SecWiki周刊(第34期)
2014/10/20-2014/10/26
安全资讯
Chinese MITM Attack on iCloud
http://www.netresec.com/?page=Blog&month=2014-10&post=Chinese-MITM-Attack-on-iCloud
http://www.netresec.com/?page=Blog&month=2014-10&post=Chinese-MITM-Attack-on-iCloud
一周海外安全事件回顾(10.06-10.19):互联网之王
http://www.freebuf.com/news/47895.html
http://www.freebuf.com/news/47895.html
Tor出口节点在用户下载的二进制文件中注入恶意程序
http://www.solidot.org/story?sid=41609
http://www.solidot.org/story?sid=41609
安全技术
猴子都能懂的GIT入门
http://backlogtool.com/git-guide/cn/
http://backlogtool.com/git-guide/cn/
Conference Agenda HITBSecConf2014
https://conference.hitb.org/hitbsecconf2014kul/agenda/
https://conference.hitb.org/hitbsecconf2014kul/agenda/
J2EEScan:J2EE Security Scanner Burp Suite Plugin
https://bitbucket.org/ilmila/j2eescan/
https://bitbucket.org/ilmila/j2eescan/
OpenBTS-UMTS:3G UMTS Data Radio Access Network Node
https://github.com/RangeNetworks/OpenBTS-UMTS
https://github.com/RangeNetworks/OpenBTS-UMTS
云端博弈——云安全入侵取证及思考
http://security.tencent.com/index.php/blog/msg/72
http://security.tencent.com/index.php/blog/msg/72
Security Headers on the Top 1,000,000 Websites: October 2014 Report
https://www.veracode.com/blog/2014/10/security-headers-top-1000000-websites-october-2014-report
https://www.veracode.com/blog/2014/10/security-headers-top-1000000-websites-october-2014-report
Symposium on Operating Systems Design and Implementation
https://www.usenix.org/conference/osdi14/technical-sessions
https://www.usenix.org/conference/osdi14/technical-sessions
NoSuchCon 2014 schedule
http://www.nosuchcon.org/#schedule
http://www.nosuchcon.org/#schedule
Windows内核提权漏洞CVE-2014-4113分析报告
http://drops.wooyun.org/papers/3324
http://drops.wooyun.org/papers/3324
WooYun WIFI 成长史
http://drops.wooyun.org/tips/3248
http://drops.wooyun.org/tips/3248
Shellcode Analysis Pipleine
http://7h3ram.github.io/2014/3/18/shellcode-pipeline/
http://7h3ram.github.io/2014/3/18/shellcode-pipeline/
[CTF]AliCTF-Final-2014-Writeup
http://le4f.net/post/writeup/-ctf-alictf-final-2014-writeup
http://le4f.net/post/writeup/-ctf-alictf-final-2014-writeup
Presentation: Extreme Privilege Escalation On Windows 8/UEFI Systems
https://www.mitre.org/publications/technical-papers/presentation-extreme-privilege-escalation-on-windows-8uefi-systems
https://www.mitre.org/publications/technical-papers/presentation-extreme-privilege-escalation-on-windows-8uefi-systems
XCTF两道web题目的writeup
http://www.leavesongs.com/PENETRATION/Mini-XCTF-Writeup.html
http://www.leavesongs.com/PENETRATION/Mini-XCTF-Writeup.html
Dropping Files Into Temp Folder Raises Security Concerns
http://blogs.mcafee.com/mcafee-labs/dropping-files-temp-folder-raises-security-concerns
http://blogs.mcafee.com/mcafee-labs/dropping-files-temp-folder-raises-security-concerns
OrcaRAT - A whale of a tale
http://pwc.blogs.com/cyber_security_updates/2014/10/orcarat-a-whale-of-a-tale.html
http://pwc.blogs.com/cyber_security_updates/2014/10/orcarat-a-whale-of-a-tale.html
Hackweek几点感受
http://www.raychase.net/2631
http://www.raychase.net/2631
