SecWiki周刊(第98期)
2016/01/11-2016/01/17
安全资讯
[漏洞分析]  SSH Backdoor for FortiGate OS Version 4.x up to 5.0.7
http://seclists.org/fulldisclosure/2016/Jan/26
[恶意分析]  如何选择威胁情报厂商(含推荐清单)
http://www.sec-un.org/how-to-choose-the-threat-information-vendors-featured-list.html
安全技术
[Web安全]  HTTP头注入发现方法(有案例)
http://www.moonsec.com/post-184.html
[Web安全]  HTTP头注入的发现和工具化利用
http://loudong.360.cn/blog/view/id/14
[恶意分析]  浅谈硬件固件后门的危害和固件安全检测的必要性
http://mp.weixin.qq.com/s?__biz=MzA4MjYwODg0OQ==&mid=401751513&idx=1&sn=273132f9bd64136f74510319f4fe7e03#rd
[漏洞分析]  ESET CrackMe Challenge 2015 Walkthrough
https://quequero.org/2016/01/eset-crackme-challenge-2015-walkthrough/
[恶意分析]  Hunting for Malware with Machine Learning
http://blog.cylance.com/hunting-for-malware-with-machine-learning
[会议]  2015 WitAwards互联网安全Slide(PW: 369b)
http://pan.baidu.com/s/1gengcAB
[恶意分析]  Exploring Peer to Peer Botnets
http://www.malwaretech.com/2016/01/exploring-peer-to-peer-botnets.html
[运维安全]  下一代防火墙的几个思考
http://blog.nsfocus.net/thoughts-next-generation-firewall/
[Web安全]  (xss)when-reflected-becomes-stored
https://respectxss.blogspot.de/2016/01/when-reflected-becomes-stored.html
[移动安全]  陈恺:面向海量软件的未知恶意代码检测方法
http://www.inforsec.org/wp/?p=489
[恶意分析]  JavaScript Deobfuscation Tool
https://isc.sans.edu/forums/diary/JavaScript+Deobfuscation+Tool/20619/
[数据挖掘]  六款大数据采集平台的架构分析
http://www.36dsj.com/archives/39854
[漏洞分析]  Palantir in a number of parts - Part 11 - Expansion
http://about80minutes.blogspot.com/search/label/Palantir
[Web安全]  从活动目录获取域管理员权限的各种姿势
http://drops.wooyun.org/tips/12021
[设备安全]  乌克兰电力攻击事件分析及防护方案
http://blog.nsfocus.net/ukraine-power-plant-attack-analysis-protection-programs/
[Web安全]  Top 10 Web Hacking Techniques of 2015
http://blog.whitehatsec.com/top-10-web-hacking-techniques-of-2015/
[恶意分析]  Ascending the Ranks: The Brazilian Cybercriminal Underground in 2015
http://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/brazilian-cybercriminal-underground-2015
[设备安全]  ICS Security Tools, Tips, and Trade
https://github.com/ITI/ICS-Security-Tools
[Web安全]  WEB 应用安全的总结 – 乌托邦
http://sbilly.com/2015/04/15/web-application-security-2016/#fnref-6-7
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第98期)