SecWiki周刊(第16期)
2014/06/16-2014/06/22
安全资讯
2014年APT攻击发展趋势及防御策略调研
http://safe.it168.com/a2014/0617/1636/000001636118_all.shtml
http://safe.it168.com/a2014/0617/1636/000001636118_all.shtml
在黑客删除全部客户数据后Code Spaces宣布关门
http://www.oschina.net/news/52988/code-spaces-hosting-shutting-down
http://www.oschina.net/news/52988/code-spaces-hosting-shutting-down
安全技术
How to use VBScript to turn on the God Mode?
http://www.secniu.com/how-to-use-vbscript-to-turn-on-the-god-mode/
http://www.secniu.com/how-to-use-vbscript-to-turn-on-the-god-mode/
Web渗透中的反弹Shell与端口转发的奇淫技巧
http://www.91ri.org/9367.html
http://www.91ri.org/9367.html
分享12款最佳的Bootstrap设计工具
http://www.csdn.net/article/2014-03-13/2818744-bootstrap-design-tools
http://www.csdn.net/article/2014-03-13/2818744-bootstrap-design-tools
winxp、win2003、win7、win8通用的shellcode
http://blog.csdn.net/chinafe/article/details/31387425
http://blog.csdn.net/chinafe/article/details/31387425
Web安全之SQL注入攻击技巧与防范
http://www.plhwin.com/2014/06/13/web-security-sql/
http://www.plhwin.com/2014/06/13/web-security-sql/
Insight: A(nother) Binary Analysis Framework
http://www.dagstuhl.de/mat/Files/14/14241/14241.FleuryEmmanuel.Slides.pdf
http://www.dagstuhl.de/mat/Files/14/14241/14241.FleuryEmmanuel.Slides.pdf
Cyber Security Challenge Australia
https://www.cyberchallenge.com.au/inabox.html
https://www.cyberchallenge.com.au/inabox.html
Ghost Phisher Python Tool For Wireless And Ethernet Security Testing
http://blog.hackersonlineclub.com/2014/06/ghost-phisher-python-tool-for-wireless.html
http://blog.hackersonlineclub.com/2014/06/ghost-phisher-python-tool-for-wireless.html
Disclosure: Remote Code Execution Vuln in Disqus
http://blog.sucuri.net/2014/06/anatomy-of-a-remote-code-execution-bug-on-disqus.html
http://blog.sucuri.net/2014/06/anatomy-of-a-remote-code-execution-bug-on-disqus.html
在远程计算机上搜集firefox的cookie 和历史记录
http://www.dis9.com/74.html
http://www.dis9.com/74.html
CVE-2014-4014: Linux Kernel Local Privilege Escalation "exploitation"
http://hashcrack.org/index.html#190614
http://hashcrack.org/index.html#190614
python 远程线程注入代码
http://blog.csdn.net/chence19871/article/details/32718219
http://blog.csdn.net/chence19871/article/details/32718219
A 360° View of Cybersecurity
http://www.fireeye.com/blog/corporate/2014/06/a-360-view-of-cybersecurity-fireeye-incident-detection-response-virtual-summit.html
http://www.fireeye.com/blog/corporate/2014/06/a-360-view-of-cybersecurity-fireeye-incident-detection-response-virtual-summit.html
PaX的技术考古之旅
http://insight-labs.org/?p=1347
http://insight-labs.org/?p=1347
Norse:See Live Cyber Attacks Right Now!
http://map.ipviking.com/
http://map.ipviking.com/
DigitalOcean VPS 上如何安装 VPN
http://blog.eood.cn/digitalocean-vps-vpn
http://blog.eood.cn/digitalocean-vps-vpn
USB Fuzzing Basics: From fuzzing to bug reporting
http://blog.quarkslab.com/usb-fuzzing-basics-from-fuzzing-to-bug-reporting.html
http://blog.quarkslab.com/usb-fuzzing-basics-from-fuzzing-to-bug-reporting.html
XSS 前端防火墙 —— 天衣无缝的防护
http://fex.baidu.com/blog/2014/06/xss-frontend-firewall-4/
http://fex.baidu.com/blog/2014/06/xss-frontend-firewall-4/
C-DBLP:以作者为中心的学术搜索网站
http://www.cdblp.cn/index.php
http://www.cdblp.cn/index.php
Exploring Elasticsearch Book
http://exploringelasticsearch.com/
http://exploringelasticsearch.com/
Android Cheatsheet: Vuln/Exploit List (privesc)
https://docs.google.com/spreadsheet/pub?key=0Am5hHW4ATym7dGhFU1A4X2lqbUJtRm1QSWNRc3E0UlE&single=true&gid=0&output=html
https://docs.google.com/spreadsheet/pub?key=0Am5hHW4ATym7dGhFU1A4X2lqbUJtRm1QSWNRc3E0UlE&single=true&gid=0&output=html
《安全参考》HACKCTO-201406-18
http://pan.baidu.com/s/1pJpxfq7
http://pan.baidu.com/s/1pJpxfq7
Sendmail crackaddr - Static Analysis strikes back
http://www.dagstuhl.de/mat/Files/14/14241/14241.MihailaBogdan.Slides.pdf
http://www.dagstuhl.de/mat/Files/14/14241/14241.MihailaBogdan.Slides.pdf
长老木马二代FakeDebuggerd.B分析报告
http://blogs.360.cn/blog/analysis_of_fakedebuggerd_b/
http://blogs.360.cn/blog/analysis_of_fakedebuggerd_b/
charles使用教程指南
http://drops.wooyun.org/tips/2423
http://drops.wooyun.org/tips/2423
基于Check Point软件定义防护架构的网络威胁分析报告
http://static.3001.net/upload/20140619/14031076591909.pdf
http://static.3001.net/upload/20140619/14031076591909.pdf
playdrone:Google Play Crawler
https://github.com/nviennot/playdrone
https://github.com/nviennot/playdrone
走进科学:揭秘如何入侵电视机
http://www.freebuf.com/articles/terminal/36503.html
http://www.freebuf.com/articles/terminal/36503.html
Jackdaw Automatic, unsupervised, scalable extraction and semantic behaviors
http://www.dagstuhl.de/mat/Files/14/14241/14241.ZaneroStefano.Slides.pdf
http://www.dagstuhl.de/mat/Files/14/14241/14241.ZaneroStefano.Slides.pdf
SSH临时开启端口的日志监控
http://weibo.com/p/1001603723521007220513
http://weibo.com/p/1001603723521007220513
FortiSandBox:Advanced Threat Detection Appliances
http://www.fortinet.com/products/fortisandbox/
http://www.fortinet.com/products/fortisandbox/
Fireeyee解剖新型Android恶意软件
http://www.freebuf.com/articles/terminal/36875.html
http://www.freebuf.com/articles/terminal/36875.html
pypubjs:Integrated development environment for PythonJS using NodeWebkit
https://github.com/PythonJS/pypubjs
https://github.com/PythonJS/pypubjs
Java Zero-Day Exploit
http://java-exploit.com/
http://java-exploit.com/
Nosql-Exploitation-Framework
https://github.com/torque59/Nosql-Exploitation-Framework
https://github.com/torque59/Nosql-Exploitation-Framework
QQ蠕虫的行为检测方法
http://www.91ri.org/9389.html
http://www.91ri.org/9389.html
Linux 命令行下的好东西
http://jianshu.io/p/5ca890e5bdbf
http://jianshu.io/p/5ca890e5bdbf
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第16期)
