SecWiki周刊(第32期)
2014/10/06-2014/10/12
安全资讯
[Web安全]  一周海外安全事件回顾(9.29-10.05):黑客与游戏的恩怨
http://www.freebuf.com/news/46428.html
安全技术
[Web安全]  JavaScript 跨域总结与解决办法
http://blog.jobbole.com/53487/
[恶意分析]  My Adventure With Fireeye FLARE Challenge
http://parsiya.net/blog/2014-10-07-my-adventure-with-fireeye-flare-challenge/
[Web安全]  Joomla! 3.3.4 / Akeeba Kickstart – Remote Code Execution (CVE-2014-7228)
http://websec.wordpress.com/2014/10/05/joomla-3-3-4-akeeba-kickstart-remote-code-execution-cve-2014-7228/
[数据挖掘]  Explore smartphone market share with Nanocubes
http://blog.revolutionanalytics.com/2013/08/explore-smartphone-market-share-with-nanocubes.html
[移动安全]  利用企业证书app(Enpublic App)进行钓鱼攻击
http://vdisk.weibo.com/s/yWCDbbPwySX5Q
[会议]  乌云峰会视频
http://summit.wooyun.org/?do=report
[其它]  Pritunl:简易搭建个人VPN
http://pritunl.com/#install
[漏洞分析]  通用性的过文件沙箱
http://hi.baidu.com/yuange1975/item/971c66108d97b0fa65eabf3e
[Web安全]  CMS-Exploit-Framework
https://github.com/chuhades/CMS-Exploit-Framework
[运维安全]  SACC-2014-小米-部署系统的前世今生
http://noops.me/?p=1633
[会议]  KConV3的视频
http://i.youku.com/u/UMTYzNzg3MjU1Mg==
[会议]  第二届开源操作系统年度技术会议
http://soft.cs.tsinghua.edu.cn/os2atc2014/
[移动安全]  Android Webview UXSS 漏洞攻防
http://security.tencent.com/index.php/blog/msg/70
[移动安全]  利用Cydia Substrate进行Android HOOK
http://www.imiyoo.com/mobisec/2014/10/10/324.html
[数据挖掘]  13个免费的数据可视化分析工具分享
http://blog.data-god.com/?p=1504
[数据挖掘]  OpenSOC Apache Hadoop Code
https://github.com/OpenSOC/opensoc
[移动安全]  某手机银行被中间人劫持攻击的实际案例
http://phpsec.sinaapp.com/?p=208
[设备安全]  RFID之M1卡数据分析
http://drops.wooyun.org/tips/3168
[无线安全]  短信拦截马黑产揭露
http://blog.avlyun.com/1387.html
[Web安全]  PHP/Sqlite下常见漏洞浅析
http://www.91ri.org/10983.html
[恶意分析]  FinFisher Malware Analysis
https://www.codeandsec.com/FinFisher-Malware-Analysis-Part-2
[Web安全]  Alictf2014 Writeup
http://drops.wooyun.org/tips/3166
[Web安全]  [WriteUp]2014.XDCTF
http://blog.esu.im/71.html
[运维安全]  开源日志系统比较
http://dongxicheng.org/search-engine/log-systems/
[移动安全]  Find your own Android kernel bug
http://vdisk.weibo.com/s/annw3IyXNHGMM/1412836639
[Web安全]  内网劫持渗透新姿势:MITMf简要指南
http://www.freebuf.com/tools/45796.html
[编程技术]  linux 下的惬意生活
https://github.com/yangyangwithgnu/the_new_world_linux
[恶意分析]  x509test:x509 certificate fuzzer
https://github.com/yymax/x509test
[漏洞分析]  Snowman is a native code to C/C++ decompiler
http://derevenets.com/
[编程技术]  大量 C++ 学习资源
https://cpp.zeef.com/faraz.fallahi
[恶意分析]  Low level PC attack papers
http://timeglider.com/timeline/5ca2daa6078caaf4
[其它]  PDF to Word Converter
https://www.pdftoword.com/
[编程技术]  基于词库的中文转拼音优质解决方法
https://github.com/overtrue/pinyin
[无线安全]  Cookie Cadger:An auditing tool for Wi-Fi or wired Ethernet connections
https://www.cookiecadger.com/
[移动安全]  DREBIN Android app detects 94 percent of mobile malware
http://securityaffairs.co/wordpress/29020/malware/drebin-android-av.html
[Web安全]  mysql_real_escape_string won't magically solve your SQL Injection problems
http://www.iodigitalsec.com/mysql_real_escape_string-wont-magically-solve-your-sql-injection-problems/
[漏洞分析]  WebKit内存破坏漏洞利用杂谈
http://weibo.com/p/1001603763420578081304
[漏洞分析]  Collection of Proof for #ShellShocker
https://github.com/mubix/shellshocker-pocs
[Web安全]  从安全思维谈到心思的修炼
http://vdisk.weibo.com/s/inmKi5BNqwG/1413126471
[Web安全]  Inject code and spy on LAN users
https://github.com/DanMcInerney/LANs.py
[恶意分析]  FinFisher Malware Analysis
https://www.codeandsec.com/FinFisher-Malware-Analysis-Part-3
[编程技术]  Hook技术简介
http://www.nitscan.com/?post=67
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第32期)