SecWiki周刊(第33期)
2014/10/13-2014/10/19
安全资讯
CTF365 Beta Started
http://blog.ctf365.com/ctf365-beta-started/
http://blog.ctf365.com/ctf365-beta-started/
This POODLE bites: exploiting the SSL 3.0 fallback
http://googleonlinesecurity.blogspot.hk/2014/10/this-poodle-bites-exploiting-ssl-30.html
http://googleonlinesecurity.blogspot.hk/2014/10/this-poodle-bites-exploiting-ssl-30.html
安全技术
Breakpoint 2014 Slides
https://ruxconbreakpoint.com/slides/
https://ruxconbreakpoint.com/slides/
PEDA:Python Exploit Development Assistance for GDB
http://ropshell.com/peda/
http://ropshell.com/peda/
《安全参考》HACKCTO-201410-22
http://www.hackcto.com/post/2014-10-15/40063170495
http://www.hackcto.com/post/2014-10-15/40063170495
Easy RM to MP3 Converter(2.7.3.700)栈溢出漏洞调试笔记
http://drops.wooyun.org/papers/3178
http://drops.wooyun.org/papers/3178
SANDWORM APT Windows OLE PACKAGE INF 0day来袭
http://blog.vulnhunt.com/index.php/2014/10/14/cve-2014-4114_sandworm-apt-windows-ole-package-inf-arbitrary-code-execution/
http://blog.vulnhunt.com/index.php/2014/10/14/cve-2014-4114_sandworm-apt-windows-ole-package-inf-arbitrary-code-execution/
SSLStrip 的未来 —— HTTPS 前端劫持
http://www.cnblogs.com/index-html/p/ssl-frontend-hijack.html
http://www.cnblogs.com/index-html/p/ssl-frontend-hijack.html
Drupal 7.x SQL Injection exp (CVE-2014-3704)
http://www.unhonker.com/bug/1666.html
http://www.unhonker.com/bug/1666.html
Analysis of SandWorm (CVE-2014-4124) 0-Day
http://research.zscaler.com/2014/10/analysis-of-sandworm-cve-2014-4124-0-day.html
http://research.zscaler.com/2014/10/analysis-of-sandworm-cve-2014-4124-0-day.html
uxss在线测试页面
https://github.com/click1/uxss
https://github.com/click1/uxss
Metasploitable 2 Exploitability Guide
https://community.rapid7.com/docs/DOC-1875
https://community.rapid7.com/docs/DOC-1875
CCNP Security Firewall Day 01 ASA Intro, Basic fundation
http://pan.baidu.com/s/1dD6E9eL
http://pan.baidu.com/s/1dD6E9eL
DROPBOX.COM HACKED First Teaser
http://pastebin.com/aRgTJzzg
http://pastebin.com/aRgTJzzg
Sandworm to Blacken: The SCADA Connection
http://blog.trendmicro.com/trendlabs-security-intelligence/sandworm-to-blacken-the-scada-connection/
http://blog.trendmicro.com/trendlabs-security-intelligence/sandworm-to-blacken-the-scada-connection/
Win64bit提权0day漏洞(CVE-2014-4113)的样本
http://acibqjug4v.l3.yunpan.cn/lk/csfuISUqtG2iX
http://acibqjug4v.l3.yunpan.cn/lk/csfuISUqtG2iX
Alictf linux exploit解题
http://www.91ri.org/11043.html
http://www.91ri.org/11043.html
MS14-063 – FastFat vulnerability fixed years ago
http://blog.beyondtrust.com/ms14-063-fastfat-vulnerability-fixed-years-ago
http://blog.beyondtrust.com/ms14-063-fastfat-vulnerability-fixed-years-ago
Hack in the Box 2014 CTF Writeup
http://blog.orange.tw/2014/10/hack-in-box-2014-ctf-writeup-keygenme.html
http://blog.orange.tw/2014/10/hack-in-box-2014-ctf-writeup-keygenme.html
论持久战——带你走进腾讯DDoS防护体系
http://security.tencent.com/index.php/blog/msg/71
http://security.tencent.com/index.php/blog/msg/71
CSAW CTF 2014 VM
https://isisblogs.poly.edu/2014/10/14/csaw-ctf-2014-vm/
https://isisblogs.poly.edu/2014/10/14/csaw-ctf-2014-vm/
从Dump到POC系列一:Win32k内核提权漏洞分析
http://blogs.360.cn/blog/dump-to-poc-to-win32k-kernel-privilege-escalation-vulnerability/
http://blogs.360.cn/blog/dump-to-poc-to-win32k-kernel-privilege-escalation-vulnerability/
Drupal SQL Injection Attempts in the Wild
http://blog.sucuri.net/2014/10/drupal-sql-injection-attempts-in-the-wild.html
http://blog.sucuri.net/2014/10/drupal-sql-injection-attempts-in-the-wild.html
asis-ctf-finals-2014 write-ups
