SecWiki周刊(第89期)
2015/11/09-2015/11/15
安全资讯
[恶意分析]  The clock is ticking that could blow up a free internet: the TPP
http://www.theguardian.com/commentisfree/2015/nov/06/clock-ticking-time-bomb-blow-up-free-internet-tpp
安全技术
[工具]  TensorFlow: Large-scale machine learning on heterogeneous systems
https://github.com/tensorflow/tensorflow
[Web安全]  Jenkins漏洞探测、用户抓取爆破
https://github.com/blackye/Jenkins
[移动安全]  OS-X-Security-and-Privacy-Guide
https://github.com/drduh/OS-X-Security-and-Privacy-Guide
[编程技术]  Python安全编码指南
http://drops.wooyun.org/tips/10383
[比赛]  绿盟科技网络攻防赛决赛Write-ups
http://blog.nsfocus.net/nsctf-network-attack-defence-finals/
[漏洞分析]  二进制漏洞人员的五个技能方向
http://weibo.com/p/1001603907896629983260
[书籍]  Violent Python中文版全本
http://pan.baidu.com/s/1qW5VdDE
[比赛]  第六季极客大挑战writeup
http://blog.sycsec.com/?p=725
[Web安全]  Redis CrackIT 入侵事件分析
http://static.nosec.org/download/redis_crackit_v1.0.pdf
[Web安全]  域渗透—Local Administrator Password Solution
http://drops.wooyun.org/tips/10496
[视频]  GeekPwn 2015 视频
http://v.qq.com/vplus/e659025cdd238151b188a15948ea99e1
[编程技术]  使用graphviz绘制流程图(2015版)
http://icodeit.org/2015/11/using-graphviz-drawing
[会议]  Black Hat EU-15 day two
http://pan.baidu.com/s/1eQExtSm
[数据挖掘]  Big data stories in seconds: Hacker News and BigQuery
https://medium.com/google-cloud/big-data-stories-in-seconds-hacker-news-abe52bc5caad
[设备安全]  使用FINS协议攻击欧姆龙(Omron)PLC的物理(I/O)输出
http://plcscan.org/blog/2015/11/attacks-omron-plc-coils-output/
[Web安全]  XSS to RCE in Atlassian Hipchat
http://maustin.net/2015/11/12/hipchat_rce.html
[数据挖掘]  行走在网格之间:微博用户关系模型
http://www.wbrecom.com/?p=605
[其它]  All-Natural, Organic, Free Range, Sustainable, Whitelisting Evasion - Regsvcs
http://subt0x10.blogspot.jp/2015/11/all-natural-organic-free-range.html
[移动安全]  POC2015 & RUXCON2015 盘古团队议题
http://blog.pangu.io/poc2015-ruxcon2015/
[文档]  Chinese Conferences Slide
https://drive.google.com/folderview?id=0B_thUFNIy8TdfjJMRDN3V05MVlpjOEF4VDJSY2V0YXRoZlhkem1NWDFZM3I5ZVZBLUV5OUE&usp=sharing#list
[移动安全]  蜻蜓FM广告源代码剖析
https://github.com/cryfish2015/QingTingCheat/blob/master/README.md
[移动安全]  手机银行业务安全评估方法
http://blog.nsfocus.net/mobile-banking-security-assessment/
[设备安全]  Hacking Smartwatches - the TomTom Runner, part 1
http://grangeia.io/2015/11/09/hacking-tomtom-runner-pt1/
[运维安全]  Shadow Daemon:a web application firewall
https://github.com/zecure/shadowd_ui
[文档]   Black Hat EU-15 Day 1
http://pan.baidu.com/s/1dDt07ux
[移动安全]  Android Inline Hook
http://secauo.com/Android-Inline-Hook.html
[文档]  BadBarcode: How to hack a starship with a piece of paper
http://www.slideshare.net/PacSecJP/hyperchem-ma-badbarcode-en1109nocommentfinal
[漏洞分析]  android-vts:Android Vulnerability Test Suite
https://github.com/nowsecure/android-vts
[Web安全]  Defeating Pass-the-Hash
https://dfirblog.wordpress.com/2015/11/08/protecting-windows-networks-defeating-pass-the-hash/
[恶意分析]  Iranian Cyber-Espionage Group Exposed
http://blog.checkpoint.com/wp-content/uploads/2015/11/rocket-kitten-report.pdf
[Web安全]  Jenkins CommonCollections Exploit
https://github.com/CaledoniaProject/jenkins-cli-exploit
[Web安全]  PowerCat - A PowerShell version of NetCat
https://github.com/secabstraction/PowerCat
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第89期)