SecWiki周刊（第25期)

SecWiki周刊（第25期）

2014/08/18-2014/08/24

安全资讯

[Web安全] NSA黑客团队手抖，叙利亚举国断网三日
http://www.freebuf.com/news/41021.html

[Web安全] Black Hat USA安全隐患盘点及黑客奥斯卡颁奖
http://www.csdn.net/article/2014-08-14/2821195-the-top-10-leaks-exposed-on-black-hat-2014

安全技术

[Web安全] recon 2014 video
http://recon.cx/2014/video/

[运维安全] 开源运维堡垒机(跳板机)系统 python
http://laoguang.blog.51cto.com/6013350/1540080

[Web安全] 短域名进化史，XSS，短网址，长度限制绕过
http://lcx.cc/?i=4416

[Web安全] 《安全参考》HACKCTO-201408-20
http://pan.baidu.com/s/1eQzkhUy

[设备安全] A Large-Scale Analysis of the Security of Embedded Firmwares
https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-costin.pdf

[编程技术] 虚拟身份信息分析系统20080615-辽宁省
http://www.doc88.com/p-5156184304925.html

[取证分析] Network Forensics Puzzle Contest 2014 Walkthrough
http://forensicscontest.com/2014/08/14/network-forensics-puzzle-contest-2014-walkthrough#more-1221

[移动安全] Android Whitepapers
https://github.com/droidsec/droidsec.github.io/wiki/Android-Whitepapers

[Web安全] Youtobe Burp-Suite 入门视频
https://www.youtube.com/playlist?list=PLZOToVAK85MorLmAqD3117C0s9h7ccxaV

[取证分析] Forensic Analysis of Windows Shellbags
http://www.magnetforensics.com/forensic-analysis-of-windows-shellbags/

[取证分析] Web Server Attack Investigation
https://isc.sans.edu/forums/diary/Web+Server+Attack+Investigation+-+Installing+a+Bot+and+Reverse+Shell+via+a+PHP+Vulnerability/18543

[移动安全] Getting Started with Android Forensics
http://resources.infosecinstitute.com/getting-started-android-forensics/

[设备安全] 三菱Q系列PLC以太网识别脚本（ICS Discovery Tools Releases）
http://plcscan.org/blog/2014/08/melsecq-plc-discover-tools-releases/

[数据挖掘] 53th-刘颖-基于互联网数据的社会经济预测
http://pan.baidu.com/s/1sjz3Kip

[漏洞分析] Hex-Rays Decompiler plugin (v1.5) and patch for IDA Pro6.5
http://www.h4ck.org.cn/2014/08/hex-rays-decompiler-plugin-v1-5-0-110408-and-patch-for-ida-pro6-5/

[其它] 不玩手机的时候，如何打发碎片时间？
http://www.gtdlife.com/2014/3671/when-the-phone-does-not-play-how-to-pass-the-fragments-of-time/?utm_source=feedly&utm_reader=feedly&utm_medium=rss&utm_campaign=when-the-phone-does-not-play-how-to-pass-the-fragments-of-time

[漏洞分析] Analyzing heap objects with mona.py
https://www.corelan.be/index.php/2014/08/16/analyzing-heap-objects-with-mona-py/

[其它] 谷歌搜索解决办法专题
http://shedingkong.lofter.com/post/302b9d_16dab28

[恶意分析] 下一代远程控制木马的思路探讨
http://www.freebuf.com/articles/system/41241.html

[Web安全] Password dictionaries
https://wiki.skullsecurity.org/Passwords

[恶意分析] FireEye Cyber Threat Map
http://www.fireeye.com/cyber-map/threat-map.html

[运维安全] ModSecurity CRS 笔记
http://danqingdani.blog.163.com/blog/static/186094195201472304841643

[漏洞分析] Windows 8 Kernel Memory Protections Bypass
https://labs.mwrinfosecurity.com/blog/2014/08/15/windows-8-kernel-memory-protections-bypass/

