-CCS-2015 录用论文
http://www.sigsac.org/ccs/CCS2015/ccs2015-toc.html
[Web安全]  解析P2P金融的业务安全
http://www.freebuf.com/articles/others-articles/81062.html
[Web安全]  BlackHat 2015:Red Vs Blue Modern Active Directory Attacks, Detection
https://www.youtube.com/watch?v=ELT3jeV8J8U&list=PLwibn_3po6c9sA7_6sOCTyDWhX26eKJkd&index=48
[编程技术]  REST API 安全设计指南
http://blog.nsfocus.net/rest-api-design-safety/
[其它]  看美国司法部如何用twitter等社交媒体取证和质证
http://www.justice.gov/opa/file/784501/download
[视频]  KCon 2015 黑客安全大会视频
http://www.ichunqiu.com/course/775
[运维安全]  Logstash 最佳实践
https://github.com/chenryn/logstash-best-practice-cn
[漏洞分析]  漏洞挖掘基础之格式化字符串
http://drops.wooyun.org/papers/9426
[漏洞分析]  Satoshi's note: Some Tips to Analyze PatchGuard
http://standa-note.blogspot.com/2015/10/some-tips-to-analyze-patchguard.html
[其它]  winsty: 我的PhD总结
http://www.52cs.org/?p=632
[Web安全]  libemu-scapy-for-shellcode-on-the-network
https://bwall.github.io/libemu-scapy-for-shellcode-on-the-network/
[其它]  Pentest Box
https://pentestbox.com/
[其它]  Monitoring tool for PasteBin-alike sites
https://github.com/cvandeplas/pystemon
[数据挖掘]  Topic Modeling FOIA Data
http://www.harvest.ai/blog/2015/10/12/topicmodelingfoiadata
[漏洞分析]  Code coverage using dynamic symbolic execution
http://triton.quarkslab.com/blog/Code-coverage-using-dynamic-symbolic-execution/
[移动安全]  iOS APP安全杂谈之三
http://drops.wooyun.org/papers/9598
[恶意分析]  The rise of .NET and powershell malware
https://securelist.com/blog/research/72417/the-rise-of-net-and-powershell-malware/
[设备安全]  Cybersecurity Research: Addressing the Legal Barriers and Disincentives
http://www.ischool.berkeley.edu/files/cybersec-research-nsf-workshop.pdf
[Web安全]  Using APT tactics and techniques in your pentests
http://strategicsec.com/using-apt-tactics-techniques-in-pentests/
[恶意分析]  Mapping FinFisher's Continuing Proliferation
http://citizenlab.org/2015/10/mapping-finfishers-continuing-proliferation/
[其它]  PENTESTIT | Penetration Test Lab
https://lab.pentestit.ru/
[恶意分析]  A close look at an operating botnet
http://conorpp.com/blog/a-close-look-at-an-operating-botnet/
[移动安全]  Android Vulnerabilities Database
http://androidvulnerabilities.org/
[移动安全]  Reverse shell over SMS (Exploiting CVE-2015-5897)
http://blog.gdssecurity.com/labs/2015/10/13/reverse-shell-over-sms-exploiting-cve-2015-5897.html
[Web安全]  域渗透的金之钥匙
http://drops.wooyun.org/tips/9591
[恶意分析]  New Javascript Deobfuscator Tool
http://www.kahusecurity.com/2015/new-javascript-deobfuscator-tool/
[恶意分析]  Intelligence-Driven Risk Analysis
http://www.threatconnect.com/threat-intelligence-driven-risk-analysis/
安全专题
CTF 相关工具和资料
https://www.sec-wiki.com/topic/65
NoSQL 安全工具汇总
https://www.sec-wiki.com/topic/66
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第85期)