SecWiki周刊(第16期)
2014/06/16-2014/06/22
安全资讯
[Web安全]  2014年APT攻击发展趋势及防御策略调研
http://safe.it168.com/a2014/0617/1636/000001636118_all.shtml
[Web安全]  在黑客删除全部客户数据后Code Spaces宣布关门
http://www.oschina.net/news/52988/code-spaces-hosting-shutting-down
安全技术
[漏洞分析]  How to use VBScript to turn on the God Mode?
http://www.secniu.com/how-to-use-vbscript-to-turn-on-the-god-mode/
[Web安全]  Web渗透中的反弹Shell与端口转发的奇淫技巧
http://www.91ri.org/9367.html
[编程技术]  分享12款最佳的Bootstrap设计工具
http://www.csdn.net/article/2014-03-13/2818744-bootstrap-design-tools
[漏洞分析]  winxp、win2003、win7、win8通用的shellcode
http://blog.csdn.net/chinafe/article/details/31387425
[Web安全]  Web安全之SQL注入攻击技巧与防范
http://www.plhwin.com/2014/06/13/web-security-sql/
[恶意分析]  Insight: A(nother) Binary Analysis Framework
http://www.dagstuhl.de/mat/Files/14/14241/14241.FleuryEmmanuel.Slides.pdf
[Web安全]  Cyber Security Challenge Australia
https://www.cyberchallenge.com.au/inabox.html
[Web安全]  Disclosure: Remote Code Execution Vuln in Disqus
http://blog.sucuri.net/2014/06/anatomy-of-a-remote-code-execution-bug-on-disqus.html
[无线安全]  Ghost Phisher Python Tool For Wireless And Ethernet Security Testing
http://blog.hackersonlineclub.com/2014/06/ghost-phisher-python-tool-for-wireless.html
[Web安全]  在远程计算机上搜集firefox的cookie 和历史记录
http://www.dis9.com/74.html
[漏洞分析]  CVE-2014-4014: Linux Kernel Local Privilege Escalation "exploitation"
http://hashcrack.org/index.html#190614
[编程技术]  python 远程线程注入代码
http://blog.csdn.net/chence19871/article/details/32718219
[Web安全]  PaX的技术考古之旅
http://insight-labs.org/?p=1347
[恶意分析]  Norse:See Live Cyber Attacks Right Now!
http://map.ipviking.com/
[运维安全]  DigitalOcean VPS 上如何安装 VPN
http://blog.eood.cn/digitalocean-vps-vpn
[漏洞分析]  USB Fuzzing Basics: From fuzzing to bug reporting
http://blog.quarkslab.com/usb-fuzzing-basics-from-fuzzing-to-bug-reporting.html
[Web安全]  国外博士论文下载网站
http://www.douban.com/note/276894826/?session=ed948d07
[Web安全]  XSS 前端防火墙 —— 天衣无缝的防护
http://fex.baidu.com/blog/2014/06/xss-frontend-firewall-4/
[其它]  C-DBLP:以作者为中心的学术搜索网站
http://www.cdblp.cn/index.php
[其它]  新技能:教你破解行李箱密码
http://fuliba.net/%e8%a7%a3%e9%94%81%e8%a1%8c%e6%9d%8e%e7%ae%b1.html
[书籍]  Exploring Elasticsearch Book
http://exploringelasticsearch.com/
[设备安全]  RFID安全技术探讨
http://security.tencent.com/index.php/blog/msg/52
[无线安全]  Sendmail crackaddr - Static Analysis strikes back
http://www.dagstuhl.de/mat/Files/14/14241/14241.MihailaBogdan.Slides.pdf
[Web安全]  《安全参考》HACKCTO-201406-18
http://pan.baidu.com/s/1pJpxfq7
[Web安全]  charles使用教程指南
http://drops.wooyun.org/tips/2423
[恶意分析]  基于Check Point软件定义防护架构的网络威胁分析报告
http://static.3001.net/upload/20140619/14031076591909.pdf
[移动安全]  长老木马二代FakeDebuggerd.B分析报告
http://blogs.360.cn/blog/analysis_of_fakedebuggerd_b/
[移动安全]  playdrone:Google Play Crawler
https://github.com/nviennot/playdrone
[设备安全]  走进科学:揭秘如何入侵电视机
http://www.freebuf.com/articles/terminal/36503.html
[恶意分析]  Jackdaw Automatic, unsupervised, scalable extraction and semantic behaviors
http://www.dagstuhl.de/mat/Files/14/14241/14241.ZaneroStefano.Slides.pdf
[Web安全]  SSH临时开启端口的日志监控
http://weibo.com/p/1001603723521007220513
[恶意分析]  FortiSandBox:Advanced Threat Detection Appliances
http://www.fortinet.com/products/fortisandbox/
[移动安全]  Fireeyee解剖新型Android恶意软件
http://www.freebuf.com/articles/terminal/36875.html
[编程技术]  pypubjs:Integrated development environment for PythonJS using NodeWebkit
https://github.com/PythonJS/pypubjs
[漏洞分析]  Java Zero-Day Exploit
http://java-exploit.com/
[Web安全]  Nosql-Exploitation-Framework
https://github.com/torque59/Nosql-Exploitation-Framework
[恶意分析]  QQ蠕虫的行为检测方法
http://www.91ri.org/9389.html
[编程技术]  Linux 命令行下的好东西
http://jianshu.io/p/5ca890e5bdbf
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第16期)