SecWiki周刊（第86期)

SecWiki周刊（第86期）

2015/10/19-2015/10/25

安全资讯

[视频] Threat Intelligence Overview
https://www.youtube.com/watch?v=q_X9DAElc1c

[其它] 全球网络安全专业实力最强十所大学
http://www.aqniu.com/security-reports/11092.html

[工具] Free COMODO PositiveSSL from 80host
http://freessl.80host.com/cgi-bin/certificate-apply.pl

[工具] Logscape:Operational Intelligence, Log Management
http://www.logscape.com/index.html#pricing

[其它] 国内网络个人安全现状浅论
http://weibo.com/p/1001603900428533265627

[恶意分析] IBM Runs World’s Worst Spam-Hosting ISP?
http://krebsonsecurity.com/2015/10/ibm-runs-worlds-worst-spam-hosting-isp/

[其它] 想成为技术牛人，千万不要成为虚名牢笼的奴隶
http://card.weibo.com/article/h5/s#cid=1001603719145786056597&vid=&extparam=

[恶意分析] 32个国家和地区被部署了间谍软件FinFisher
http://mp.weixin.qq.com/s?__biz=MzI4MjA1MzkyNA==&mid=400213000&idx=1&sn=adeee3ed3781788684143f61b9a8986c&scene=1

[其它] DigitalOcean 的 CMO 如何在红海做用户增长
https://strace.co/cn/post/growth-hacking-digitalocean.html

[会议] VARA 2015 大会简报及两个不错的议题
http://chuansong.me/n/1840952

[会议] 2015中国互联网安全领袖峰会
http://www.thecss.cn/css/index.html

[运维安全] 1Password Leaks Your Data
http://myers.io/2015/10/22/1password-leaks-your-data/

安全技术

[Web安全] 使用sqlmapapi和http-proxy检测SQL注入漏洞
http://blog.csdn.net/u011721501/article/details/49251047

[文档] 腾讯云安全白皮书
http://qzonestyle.gtimg.cn/qzone/vas/opensns/res/doc/Qcloud_Security_White_Paper.pdf

[恶意分析] 威胁感知的方法论
http://weibo.com/p/1001603901166504295569

[漏洞分析] Wadi fuzzer
https://www.sensepost.com/blog/2015/wadi-fuzzer/

[编程技术] Yii2 干货集
https://github.com/forecho/awesome-yii2

[移动安全] 移动APP安全测试要点
http://blog.nsfocus.net/mobile-app-security-security-test/

[漏洞分析] Flash Exploit Used in Pawn Storm Circumvents Mitigation Techniques
http://blog.trendmicro.com/trendlabs-security-intelligence/latest-flash-exploit-used-in-pawn-storm-circumvents-mitigation-techniques/

[Web安全] WAF的XSS绕过姿势
http://www.freebuf.com/articles/web/81959.html

[Web安全] DNS隧道技术绕防火墙
http://drops.wooyun.org/tips/9597

[Web安全] Dumping ntds.dit files using PowerShell
https://www.dsinternals.com/en/dumping-ntds-dit-files-using-powershell/

[比赛] HITCON CTF 2015 Quals Web 出題心得
http://kb.hitcon.org/post/131488130087/hitcon-ctf-2015-quals-web-%E5%87%BA%E9%A1%8C%E5%BF%83%E5%BE%97

[恶意分析] Technology Overview for Threat Intelligence Platforms
http://www.gartner.com/technology/reprints.do?id=1-2LVV2L5&ct=150825

[文档] 2015 hack-lu slide
http://2015.hack.lu/archive/2015/

[设备安全] 智能设备逆向工程之外部Flash读取与分析篇
http://drops.wooyun.org/binary/9797

[其它] Reassembleable Disassembling
https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-wang-shuai.pdf

[文档] 2015绿盟科技云安全解决方案
http://blog.nsfocus.net/wp-content/uploads/2015/10/2015-NSFOCUS-Cloud-Security-Solution.pdf

[视频] 计算机学科自学视频教程系列
https://github.com/open-source-society/computer-science

[编程技术] Packet-Sniffing-Backdoor
https://github.com/JustinTom/Packet-Sniffing-Backdoor

[数据挖掘] Statistics for Hackers
https://speakerdeck.com/jakevdp/statistics-for-hackers

[恶意分析] Multi-stage exploit installing trojan
http://www.welivesecurity.com/2015/10/20/multi-stage-exploit-installing-trojan/

[其它] simple debugger
https://bitbucket.org/gbrindisi/sdbg

[Web安全] 打造一个自动检测页面是否存在XSS的插件（完结篇）
http://www.freebuf.com/tools/82743.html

[其它] ZDI-13-246 (2013) Java 1.7.0_15 Sandbox Bypass via ObjectOutputStream
http://benmmurphy.github.io/blog/2015/10/23/zdi-13-246-2013-java-1-dot-7-0-15-sandbox-bypass-via-objectoutputstream/index.html

[其它] Execute Shellcode From Registry with InstallUtil.exe
https://gist.github.com/subTee/e07e4a8aa6dc0e1cdf5d

[Web安全] meterpreter常见脚本介绍
http://drops.wooyun.org/tips/9732

[Web安全] Exploiting Insecure crossdomain.xml , Just bad
http://aajalal.github.io/Exploiting-Insecure-crossdomain-spreaker/

[恶意分析] Internal Threat Intelligence – What Hunters Do
http://raffy.ch/blog/2015/10/16/internal-threat-intelligence-what-hunters-do/

[其它] Understanding File System Minifilter and Legacy Filter Load Order
http://blogs.msdn.com/b/ntdebugging/archive/2013/03/25/understanding-file-system-minifilter-and-legacy-filter-load-order.aspx

[设备安全] 解决工控网络通信协议威胁的实践
http://plcscan.org/blog/2015/10/ids-rules-for-scada-systems/

[文档] 2014 Global Report on the Cost of Cyber Crime
http://h20195.www2.hp.com/v2/getpdf.aspx/4AA5-5207ENW.pdf?ver=1.0

[Web安全] Joomla SQL Injection Vulnerability Exploit in Full Administrative Access
https://www.trustwave.com/Resources/SpiderLabs-Blog/Joomla-SQL-Injection-Vulnerability-Exploit-Results-in-Full-Administrative-Access/

[Web安全] Attacking Ruby on Rails Applications
http://phrack.org/papers/attacking_ruby_on_rails.html

-----微信ID：SecWiki-----
SecWiki，12年来一直专注安全技术资讯分析！
SecWiki：https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第86期)

SecWiki周刊（第86期）

最新公告

友情链接

SecWiki公众号

安全学术圈