SecWiki周刊(第37期)
2014/11/10-2014/11/16
安全资讯
Iranian contractor named as Stuxnet 'patient zero
http://www.theregister.co.uk/2014/11/12/stuxnet_patient_zero/
http://www.theregister.co.uk/2014/11/12/stuxnet_patient_zero/
能存活19年的bug不是bug
http://www.vaikan.com/a-19-years-old-bug/
http://www.vaikan.com/a-19-years-old-bug/
京东安全应急响应中心第二届安全沙龙15日开讲
http://bobao.360.cn/activity/detail/53.html
http://bobao.360.cn/activity/detail/53.html
The Future of Incident Response
https://www.schneier.com/blog/archives/2014/11/the_future_of_i.html
https://www.schneier.com/blog/archives/2014/11/the_future_of_i.html
黑暗旅馆APT剑指全球高管
http://www.secpulse.com/archives/2099.html
http://www.secpulse.com/archives/2099.html
SANS:2014年安全分析与安全智能调研报告
http://yepeng.blog.51cto.com/3101105/1577208
http://yepeng.blog.51cto.com/3101105/1577208
互联网灰色产业链一角:流氓软件也挺”拼”的
http://blog.vulnhunt.com/index.php/2014/11/14/network_rogue_software/
http://blog.vulnhunt.com/index.php/2014/11/14/network_rogue_software/
Chinese Routing Errors Redirect Russian Traffic
http://research.dyn.com/2014/11/chinese-routing-errors-redirect-russian-traffic/
http://research.dyn.com/2014/11/chinese-routing-errors-redirect-russian-traffic/
Sophisticated Targeted Attack Via Hotel Networks
https://www.schneier.com/blog/archives/2014/11/sophisticated_t.html
https://www.schneier.com/blog/archives/2014/11/sophisticated_t.html
安全技术
IP.Board<=3.4.7 SQL注入漏洞(0day)POC
http://www.freebuf.com/vuls/50847.html
http://www.freebuf.com/vuls/50847.html
hctf writeup
http://anhkgg.gitcafe.com/hctf-writeup/
http://anhkgg.gitcafe.com/hctf-writeup/
未知攻焉知防——XXE漏洞攻防
http://www.secpulse.com/archives/850.html
http://www.secpulse.com/archives/850.html
CUIT 2014 Writeup
http://www.91ri.org/9482.html
http://www.91ri.org/9482.html
uctf-杂项题目分析
http://drops.wooyun.org/tips/3349
http://drops.wooyun.org/tips/3349
Hack.lu 2014 Writeup
http://drops.wooyun.org/tips/3420
http://drops.wooyun.org/tips/3420
用命令行录制屏幕操作视频
http://www.weibo.com/p/1001603776108683261811
http://www.weibo.com/p/1001603776108683261811
《安全参考》HACKCTO-201411-23
http://www.hackcto.com/post/2014-11-15/40064401666
http://www.hackcto.com/post/2014-11-15/40064401666
HCTF2014 Writeup(通关攻略) 完美版
http://bobao.360.cn/news/detail/796.html
http://bobao.360.cn/news/detail/796.html
Fedora Security Lab Test bench’s documentation
https://fedora-security-lab-test-bench.readthedocs.org/en/latest/#
https://fedora-security-lab-test-bench.readthedocs.org/en/latest/#
IP 库的那些事儿
https://www.evernote.com/shard/s1/sh/ecaa734a-f53f-4b92-a65b-f4b5be7cb8f3/931d01e038fdd256
https://www.evernote.com/shard/s1/sh/ecaa734a-f53f-4b92-a65b-f4b5be7cb8f3/931d01e038fdd256
Linux 服务安全器配置的20条建议
http://www.cyberciti.biz/tips/linux-security.html
http://www.cyberciti.biz/tips/linux-security.html
Playing with MS14-060 and MS14-058 [CVE-2014-4113 CVE-2014-4114]
http://labs.jumpsec.com/2014/11/10/playing-ms14-060-ms14-058-cve-2014-4113-cve-2014-4114-attacks-defenses/
http://labs.jumpsec.com/2014/11/10/playing-ms14-060-ms14-058-cve-2014-4113-cve-2014-4114-attacks-defenses/
