SecWiki周刊(第93期)
2015/12/07-2015/12/13
安全资讯
2015年网络安全大事记
http://www.aqniu.com/neo-points/12333.html
http://www.aqniu.com/neo-points/12333.html
安全技术
JBoss JMXInvokerServlet 漏洞批量检测
https://github.com/az0ne/jboss_autoexploit
https://github.com/az0ne/jboss_autoexploit
偶遇BASH攻击,险入僵尸网络
http://lewisec.sinaapp.com/2015/12/01/bash-botnet/
http://lewisec.sinaapp.com/2015/12/01/bash-botnet/
2015 hctf7 all problems
https://github.com/hduisa/hctf2015-all-problems
https://github.com/hduisa/hctf2015-all-problems
工控网络协议模糊测试:用peach对modbus协议进行模糊测试
http://www.freebuf.com/articles/security-management/88249.html
http://www.freebuf.com/articles/security-management/88249.html
MASSCAN Web Interface
https://www.offensive-security.com/offsec/masscan-web-interface/
https://www.offensive-security.com/offsec/masscan-web-interface/
IDA Pro 6.8 + All Decompilers Full Leak
http://www.52pojie.cn/thread-442702-1-1.html
http://www.52pojie.cn/thread-442702-1-1.html
Cybercrime in the Deep Web:暗网深度解析
http://drops.wooyun.org/news/10913
http://drops.wooyun.org/news/10913
狗汪汪玩转无线电 -- GPS Hacking (上)
http://drops.wooyun.org/tips/11155
http://drops.wooyun.org/tips/11155
sqlmaps-tamper-scripts的作用说明
http://www.forkbombers.com/2013/05/sqlmaps-tamper-scripts.html
http://www.forkbombers.com/2013/05/sqlmaps-tamper-scripts.html
ZeroNights Conference materials
http://2015.zeronights.org/materials.html
http://2015.zeronights.org/materials.html
0day DLL Hijacking vulnerabilities in Microsoft Office
http://www.greyhathacker.net/docs/OfficeDLLhijacking.zip
http://www.greyhathacker.net/docs/OfficeDLLhijacking.zip
Tutorial: How to reverse unknown protocols using Netzob
http://blog.amossys.fr/How_to_reverse_unknown_protocols_using_Netzob.html
http://blog.amossys.fr/How_to_reverse_unknown_protocols_using_Netzob.html
The Swift Programming Language(source code)
https://github.com/apple/swift
https://github.com/apple/swift
Best Practices: Indicator Rating and Confidence
https://www.threatconnect.com/best-practices-indicator-rating-and-confidence/
https://www.threatconnect.com/best-practices-indicator-rating-and-confidence/
SCADA网络fuzzing测试及防护
http://blog.nsfocus.net/scada-network-fuzzing-test-protection/
http://blog.nsfocus.net/scada-network-fuzzing-test-protection/
2015年度CCF优秀博士学位论文奖初评结果
http://www.ccf.org.cn/sites/ccf/xhdtnry.jsp?contentId=2897719129810
http://www.ccf.org.cn/sites/ccf/xhdtnry.jsp?contentId=2897719129810
making-an-antivirus-engine-the-guidelines
http://www.adlice.com/making-an-antivirus-engine-the-guidelines/
http://www.adlice.com/making-an-antivirus-engine-the-guidelines/
Unboxing the White-Box Practical attacks against Obfuscated Ciphers
http://www.limited-entropy.com/bheu15/eu-15-Sanfelix-Mune-DeHaas-Unboxing-The-White-Box-wp.pdf
http://www.limited-entropy.com/bheu15/eu-15-Sanfelix-Mune-DeHaas-Unboxing-The-White-Box-wp.pdf
Best Free Hacking E-Books (PDFs) • HaCoder
http://www.hacoder.com/2015/12/best-free-hacking-e-books-pdfs/
http://www.hacoder.com/2015/12/best-free-hacking-e-books-pdfs/
SHURIKEN: Exploit throwing framework
https://github.com/samuraictf/shuriken-framework
https://github.com/samuraictf/shuriken-framework
SPartan: Sharepoint pentest Tool
https://github.com/sensepost/SPartan
https://github.com/sensepost/SPartan
TensorFlow tutorials and code examples for beginners
https://github.com/aymericdamien/TensorFlow-Examples
https://github.com/aymericdamien/TensorFlow-Examples
利用Chakra JIT绕过DEP和CFG
http://xlab.tencent.com/cn/2015/12/09/bypass-dep-and-cfg-using-jit-compiler-in-chakra-engine/
http://xlab.tencent.com/cn/2015/12/09/bypass-dep-and-cfg-using-jit-compiler-in-chakra-engine/
Browser mitigations against memory corruption vulnerabilities
https://docs.google.com/document/d/19dspgrz35VoJwdWOboENZvccTSGudjQ_p8J4OPsYztM/edit?pli=1#heading=h.3bmhtfuce3n8
https://docs.google.com/document/d/19dspgrz35VoJwdWOboENZvccTSGudjQ_p8J4OPsYztM/edit?pli=1#heading=h.3bmhtfuce3n8
Malware Sakula - Evolutions v2.x-3.x (Part 2)
http://blog.airbuscybersecurity.com/post/2015/10/Malware-Sakula-Evolutions-%28Part-2/2%29
http://blog.airbuscybersecurity.com/post/2015/10/Malware-Sakula-Evolutions-%28Part-2/2%29
Data Exfiltration via Blind OS Command Injection
http://www.contextis.com/resources/blog/data-exfiltration-blind-os-command-injection/
http://www.contextis.com/resources/blog/data-exfiltration-blind-os-command-injection/
Analysis of Telegram Crypto
http://cs.au.dk/~jakjak/master-thesis.pdf
http://cs.au.dk/~jakjak/master-thesis.pdf
Seven Years of a South American Threat Actor
https://citizenlab.org/2015/12/packrat-report/
https://citizenlab.org/2015/12/packrat-report/
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第93期)
