SecWiki周刊(第91期)
2015/11/23-2015/11/29
安全资讯
[会议]  FSI 2015 | 安全创新之未来
http://isf.cisrg.org/
安全技术
[设备安全]  使用Wireshark分析工控协议
http://plcscan.org/blog/2015/11/using-the-wireshark-analysis-ics-protocol/
[文档]  信息安全之路--和好友共同学习[ie8t]
http://pan.baidu.com/s/1gdyhq0r
[移动安全]  一步一步学ROP之gadgets和2free篇
http://drops.wooyun.org/binary/10638
[漏洞分析]  浏览器fuzz框架介绍
http://drops.wooyun.org/papers/10590
[Web安全]  360护心镜脚本分析及N种绕过方式
http://drops.wooyun.org/web/10636
[取证分析]  浅析安全威胁情报共享框架OpenIOC
http://www.freebuf.com/tools/86580.html
[Web安全]  新浪微博 CSRF & ClickJacking 蠕虫
http://linux.im/2015/11/23/SinaWeibo-Worm.html
[取证分析]  从异常挖掘到CC攻击地下黑客团伙
http://weibo.com/p/1001603912771065542344
[漏洞分析]  Exploit Hardening Made Easy
http://users.ece.cmu.edu/~ejschwar/papers/usenix11.pdf
[Web安全]  is_numeric的理解和PHP 脚本多字节字符解析模式带来的安全隐患
http://k1p4ss.sinaapp.com/?p=328
[编程技术]  awesome-python: 优秀库汇总
https://github.com/vinta/awesome-python
[移动安全]  揭开山寨应用的伪装面具
http://blog.avlyun.com/2015/11/2546/mask/
[Web安全]  angularjs-expression-security-internals
https://www.veracode.com/blog/2015/07/angularjs-expression-security-internals
[工具]  PWNtcha – captcha decoder
http://caca.zoy.org/wiki/PWNtcha
[运维安全]  Linux工具快速教程 — Linux Tools Quick Tutorial
http://linuxtools-rst.readthedocs.org/zh_CN/latest/index.html
[Web安全]   A security scanner for HTTP response headers.
https://github.com/riramar/hsecscan
[Web安全]  Exploiting JBoss with Empire and PowerShell
http://www.rvrsh3ll.net/blog/offensive/exploiting-jboss-with-powershell-and-empire/
[恶意分析]  A king's ransom: an analysis of the CTB-locker ransomware
http://samvartaka.github.io/malware/2015/11/20/ctb-locker/
[恶意分析]  PEERING INTO GLASSRAT A Zero Detection Trojan from China
https://blogs.rsa.com/wp-content/uploads/2015/11/GlassRAT-final.pdf
[书籍]  情报系列书籍(电子版)
http://pan.baidu.com/s/1eQdQmC6
[设备安全]  从智能插座看智能生活的安全隐患
http://security.tencent.com/index.php/blog/msg/98
[其它]  Markov Chains as a Keyed Obfuscation Method
https://bwall.github.io/markov-chains-keyed-obfuscation/
[漏洞分析]  reko: general purpose decompiler
http://uxmal.github.io/reko/
[漏洞分析]  The flawed crypto of Hacking Team's 'core-packer' malware crypter
http://samvartaka.github.io/malware/2015/09/13/hackingteam-crypter/
[Web安全]  PHP static code analysis vs ~1000 top wordpress plugins
http://blog.cinu.pl/2015/11/php-static-code-analysis-vs-top-1000-wordpress-plugins.html
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第91期)