用SDR分析未知HF信号:HDSDR+USRP+GNU Radio+RFMap
http://www.bilibili.com/video/av795582/index.html
http://www.bilibili.com/video/av795582/index.html
CVE-2014-1767 Afd.sys double-free vulnerability Analysis and Exploit
http://www.secniu.com/cve-2014-1767-afd-sys-double-free-vulnerability-analysis-and-exploit/
http://www.secniu.com/cve-2014-1767-afd-sys-double-free-vulnerability-analysis-and-exploit/
金融攻击事件分析:Tyupkin样本技术分析及攻击过程还原
http://blog.vulnhunt.com/index.php/2014/11/11/tyupkin_analysi/
http://blog.vulnhunt.com/index.php/2014/11/11/tyupkin_analysi/
版本管理工具介绍—Git篇
http://www.imooc.com/learn/208
http://www.imooc.com/learn/208
scada-tools
https://github.com/atimorin/scada-tools
https://github.com/atimorin/scada-tools
北京联合大学内网渗透小记
http://www.wooyun.org/bugs/wooyun-2014-077615
http://www.wooyun.org/bugs/wooyun-2014-077615
AndroidManifest二进制文件010 Editor模板
http://bbs.pediy.com/showthread.php?p=1329824#post1329824
http://bbs.pediy.com/showthread.php?p=1329824#post1329824
Spark:Open source IoT toolkit
https://www.spark.io/
https://www.spark.io/
绕过百度杀毒溢出保护的一些方法
http://blog.jowto.com/?p=55
http://blog.jowto.com/?p=55
Extending the ELF Core Format for Forensics Snapshots
http://www.leviathansecurity.com/wp-content/uploads/2014_11_Ryan_Oneill_Extended-Core-Format-Snapshots.pdf
http://www.leviathansecurity.com/wp-content/uploads/2014_11_Ryan_Oneill_Extended-Core-Format-Snapshots.pdf
Zabbix的前台SQL注射漏洞利用
http://www.secpulse.com/archives/2089.html
http://www.secpulse.com/archives/2089.html
西门子S7-1200 PLC识别指南与工具脚本
http://plcscan.org/blog/2014/11/s7-plc-discovery-tools-releases/
http://plcscan.org/blog/2014/11/s7-plc-discovery-tools-releases/
IBM X-Force Researcher Finds Significant Vulnerability in Microsoft Windows
http://securityintelligence.com/ibm-x-force-researcher-finds-significant-vulnerability-in-microsoft-windows/#.VGMkIDZpPBu
http://securityintelligence.com/ibm-x-force-researcher-finds-significant-vulnerability-in-microsoft-windows/#.VGMkIDZpPBu
第五季极客大挑战writeup
http://syclover.sinaapp.com/?p=369
http://syclover.sinaapp.com/?p=369
Php Codz Hacking
http://www.80vul.com/pch/
http://www.80vul.com/pch/
AndroidManifest二进制文件格式分析
http://bbs.pediy.com/showthread.php?p=1329538#post1329538
http://bbs.pediy.com/showthread.php?p=1329538#post1329538
谷歌公司发布程序员养成指南,推荐相关在线课程
http://mooc.guokr.com/post/610231/
http://mooc.guokr.com/post/610231/
OnionDuke: APT Attacks Via the Tor Network
http://www.f-secure.com/weblog/archives/00002764.html
http://www.f-secure.com/weblog/archives/00002764.html
配置ModSecurity防火墙与OWASP规则
http://4shell.org/archives/85.html
http://4shell.org/archives/85.html
伪基站 + 钓鱼 = 完美黑产
http://zhuanlan.zhihu.com/wooyun/19890065
http://zhuanlan.zhihu.com/wooyun/19890065
安全科普:让高大上的Bash破壳漏洞不再难理解(下)
http://www.freebuf.com/articles/system/50707.html
http://www.freebuf.com/articles/system/50707.html
AndroidManifest Ambiguity方案原理及代码
http://bbs.pediy.com/showthread.php?p=1329490#post1329490
http://bbs.pediy.com/showthread.php?p=1329490#post1329490
自动化渗透测试工具 – Heybe
http://www.freebuf.com/tools/50734.html
