SecWiki周刊(第29期)
2014/09/15-2014/09/21
安全资讯
Google Public DNS Server Spoofed for SNMP based DDoS Attack
http://thehackernews.com/2014/09/google-public-dns-server-spoofed-for_16.html
http://thehackernews.com/2014/09/google-public-dns-server-spoofed-for_16.html
绿盟科技发布工控漏洞扫描系统ICSScan
http://www.nsfocus.com/news/201409/880.html
http://www.nsfocus.com/news/201409/880.html
安全技术
WooYun Summit
http://summit.wooyun.org/index.php?do=report
http://summit.wooyun.org/index.php?do=report
在调试器中看阿里的软件兵团
http://www.csdn.net/article/2014-09-16/2821705
http://www.csdn.net/article/2014-09-16/2821705
9 个最佳的 Sublime Text 主题
http://www.techug.com/9-best-sublime-text-themes
http://www.techug.com/9-best-sublime-text-themes
在Github上3天就star过百的程序员简历模板
http://vdisk.weibo.com/s/x5GuwQIzTU
http://vdisk.weibo.com/s/x5GuwQIzTU
Archie: Just another Exploit kit
http://www.alienvault.com/open-threat-exchange/blog/archie-just-another-exploit-kit
http://www.alienvault.com/open-threat-exchange/blog/archie-just-another-exploit-kit
IDA Sploiter, a Python plugin for assisting exploitation
https://thesprawl.org/projects/ida-sploiter/
https://thesprawl.org/projects/ida-sploiter/
OpenSOC:extensible and scalable advanced security analytics tool
http://opensoc.github.io/
http://opensoc.github.io/
自动化攻击背景下的过去、现在与未来
http://safe.it168.com/a2014/0912/1665/000001665886.shtml
http://safe.it168.com/a2014/0912/1665/000001665886.shtml
通用跨站脚本攻击(UXSS)
http://www.ijiandao.com/safe/cto/7192.html
http://www.ijiandao.com/safe/cto/7192.html
Defencetalk.com in watering hole attack
http://blog.vulnhunt.com/index.php/2014/09/15/defencetalk-com-in-watering-hole-attack/
http://blog.vulnhunt.com/index.php/2014/09/15/defencetalk-com-in-watering-hole-attack/
ubuntu上安装Apache2+ModSecurity及自定义WAF规则
http://danqingdani.blog.163.com/blog/static/186094195201481562831737
http://danqingdani.blog.163.com/blog/static/186094195201481562831737
Exposing Bootkits with BIOS Emulation
https://www.blackhat.com/docs/us-14/materials/us-14-Haukli-Exposing-Bootkits-With-BIOS-Emulation-WP.pdf
https://www.blackhat.com/docs/us-14/materials/us-14-Haukli-Exposing-Bootkits-With-BIOS-Emulation-WP.pdf
捻乱止于河防——浅谈企业入侵防御体系建设
http://security.tencent.com/index.php/blog/msg/68
http://security.tencent.com/index.php/blog/msg/68
安全扫描工具WVS Console版v1.1
http://www.freebuf.com/tools/43837.html
http://www.freebuf.com/tools/43837.html
Top 10 Security Issues for REST APIs
http://1raindrop.typepad.com/1_raindrop/2014/09/top-10-security-issues-for-rest-apis.html
http://1raindrop.typepad.com/1_raindrop/2014/09/top-10-security-issues-for-rest-apis.html
NetHogs: breaking the traffic down per protocol or per subnet
http://nethogs.sourceforge.net/
http://nethogs.sourceforge.net/
Uncovering bad guys hiding behind CloudFlare
http://www.crimeflare.com/cfs.html
http://www.crimeflare.com/cfs.html
fail2ban防暴力破解介绍使用
http://drops.wooyun.org/tips/3029
http://drops.wooyun.org/tips/3029
The FLARE On Challenge题解
http://drops.wooyun.org/tips/2988
http://drops.wooyun.org/tips/2988
工控系统蜜罐建设与协议仿真技术分享
http://plcscan.org/blog/2014/09/icsscada-honeypot-and-ics-protocol-simulation-technology/
http://plcscan.org/blog/2014/09/icsscada-honeypot-and-ics-protocol-simulation-technology/
XSSing 跨站的艺术
https://xssing.org/%e9%a6%96%e9%a1%b5
https://xssing.org/%e9%a6%96%e9%a1%b5
开课吧- Spark实战演练
http://www.kaikeba.com/courses/60
http://www.kaikeba.com/courses/60
Apple Pay: A Security Analysis
http://www.fireeye.com/blog/corporate/2014/09/apple-pay-a-security-analysis-2.html
http://www.fireeye.com/blog/corporate/2014/09/apple-pay-a-security-analysis-2.html
从一个被忽略的漏洞到 XSS 僵尸网络
http://vdisk.weibo.com/s/aWvNHH_-OXE15/1410746158
http://vdisk.weibo.com/s/aWvNHH_-OXE15/1410746158
Http File Server 2.3.x
http://www.exploit-db.com/exploits/34668/
http://www.exploit-db.com/exploits/34668/
一些有趣的XSS Vector
http://parsec.me/723.html
http://parsec.me/723.html
flare-ida:IDA Pro utilities from FLARE team
https://github.com/fireeye/flare-ida
https://github.com/fireeye/flare-ida
turboscan1.3:无状态的轻量便携高速安全评估工具
http://labs.redcoast.org/?p=5
http://labs.redcoast.org/?p=5
Pro:腾讯移动Web前端框架
https://github.com/AlloyTeam/Pro
https://github.com/AlloyTeam/Pro
安全事件处理二三事
http://pan.baidu.com/s/1i3wwTTV
http://pan.baidu.com/s/1i3wwTTV
New Bot Malware (BoSSaBoTv2) Attacking Web Servers Discovered
http://blog.spiderlabs.com/2014/09/honeypot-alert-bossabotv2-irc-botnetbitcoin-mining-analysis.html
http://blog.spiderlabs.com/2014/09/honeypot-alert-bossabotv2-irc-botnetbitcoin-mining-analysis.html
编写基于PHP扩展库的后门
http://drops.wooyun.org/tips/3003
http://drops.wooyun.org/tips/3003
Docker —— 从入门到实践
https://www.gitbook.io/book/yeasy/docker_practice
https://www.gitbook.io/book/yeasy/docker_practice
虎视眈眈的Pitty Tiger
http://blog.idf.cn/2014/09/the-eye-of-the-tiger/
http://blog.idf.cn/2014/09/the-eye-of-the-tiger/
浏览器保存密码原理及密码查看
http://www.cnseay.com/4059/
http://www.cnseay.com/4059/
Workshop: Big Data Visualization for Security
http://secviz.org/content/workshop-big-data-visualization-security
http://secviz.org/content/workshop-big-data-visualization-security
AutoIT Malware. A detailed analysis
http://www.133tsec.com/2014/09/20/autoit-malware-a-detailed-analysis/
http://www.133tsec.com/2014/09/20/autoit-malware-a-detailed-analysis/
APT:malicious-domain-profiling
https://code.google.com/p/malicious-domain-profiling/
https://code.google.com/p/malicious-domain-profiling/
SSRF Exploitation Framework v0.1
https://github.com/jayeshchauhan/SKANDA
https://github.com/jayeshchauhan/SKANDA
Information_Security_Technologies_&_Markets
http://vdisk.weibo.com/s/rekswSFAOXnX
http://vdisk.weibo.com/s/rekswSFAOXnX
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第29期)