[漏洞分析] 对象的种群隔离与大小隔离之思考
http://weibo.com/p/1001603747202920018411

[Web安全] WOOT '14 Papers ZIP
http://t.cn/RPueoZA

[取证分析] Tracking Attackers: Honeypot, Part 1 (Honeyd)
http://resources.infosecinstitute.com/tracking-attackers-honeypot-part-1-honeyd/

[漏洞分析] cve-2014-1767漏洞分析与讨论
http://binvul.com/viewthread.php?tid=450&extra=page%3D1

[编程技术] 跨终端实践-天猫试戴的解决方案
https://github.com/tmallfe/tmallfe.github.io/issues/4

[Web安全] Secure Planet WIKI
https://www.securepla.net/wiki/index.php?title=Main_Page

[移动安全] darshak：Detecting any suspicious activity of being tracked
https://github.com/darshakframework/darshak

[Web安全] meterpreter之pivot
http://www.coolhacker.org/?p=1669

[运维安全] 阿里CDN技术揭秘
http://vdisk.weibo.com/s/v6CwNDyKGA1N/1408358744

[运维安全] 调用域名注册api，查询所有域名组合脚本
http://laoguang.blog.51cto.com/6013350/1531198

[编程技术] Amaze UI：中国首个开源 HTML5 跨屏前端框架
http://amazeui.org/

[设备安全] 安防IP Camera固件分析
http://drops.wooyun.org/papers/2792

[运维安全] How To Set Up mod_security with Apache on Debian/Ubuntu
https://www.digitalocean.com/community/tutorials/how-to-set-up-mod_security-with-apache-on-debian-ubuntu

[其它] 硅谷夜谈之暗渡陈仓
http://weibo.com/p/1001603745302195612647

[Web安全] 用程序生成word文档（DOC）
http://haoluobo.com/2014/08/gen-word-doc/

[移动安全] RTFM 0day in iOS apps: G+, Gmail, FB Messenger, etc.
http://algorithm.dk/posts/rtfm-0day-in-ios-apps-g-gmail-fb-messenger-etc

[运维安全] 利用docker快速部署应用
http://snoopyxdy.blog.163.com/blog/static/6011744020147187542090

[运维安全] 日志管理平台 Logentries
https://github.com/logentries

[Web安全] HTML5 App的代码注入攻击
http://phpsec.sinaapp.com/?p=152

[Web安全] 关于中国网络安全的讨论与建议
http://www.valleytalk.org/wp-content/uploads/2014/08/%E5%85%B3%E4%BA%8E%E6%88%91%E5%9B%BD%E7%BD%91%E7%BB%9C%E5%AE%89%E5%85%A8%E5%BB%BA%E8%AE%BE%E7%9A%84%E7%9B%B8%E5%85%B3%E8%AE%A8%E8%AE%BA1.pdf

[移动安全] Obfuscation in Android malware, and how to fight back
https://www.virusbtn.com/pdf/magazine/2014/vb201407-Android-obfuscation.pdf

[Web安全] The UCSB iCTF
http://ictf.cs.ucsb.edu/framework#/

[Web安全] Routards Team Blog: Defcon 22 CTF
http://www.routards.org/2014/08/defcon-22-ctf-badger.html

[Web安全] ByWaf: a web application penetration testing framework (WAPTF)
https://github.com/depasonico/OWASP-ByWaf

[Web安全] Browser Intranet Hacking [video]
http://blog.whitehatsec.com/browser-intranet-hacking-video/

[编程技术] WeRoBot：微信机器人框架
https://werobot.readthedocs.org/en/latest/

[Web安全] Discuz 5.x/6.x/7.x投票SQL注入分析
http://www.freebuf.com/articles/web/41287.html

[编程技术] Laravel From Scratch
https://laracasts.com/series/laravel-from-scratch

[运维安全] 美团通用性能监控平台和WEB性能分析框架
http://share.csdn.net/slides/7171

-----微信ID：SecWiki-----
SecWiki，12年来一直专注安全技术资讯分析！
SecWiki：https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第25期)

SecWiki周刊（第25期）

最新公告

友情链接

SecWiki公众号

安全学术圈