http://www.freebuf.com/tools/50734.html
Bypassing Microsoft’s Patch for the Sandworm Zero Day
http://blogs.mcafee.com/mcafee-labs/bypassing-microsofts-patch-for-the-sandworm-zero-day-even-editing-can-cause-harm
http://blogs.mcafee.com/mcafee-labs/bypassing-microsofts-patch-for-the-sandworm-zero-day-even-editing-can-cause-harm
simple-rootkit:attack against gcc and Python via kernel module
https://github.com/mrrrgn/simple-rootkit
https://github.com/mrrrgn/simple-rootkit
“破界”(WIRELURKER)综合分析报告
http://www.antiy.com/response/WireLurker.html
http://www.antiy.com/response/WireLurker.html
Critical Vulnerability and 'Godmode' Exploitation on CVE-2014-6332
http://blog.trendmicro.com/trendlabs-security-intelligence/a-killer-combo-critical-vulnerability-and-godmode-exploitation-on-cve-2014-6332/
http://blog.trendmicro.com/trendlabs-security-intelligence/a-killer-combo-critical-vulnerability-and-godmode-exploitation-on-cve-2014-6332/
HTML5和HTML4差异比较(工作草案)
http://www.w3.org/TR/2014/WD-html5-diff-20140918/
http://www.w3.org/TR/2014/WD-html5-diff-20140918/
WireEdit:网络数据包编辑工具
https://wireedit.com/
https://wireedit.com/
子域名爆破软件dnsmap介绍
http://pan.baidu.com/s/1nt5HMw5
http://pan.baidu.com/s/1nt5HMw5
假面攻击(Masque Attack)详细分析与利用
http://www.secpulse.com/archives/2123.html
http://www.secpulse.com/archives/2123.html
clickjacking漏洞的挖掘与利用
http://drops.wooyun.org/web/3801
http://drops.wooyun.org/web/3801
TWC: Malware Hunting with Mark Russinovich and the Sysinternals Tools
http://channel9.msdn.com/Events/TechEd/NorthAmerica/2014/DCIM-B368#fbid=
http://channel9.msdn.com/Events/TechEd/NorthAmerica/2014/DCIM-B368#fbid=
Website Malware Infections, Removal, and You
http://blog.sucuri.net/2014/11/the-art-of-website-malware-removal-the-basics.html
http://blog.sucuri.net/2014/11/the-art-of-website-malware-removal-the-basics.html
网络银行木马DYRE知多少(1)
http://blog.csdn.net/iqushi/article/details/41080457
http://blog.csdn.net/iqushi/article/details/41080457
XKungfoo2014安全会议全程纪实
http://www.freebuf.com/fevents/32658.html
http://www.freebuf.com/fevents/32658.html
Observing the Havex RAT
http://www.netresec.com/?page=Blog&month=2014-11&post=Observing-the-Havex-RAT
http://www.netresec.com/?page=Blog&month=2014-11&post=Observing-the-Havex-RAT
The G20 and the New Reality of Cyber Espionage
http://www.fireeye.com/blog/corporate/2014/11/the-g20-and-the-new-reality-of-cyber-espionage.html
http://www.fireeye.com/blog/corporate/2014/11/the-g20-and-the-new-reality-of-cyber-espionage.html
关于CTF的一些感想
http://le4f.net/post/essay/about-ctf
http://le4f.net/post/essay/about-ctf
PHP文件包含漏洞总结
http://drops.wooyun.org/tips/3827
http://drops.wooyun.org/tips/3827
Evolution of Upatre Trojan Downloader
http://research.zscaler.com/2014/11/evolution-of-upatre-trojan-downloader.html
http://research.zscaler.com/2014/11/evolution-of-upatre-trojan-downloader.html
安卓Bug 17356824 BroadcastAnywhere漏洞分析
http://xteam.baidu.com/?p=77
http://xteam.baidu.com/?p=77
Android Pattern Lock Cracker
https://github.com/sch3m4/androidpatternlock
https://github.com/sch3m4/androidpatternlock
树莓派打造无线扫描仪.