https://github.com/ctfs/write-ups/tree/master/asis-ctf-finals-2014#readme
https://github.com/ctfs/write-ups/tree/master/asis-ctf-finals-2014#readme
Two Limited, Targeted Attacks; Two New Zero-Days
http://www.fireeye.com/blog/technical/targeted-attack/2014/10/two-targeted-attacks-two-new-zero-days.html
http://www.fireeye.com/blog/technical/targeted-attack/2014/10/two-targeted-attacks-two-new-zero-days.html
An Analysis of Windows Zero-day Vulnerability ‘CVE-2014-4114’ aka
http://blog.trendmicro.com/trendlabs-security-intelligence/an-analysis-of-windows-zero-day-vulnerability-cve-2014-4114-aka-sandworm/
http://blog.trendmicro.com/trendlabs-security-intelligence/an-analysis-of-windows-zero-day-vulnerability-cve-2014-4114-aka-sandworm/
Hammer:A web vulnnerability scanner
https://github.com/yangbh/Hammer
https://github.com/yangbh/Hammer
The CERT Oracle Coding Standard for Java-Android
https://www.securecoding.cert.org/confluence/pages/viewpage.action?pageId=111509535
https://www.securecoding.cert.org/confluence/pages/viewpage.action?pageId=111509535
开源大数据查询分析引擎现状
http://yepeng.blog.51cto.com/3101105/1565691
http://yepeng.blog.51cto.com/3101105/1565691
Android UXSS阶段性小结及自动化测试
http://drops.wooyun.org/tools/3186
http://drops.wooyun.org/tools/3186
沙虫事件木马分析:BlackEnergy Use in 0day Attack CVE-2014-4114
http://blog.vulnhunt.com/index.php/2014/10/16/blackenergy-use-in-0day-attack-cve-2014-4114/
http://blog.vulnhunt.com/index.php/2014/10/16/blackenergy-use-in-0day-attack-cve-2014-4114/
Bypassing WAFs with SVG
https://www.securusglobal.com/community/2014/10/13/bypassing-wafs-with-svg/
https://www.securusglobal.com/community/2014/10/13/bypassing-wafs-with-svg/
破壳漏洞(ShellShock)应急概要 最终版V4
http://blog.knownsec.com/2014/10/shellshock_response_profile_v4/
http://blog.knownsec.com/2014/10/shellshock_response_profile_v4/
Malware Analysis: Case Study
https://www.notsosecure.com/blog/2014/10/16/malware-analysis/
https://www.notsosecure.com/blog/2014/10/16/malware-analysis/
Hadoop,超越MapReduce
http://vdisk.weibo.com/s/A0GI9rXObTJj/1413450007
http://vdisk.weibo.com/s/A0GI9rXObTJj/1413450007
沙虫(CVE-2014-4114)相关威胁综合分析报告
http://www.antiy.com/response/cve-2014-4114.html?from=timeline&isappinstalled=0
http://www.antiy.com/response/cve-2014-4114.html?from=timeline&isappinstalled=0
rsync的几则tips
http://phpsec.sinaapp.com/?p=245
http://phpsec.sinaapp.com/?p=245
Ghostery:Transparency + Control = Privacy
https://www.ghostery.com/en/
https://www.ghostery.com/en/
RecSys 2014 Sessions
https://www.youtube.com/playlist?list=PLaZufLfJumb9A95nS5AmY6G5mqYnwIfZX
https://www.youtube.com/playlist?list=PLaZufLfJumb9A95nS5AmY6G5mqYnwIfZX
DataTables: Table plug-in for jQuery
http://www.datatables.net/
http://www.datatables.net/
POODLE attacks on SSLv3
https://www.imperialviolet.org/2014/10/14/poodle.html
https://www.imperialviolet.org/2014/10/14/poodle.html
Drupal 7.31 pre Auth SQL Injection Vulnerability
https://www.sektioneins.de/en/blog/14-10-15-drupal-sql-injection-vulnerability.html
https://www.sektioneins.de/en/blog/14-10-15-drupal-sql-injection-vulnerability.html
Web流量劫持 —— 思维脑图
http://naotu.baidu.com/viewshare.html?shareId=aqn87r5unwss
http://naotu.baidu.com/viewshare.html?shareId=aqn87r5unwss
蔡学镛架构设计方法-2014-8-17
http://vdisk.weibo.com/s/q8FZMJO4W2qq
http://vdisk.weibo.com/s/q8FZMJO4W2qq
手机百度前端工程化之路
http://qdemo.sinaapp.com/box-fe-road.htm#0
http://qdemo.sinaapp.com/box-fe-road.htm#0
Drupal - pre Auth SQL Injection Vulnerability
http://drops.wooyun.org/papers/3197
http://drops.wooyun.org/papers/3197
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第33期)