2014 H1绿盟科技反数据泄露报告
http://www.nsfocus.com/report/2014_H1_NSFOCUS_DATA_BREACH_REPORT.PDF
http://www.nsfocus.com/report/2014_H1_NSFOCUS_DATA_BREACH_REPORT.PDF
初步玩-破解学校水卡
http://admin.gxhc520.cn/learn_notes/705
http://admin.gxhc520.cn/learn_notes/705
“洋葱头”路由安全性分析与改进
http://zhaisj.blog.51cto.com/219066/1541883
http://zhaisj.blog.51cto.com/219066/1541883
IRMA:Incident Response Malware Analysis
http://irma.quarkslab.com/index.html
http://irma.quarkslab.com/index.html
pycrumbs:Python资源大全
http://hao.jobbole.com/python-pycrumbs/
http://hao.jobbole.com/python-pycrumbs/
wfuzz:The Web Bruteforcer
https://github.com/xmendez/wfuzz
https://github.com/xmendez/wfuzz
github 上 Fork 别人的项目后的常用的操作指南
http://www.php-oa.com/2014/10/22/github-operation.html
http://www.php-oa.com/2014/10/22/github-operation.html
ShapeShifter: The emperor’s new web security technology
http://blog.securitee.org/?p=309
http://blog.securitee.org/?p=309
Reverse engineering - Shellcodes techniques
http://www.slideshare.net/erangoldstein/reverse-engineering-shellcodes-techniques
http://www.slideshare.net/erangoldstein/reverse-engineering-shellcodes-techniques
Discuz!7.2 faq.php文件SQL注入漏洞分析及利用实战
http://simeon.blog.51cto.com/18680/1440000
http://simeon.blog.51cto.com/18680/1440000
沉默中的狂怒 —— Cookie 大喷发
http://www.cnblogs.com/index-html/p/mitm-cookie-sniffer.html
http://www.cnblogs.com/index-html/p/mitm-cookie-sniffer.html
Android证书信任问题与大表哥
http://drops.wooyun.org/tips/3296
http://drops.wooyun.org/tips/3296
exitmap:fast and extensible Python-based scanner for Tor exit relays
https://github.com/NullHypothesis/exitmap
https://github.com/NullHypothesis/exitmap
Shellshock漏洞回顾与分析测试
http://drops.wooyun.org/papers/3268
http://drops.wooyun.org/papers/3268
CVE-2014-0569漏洞分析
http://weibo.com/p/1001603769606924861349
http://weibo.com/p/1001603769606924861349
2014-internet-security-report-q3
http://vdisk.weibo.com/s/C72IDYVyetPLq/1414113806
http://vdisk.weibo.com/s/C72IDYVyetPLq/1414113806
Why You Should Add Joern to Your Source Code Audit Toolkit
http://www.praetorian.com/blog/why-you-should-add-joern-to-your-source-code-audit-toolkit
http://www.praetorian.com/blog/why-you-should-add-joern-to-your-source-code-audit-toolkit
PHP+MySQL实现身份证信息查询API
http://cloudbbs.org/forum.php?mod=viewthread&tid=22440
http://cloudbbs.org/forum.php?mod=viewthread&tid=22440
网站安全狗最新版绕过测试
http://phpsec.sinaapp.com/?p=270
http://phpsec.sinaapp.com/?p=270
write-ups hack-lu-ctf-2014
https://github.com/ctfs/write-ups/tree/master/hack-lu-ctf-2014#readme
https://github.com/ctfs/write-ups/tree/master/hack-lu-ctf-2014#readme
HTML 5 History API的”前生今世”
http://www.ido321.com/1069.html
http://www.ido321.com/1069.html
网站安全狗最新版绕过测试
http://phpsec.sinaapp.com/?p=270
http://phpsec.sinaapp.com/?p=270
WEB开发基础 — web开发最佳实践手册
http://wf.uisdc.com/
http://wf.uisdc.com/
SSD在新浪数据库平台优化实践
http://vdisk.weibo.com/s/vfXX1rzjdzOA
http://vdisk.weibo.com/s/vfXX1rzjdzOA
安全专题
互联网安全岗位招聘网址
https://www.sec-wiki.com/topic/48
https://www.sec-wiki.com/topic/48
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第34期)