http://drops.wooyun.org/wireless/3810
http://drops.wooyun.org/wireless/3810
SSLStrip 终极版 —— location 劫持
http://drops.wooyun.org/web/3825
http://drops.wooyun.org/web/3825
追踪ICS扫描者(Trace ICS Scanner)
http://plcscan.org/blog/2014/11/trace-ics-scanner/
http://plcscan.org/blog/2014/11/trace-ics-scanner/
IBM X-Force Researcher Finds Significant Vulnerability in Microsoft Windows
http://securityintelligence.com/ibm-x-force-researcher-finds-significant-vulnerability-in-microsoft-windows/#.VGLkPtyUcxk
http://securityintelligence.com/ibm-x-force-researcher-finds-significant-vulnerability-in-microsoft-windows/#.VGLkPtyUcxk
小米11.11:海量数据压力下的推送服务
http://www.infoq.com/cn/news/2014/11/xiaomi-1111-pushservice
http://www.infoq.com/cn/news/2014/11/xiaomi-1111-pushservice
web扫描爬虫优化
http://drops.wooyun.org/tips/3831
http://drops.wooyun.org/tips/3831
Android运行时ART执行类方法的过程分析
http://blog.csdn.net/luoshengyang/article/details/40289405
http://blog.csdn.net/luoshengyang/article/details/40289405
WAP:Web Application Protection
http://sourceforge.net/projects/awap/
http://sourceforge.net/projects/awap/
Zabbix的前台SQL注射漏洞0day
http://navisec.it/zabbix%E7%9A%84%E5%89%8D%E5%8F%B0sql%E6%B3%A8%E5%B0%84%E6%BC%8F%E6%B4%9E0day/
http://navisec.it/zabbix%E7%9A%84%E5%89%8D%E5%8F%B0sql%E6%B3%A8%E5%B0%84%E6%BC%8F%E6%B4%9E0day/
渗透中寻找突破口的那些事
http://4shell.org/archives/63.html
http://4shell.org/archives/63.html
CODE-PyconCN2014
https://github.com/xtao/CODE-PyconCN2014
https://github.com/xtao/CODE-PyconCN2014
Android Logcat Security
http://drops.wooyun.org/tips/3812
http://drops.wooyun.org/tips/3812
Abusing Samsung KNOX to remotely install a malicious application
http://blog.quarkslab.com/abusing-samsung-knox-to-remotely-install-a-malicious-application-story-of-a-half-patched-vulnerability.html
http://blog.quarkslab.com/abusing-samsung-knox-to-remotely-install-a-malicious-application-story-of-a-half-patched-vulnerability.html
国内创业公司常用的服务
http://miao.hu/2014/11/14/startup-services/
http://miao.hu/2014/11/14/startup-services/
BugMeNot: find and share logins
http://bugmenot.com/
http://bugmenot.com/
How NSA's Cyber Warriors Helped Win (Sorta) The Last War in Iraq
http://www.matthewaid.com/post/102178369761/how-nsas-cyber-warriors-helped-win-sorta-the-last
http://www.matthewaid.com/post/102178369761/how-nsas-cyber-warriors-helped-win-sorta-the-last
检测php网站是否已经被攻破的方法
http://4shell.org/archives/62.html
http://4shell.org/archives/62.html
When's document.URL not document.URL
http://tyranidslair.blogspot.co.uk/2014/11/whens-documenturl-not-documenturl-cve.html
http://tyranidslair.blogspot.co.uk/2014/11/whens-documenturl-not-documenturl-cve.html
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第37期)
