SecWiki周刊(第32期)
2014/10/06-2014/10/12
安全资讯
一周海外安全事件回顾(9.29-10.05):黑客与游戏的恩怨
http://www.freebuf.com/news/46428.html
http://www.freebuf.com/news/46428.html
安全技术
JavaScript 跨域总结与解决办法
http://blog.jobbole.com/53487/
http://blog.jobbole.com/53487/
My Adventure With Fireeye FLARE Challenge
http://parsiya.net/blog/2014-10-07-my-adventure-with-fireeye-flare-challenge/
http://parsiya.net/blog/2014-10-07-my-adventure-with-fireeye-flare-challenge/
XDCTF-Writeup
http://www.cnblogs.com/Mr-Rice/p/4007825.html
http://www.cnblogs.com/Mr-Rice/p/4007825.html
Joomla! 3.3.4 / Akeeba Kickstart – Remote Code Execution (CVE-2014-7228)
http://websec.wordpress.com/2014/10/05/joomla-3-3-4-akeeba-kickstart-remote-code-execution-cve-2014-7228/
http://websec.wordpress.com/2014/10/05/joomla-3-3-4-akeeba-kickstart-remote-code-execution-cve-2014-7228/
Explore smartphone market share with Nanocubes
http://blog.revolutionanalytics.com/2013/08/explore-smartphone-market-share-with-nanocubes.html
http://blog.revolutionanalytics.com/2013/08/explore-smartphone-market-share-with-nanocubes.html
利用企业证书app(Enpublic App)进行钓鱼攻击
http://vdisk.weibo.com/s/yWCDbbPwySX5Q
http://vdisk.weibo.com/s/yWCDbbPwySX5Q
Pritunl:简易搭建个人VPN
http://pritunl.com/#install
http://pritunl.com/#install
CMS-Exploit-Framework
https://github.com/chuhades/CMS-Exploit-Framework
https://github.com/chuhades/CMS-Exploit-Framework
SACC-2014-小米-部署系统的前世今生
http://noops.me/?p=1633
http://noops.me/?p=1633
第二届开源操作系统年度技术会议
http://soft.cs.tsinghua.edu.cn/os2atc2014/
http://soft.cs.tsinghua.edu.cn/os2atc2014/
Android Webview UXSS 漏洞攻防
http://security.tencent.com/index.php/blog/msg/70
http://security.tencent.com/index.php/blog/msg/70
互联网全站HTTPS的时代已经到来
http://blog.csdn.net/luocn99/article/details/39777707#0-tsina-1-47514-397232819ff9a47a7b7e80a40613cfe1
http://blog.csdn.net/luocn99/article/details/39777707#0-tsina-1-47514-397232819ff9a47a7b7e80a40613cfe1
利用Cydia Substrate进行Android HOOK
http://www.imiyoo.com/mobisec/2014/10/10/324.html
http://www.imiyoo.com/mobisec/2014/10/10/324.html
13个免费的数据可视化分析工具分享
http://blog.data-god.com/?p=1504
http://blog.data-god.com/?p=1504
OpenSOC Apache Hadoop Code
https://github.com/OpenSOC/opensoc
https://github.com/OpenSOC/opensoc
某手机银行被中间人劫持攻击的实际案例
http://phpsec.sinaapp.com/?p=208
http://phpsec.sinaapp.com/?p=208
RFID之M1卡数据分析
http://drops.wooyun.org/tips/3168
http://drops.wooyun.org/tips/3168
短信拦截马黑产揭露
http://blog.avlyun.com/1387.html
http://blog.avlyun.com/1387.html
Netflix公布个性化和推荐系统架构
http://www.infoq.com/cn/news/2013/04/netflix-ml-architecture#0-tsina-1-95225-397232819ff9a47a7b7e80a40613cfe1
http://www.infoq.com/cn/news/2013/04/netflix-ml-architecture#0-tsina-1-95225-397232819ff9a47a7b7e80a40613cfe1
PHP/Sqlite下常见漏洞浅析
http://www.91ri.org/10983.html
http://www.91ri.org/10983.html
FinFisher Malware Analysis
https://www.codeandsec.com/FinFisher-Malware-Analysis-Part-2
https://www.codeandsec.com/FinFisher-Malware-Analysis-Part-2
SSL Checklist for Pentesters
http://www.exploresecurity.com/wp-content/uploads/custom/SSL_manual_cheatsheet.html
http://www.exploresecurity.com/wp-content/uploads/custom/SSL_manual_cheatsheet.html
Alictf2014 Writeup
http://drops.wooyun.org/tips/3166
http://drops.wooyun.org/tips/3166
[WriteUp]2014.XDCTF
http://blog.esu.im/71.html
http://blog.esu.im/71.html
Find your own Android kernel bug
http://vdisk.weibo.com/s/annw3IyXNHGMM/1412836639
http://vdisk.weibo.com/s/annw3IyXNHGMM/1412836639
内网劫持渗透新姿势:MITMf简要指南
http://www.freebuf.com/tools/45796.html
http://www.freebuf.com/tools/45796.html
x509test:x509 certificate fuzzer
https://github.com/yymax/x509test
https://github.com/yymax/x509test
Cuckoo Sandbox Evasion PoC available
https://blog.gdatasoftware.com/blog/article/cuckoo-sandbox-evasion-poc-available.html
https://blog.gdatasoftware.com/blog/article/cuckoo-sandbox-evasion-poc-available.html
Snowman is a native code to C/C++ decompiler
http://derevenets.com/
http://derevenets.com/
大量 C++ 学习资源
https://cpp.zeef.com/faraz.fallahi
https://cpp.zeef.com/faraz.fallahi
Low level PC attack papers
http://timeglider.com/timeline/5ca2daa6078caaf4
http://timeglider.com/timeline/5ca2daa6078caaf4
PDF to Word Converter
https://www.pdftoword.com/
https://www.pdftoword.com/
基于词库的中文转拼音优质解决方法
https://github.com/overtrue/pinyin
https://github.com/overtrue/pinyin
Cookie Cadger:An auditing tool for Wi-Fi or wired Ethernet connections
https://www.cookiecadger.com/
https://www.cookiecadger.com/
mysql_real_escape_string won't magically solve your SQL Injection problems
http://www.iodigitalsec.com/mysql_real_escape_string-wont-magically-solve-your-sql-injection-problems/
http://www.iodigitalsec.com/mysql_real_escape_string-wont-magically-solve-your-sql-injection-problems/
DREBIN Android app detects 94 percent of mobile malware
http://securityaffairs.co/wordpress/29020/malware/drebin-android-av.html
http://securityaffairs.co/wordpress/29020/malware/drebin-android-av.html
WebKit内存破坏漏洞利用杂谈
http://weibo.com/p/1001603763420578081304
http://weibo.com/p/1001603763420578081304
Collection of Proof for #ShellShocker
https://github.com/mubix/shellshocker-pocs
https://github.com/mubix/shellshocker-pocs
从安全思维谈到心思的修炼
http://vdisk.weibo.com/s/inmKi5BNqwG/1413126471
http://vdisk.weibo.com/s/inmKi5BNqwG/1413126471
Inject code and spy on LAN users
https://github.com/DanMcInerney/LANs.py
https://github.com/DanMcInerney/LANs.py
FinFisher Malware Analysis
https://www.codeandsec.com/FinFisher-Malware-Analysis-Part-3
https://www.codeandsec.com/FinFisher-Malware-Analysis-Part-3
Hook技术简介
http://www.nitscan.com/?post=67
http://www.nitscan.com/?post=67
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第32期)
