SecWiki周刊(第33期)
2014/10/13-2014/10/19
安全资讯
[Web安全]  CTF365 Beta Started
http://blog.ctf365.com/ctf365-beta-started/
[运维安全]  This POODLE bites: exploiting the SSL 3.0 fallback
http://googleonlinesecurity.blogspot.hk/2014/10/this-poodle-bites-exploiting-ssl-30.html
安全技术
[Web安全]  Breakpoint 2014 Slides
https://ruxconbreakpoint.com/slides/
[漏洞分析]  PEDA:Python Exploit Development Assistance for GDB
http://ropshell.com/peda/
[Web安全]  《安全参考》HACKCTO-201410-22
http://www.hackcto.com/post/2014-10-15/40063170495
[漏洞分析]  Easy RM to MP3 Converter(2.7.3.700)栈溢出漏洞调试笔记
http://drops.wooyun.org/papers/3178
[Web安全]  SSLStrip 的未来 —— HTTPS 前端劫持
http://www.cnblogs.com/index-html/p/ssl-frontend-hijack.html
[Web安全]  Drupal 7.x SQL Injection exp (CVE-2014-3704)
http://www.unhonker.com/bug/1666.html
[漏洞分析]   Analysis of SandWorm (CVE-2014-4124) 0-Day
http://research.zscaler.com/2014/10/analysis-of-sandworm-cve-2014-4124-0-day.html
[移动安全]  uxss在线测试页面
https://github.com/click1/uxss
[Web安全]  Metasploitable 2 Exploitability Guide
https://community.rapid7.com/docs/DOC-1875
[Web安全]  DROPBOX.COM HACKED First Teaser
http://pastebin.com/aRgTJzzg
[运维安全]  CCNP Security Firewall Day 01 ASA Intro, Basic fundation
http://pan.baidu.com/s/1dD6E9eL
[Web安全]  Win64bit提权0day漏洞(CVE-2014-4113)的样本
http://acibqjug4v.l3.yunpan.cn/lk/csfuISUqtG2iX
[恶意分析]  Alictf linux exploit解题
http://www.91ri.org/11043.html
[漏洞分析]  MS14-063 – FastFat vulnerability fixed years ago
http://blog.beyondtrust.com/ms14-063-fastfat-vulnerability-fixed-years-ago
[运维安全]  论持久战——带你走进腾讯DDoS防护体系
http://security.tencent.com/index.php/blog/msg/71
[Web安全]  QCon隐私和安全性
http://vdisk.weibo.com/s/A0GI9rXObuzs/1413624007
[漏洞分析]  从Dump到POC系列一:Win32k内核提权漏洞分析
http://blogs.360.cn/blog/dump-to-poc-to-win32k-kernel-privilege-escalation-vulnerability/
[Web安全]  Drupal SQL Injection Attempts in the Wild
http://blog.sucuri.net/2014/10/drupal-sql-injection-attempts-in-the-wild.html
[编程技术]  PHP扩展开发入门
http://blog.csdn.net/heiyeshuwu/article/details/40041601
[漏洞分析]  An Analysis of Windows Zero-day Vulnerability ‘CVE-2014-4114’ aka
http://blog.trendmicro.com/trendlabs-security-intelligence/an-analysis-of-windows-zero-day-vulnerability-cve-2014-4114-aka-sandworm/
[Web安全]  Hammer:A web vulnnerability scanner
https://github.com/yangbh/Hammer
[移动安全]  The CERT Oracle Coding Standard for Java-Android
https://www.securecoding.cert.org/confluence/pages/viewpage.action?pageId=111509535
[移动安全]  Android UXSS阶段性小结及自动化测试
http://drops.wooyun.org/tools/3186
[数据挖掘]  开源大数据查询分析引擎现状
http://yepeng.blog.51cto.com/3101105/1565691
[移动安全]  Android常见缺陷
http://vdisk.weibo.com/s/annw3IyYhcN24/1413175971
[恶意分析]  沙虫事件木马分析:BlackEnergy Use in 0day Attack CVE-2014-4114
http://blog.vulnhunt.com/index.php/2014/10/16/blackenergy-use-in-0day-attack-cve-2014-4114/
[编程技术]  如何构建工程师文化团队
http://vdisk.weibo.com/s/A0GI9rXObEQn/1413455046
[运维安全]  破壳漏洞(ShellShock)应急概要 最终版V4
http://blog.knownsec.com/2014/10/shellshock_response_profile_v4/
[恶意分析]  Malware Analysis: Case Study
https://www.notsosecure.com/blog/2014/10/16/malware-analysis/
[数据挖掘]  Hadoop,超越MapReduce
http://vdisk.weibo.com/s/A0GI9rXObTJj/1413450007
[漏洞分析]  沙虫(CVE-2014-4114)相关威胁综合分析报告
http://www.antiy.com/response/cve-2014-4114.html?from=timeline&isappinstalled=0
[运维安全]  rsync的几则tips
http://phpsec.sinaapp.com/?p=245
[Web安全]  Ghostery:Transparency + Control = Privacy
https://www.ghostery.com/en/
[编程技术]  DataTables: Table plug-in for jQuery
http://www.datatables.net/
[运维安全]  POODLE attacks on SSLv3
https://www.imperialviolet.org/2014/10/14/poodle.html
[Web安全]  Drupal 7.31 pre Auth SQL Injection Vulnerability
https://www.sektioneins.de/en/blog/14-10-15-drupal-sql-injection-vulnerability.html
[Web安全]  Web流量劫持 —— 思维脑图
http://naotu.baidu.com/viewshare.html?shareId=aqn87r5unwss
[编程技术]  蔡学镛架构设计方法-2014-8-17
http://vdisk.weibo.com/s/q8FZMJO4W2qq
[编程技术]  手机百度前端工程化之路
http://qdemo.sinaapp.com/box-fe-road.htm#0
[编程技术]  知名移动应用案例分析
http://vdisk.weibo.com/s/A0GI9rXObTJY/1413439994
[Web安全]  Drupal - pre Auth SQL Injection Vulnerability
http://drops.wooyun.org/papers/3197
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第33期)