SecWiki周刊(第26期)
2014/08/25-2014/08/31
安全资讯
[设备安全]  Netcore路由器存在后门,任何人可远程登陆
http://www.freebuf.com/news/41940.html
[运维安全]  Palo Alto 新一代防火墙产品概述
http://security.ctocio.com.cn/41/12654541.shtml
安全技术
[Web安全]  KCon Conference Slideshare
https://github.com/knownsec/KCon
[设备安全]  SyScan'11 Singapore: Fuzzing and Debugging Cisco IOS
https://www.youtube.com/watch?v=ufBpsuVqPac
[恶意分析]  Ida Collection(include Windows, MacOS IDAv5.3-V6.1, Linux IDAv5.3-v5.7)
http://www.52pojie.cn/thread-286850-1-1.html
[漏洞分析]  exp-sky/HitCon-2014-IE-11-0day-Windows-8.1-Exploit
https://github.com/exp-sky/HitCon-2014-IE-11-0day-Windows-8.1-Exploit
[取证分析]  21 Popular Digital Forensics Tools
http://resources.infosecinstitute.com/21-popular-digital-forensics-tools/
[书籍]  Car Hacker's Handbook
http://opengarages.org/handbook/
[恶意分析]  Exploiting Fundamental Weaknesses in Botnet Command and Control (C&C) Panels
http://secniche.org/blackhat-2014/blackhat_2014_briefings_whitepaper_exp_cc_flaws_adityaks.pdf
[运维安全]  lnmp虚拟主机安全配置研究
http://drops.wooyun.org/tips/2866
[数据挖掘]  从分析8000条工程师招聘信息所学到的
http://blog.jobbole.com/75717/
[Web安全]  CloudFlare防护下的破绽:寻找真实IP的几条途径
http://www.freebuf.com/articles/web/41533.html
[移动安全]  一次Wi-Fi入侵实录
http://www.freebuf.com/articles/wireless/41879.html
[漏洞分析]  UAC提升权限的细节
http://blog.sinzy.net/127/entry/20243
[漏洞分析]  Understanding IE's New Exploit Mitigations: The Memory Protector and the Isolated Heap
http://securityintelligence.com/understanding-ies-new-exploit-mitigations-the-memory-protector-and-the-isolated-heap
[漏洞分析]  Use-after-frees: That pointer may be pointing to something bad
http://securityintelligence.com/use-after-frees-that-pointer-may-be-pointing-to-something-bad
[Web安全]  XSScrapy: fast, thorough XSS vulnerability spider
http://danmcinerney.org/xsscrapy-fast-thorough-xss-vulnerability-spider/
[移动安全]  An xposed module that disables SSL certificate checking
https://github.com/Fuzion24/JustTrustMe
[Web安全]  php绕过安全狗检测的小马分享
http://lcx.cc/?i=4423
[Web安全]  Veil Framework: various attack methods focused on evading detection
https://www.veil-framework.com/
[设备安全]  GSM_Sniffer steps
http://debugwar.com/archives/369/gsm_sniffer
[Web安全]  我是如何通过微博悄无声息的定位到某某明星位置信息
http://www.wooyun.org/bugs/wooyun-2014-068337
[Web安全]  XSPA----跨越维度的攻击方式
http://phpsec-wordpress.stor.sinaapp.com/uploads/2014/08/XSPA.pdf
[移动安全]  小米手机MIUI远程代码执行漏洞分析
http://blogs.360.cn/360mobile/2014/08/25/miui-rce-vul/
[恶意分析]  malicious-domain-profiling
https://code.google.com/p/malicious-domain-profiling/
[漏洞分析]  Using Java SecurityManager to grant/deny access to system functions
http://www.javablogging.com/using-java-securitymanager-to-grantdeny-access-to-system-functions/
[移动安全]  idb: some common tasks for iOS pentesting and research
https://github.com/dmayer/idb
[Web安全]  国外信息安全站点整理
https://gitcafe.com/IDF_LAB/Sites
[移动安全]  Viproy VoIP Penetration Testing and Exploitation Kit
http://www.viproy.com/
[移动安全]  趋势发现支付宝安卓版漏洞
http://blog.csdn.net/iqushi/article/details/38758341
[编程技术]  AdBlock Plus detection demonstration
http://erikswan.net/abp/
[Web安全]  一次app抓包引发的Android分析记录
http://drops.wooyun.org/tips/2871
[移动安全]  HitCon'14: On the Feasibility of Automatically Generating Android Component Hija
http://www.slideshare.net/daoyuan0x/chv-exploit-hitcon-38299593
[漏洞分析]  Sulo:Dynamic instrumentation tool for Adobe Flash Player built on Intel
https://github.com/F-Secure/Sulo
[漏洞分析]  gencs.js
http://fuzzing.me/?p=105
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第26期)