SecWiki周刊(第25期)
2014/08/18-2014/08/24
安全资讯
[Web安全]  NSA黑客团队手抖,叙利亚举国断网三日
http://www.freebuf.com/news/41021.html
[Web安全]  Black Hat USA安全隐患盘点及黑客奥斯卡颁奖
http://www.csdn.net/article/2014-08-14/2821195-the-top-10-leaks-exposed-on-black-hat-2014
安全技术
[Web安全]  recon 2014 video
http://recon.cx/2014/video/
[运维安全]  开源运维堡垒机(跳板机)系统 python
http://laoguang.blog.51cto.com/6013350/1540080
[Web安全]  短域名进化史,XSS,短网址,长度限制绕过
http://lcx.cc/?i=4416
[Web安全]  《安全参考》HACKCTO-201408-20
http://pan.baidu.com/s/1eQzkhUy
[设备安全]  A Large-Scale Analysis of the Security of Embedded Firmwares
https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-costin.pdf
[编程技术]  虚拟身份信息分析系统20080615-辽宁省
http://www.doc88.com/p-5156184304925.html
[取证分析]  Network Forensics Puzzle Contest 2014 Walkthrough
http://forensicscontest.com/2014/08/14/network-forensics-puzzle-contest-2014-walkthrough#more-1221
[取证分析]  Forensic Analysis of Windows Shellbags
http://www.magnetforensics.com/forensic-analysis-of-windows-shellbags/
[移动安全]  Getting Started with Android Forensics
http://resources.infosecinstitute.com/getting-started-android-forensics/
[设备安全]  三菱Q系列PLC以太网识别脚本(ICS Discovery Tools Releases)
http://plcscan.org/blog/2014/08/melsecq-plc-discover-tools-releases/
[数据挖掘]  53th-刘颖-基于互联网数据的社会经济预测
http://pan.baidu.com/s/1sjz3Kip
[漏洞分析]  Hex-Rays Decompiler plugin (v1.5) and patch for IDA Pro6.5
http://www.h4ck.org.cn/2014/08/hex-rays-decompiler-plugin-v1-5-0-110408-and-patch-for-ida-pro6-5/
[其它]  谷歌搜索解决办法专题
http://shedingkong.lofter.com/post/302b9d_16dab28
[Web安全]  Password dictionaries
https://wiki.skullsecurity.org/Passwords
[恶意分析]  下一代远程控制木马的思路探讨
http://www.freebuf.com/articles/system/41241.html
[恶意分析]  FireEye Cyber Threat Map
http://www.fireeye.com/cyber-map/threat-map.html
[Web安全]  WOOT '14 Papers ZIP
http://t.cn/RPueoZA
[漏洞分析]  对象的种群隔离与大小隔离之思考
http://weibo.com/p/1001603747202920018411
[取证分析]  Tracking Attackers: Honeypot, Part 1 (Honeyd)
http://resources.infosecinstitute.com/tracking-attackers-honeypot-part-1-honeyd/
[漏洞分析]  cve-2014-1767漏洞分析与讨论
http://binvul.com/viewthread.php?tid=450&extra=page%3D1
[编程技术]  跨终端实践-天猫试戴的解决方案
https://github.com/tmallfe/tmallfe.github.io/issues/4
[移动安全]  darshak:Detecting any suspicious activity of being tracked
https://github.com/darshakframework/darshak
[Web安全]  meterpreter之pivot
http://www.coolhacker.org/?p=1669
[运维安全]  调用域名注册api,查询所有域名组合脚本
http://laoguang.blog.51cto.com/6013350/1531198
[设备安全]  安防IP Camera固件分析
http://drops.wooyun.org/papers/2792
[运维安全]  阿里CDN技术揭秘
http://vdisk.weibo.com/s/v6CwNDyKGA1N/1408358744
[编程技术]  Amaze UI:中国首个开源 HTML5 跨屏前端框架
http://amazeui.org/
[Web安全]  用程序生成word文档(DOC)
http://haoluobo.com/2014/08/gen-word-doc/
[其它]  硅谷夜谈之暗渡陈仓
http://weibo.com/p/1001603745302195612647
[运维安全]  How To Set Up mod_security with Apache on Debian/Ubuntu
https://www.digitalocean.com/community/tutorials/how-to-set-up-mod_security-with-apache-on-debian-ubuntu
[运维安全]  利用docker快速部署应用
http://snoopyxdy.blog.163.com/blog/static/6011744020147187542090
[移动安全]  RTFM 0day in iOS apps: G+, Gmail, FB Messenger, etc.
http://algorithm.dk/posts/rtfm-0day-in-ios-apps-g-gmail-fb-messenger-etc
[运维安全]  日志管理平台 Logentries
https://github.com/logentries
[Web安全]  HTML5 App的代码注入攻击
http://phpsec.sinaapp.com/?p=152
[移动安全]  Obfuscation in Android malware, and how to fight back
https://www.virusbtn.com/pdf/magazine/2014/vb201407-Android-obfuscation.pdf
[Web安全]  The UCSB iCTF
http://ictf.cs.ucsb.edu/framework#/
[Web安全]  Routards Team Blog: Defcon 22 CTF
http://www.routards.org/2014/08/defcon-22-ctf-badger.html
[Web安全]  ByWaf: a web application penetration testing framework (WAPTF)
https://github.com/depasonico/OWASP-ByWaf
[Web安全]  Browser Intranet Hacking [video]
http://blog.whitehatsec.com/browser-intranet-hacking-video/
[编程技术]  WeRoBot:微信机器人框架
https://werobot.readthedocs.org/en/latest/
[Web安全]  Discuz 5.x/6.x/7.x投票SQL注入分析
http://www.freebuf.com/articles/web/41287.html
[编程技术]  Laravel From Scratch
https://laracasts.com/series/laravel-from-scratch
[运维安全]  美团通用性能监控平台和WEB性能分析框架
http://share.csdn.net/slides/7171
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第25期)