SecWiki周刊（第40期)

SecWiki周刊（第40期）

2014/12/01-2014/12/07

安全资讯

[运维安全] SSDP：DDoS攻击的“新宠”
http://www.searchsecurity.com.cn/showcontent_86458.htm

[Web安全] 走近科学：那些年，媒体笔下被夸大的黑客
http://www.freebuf.com/news/special/53108.html

[Web安全] 一洞观全球：看各国网络战防御能力
http://blog.knownsec.com/2014/12/look_up_the_gloable_world_defence_ability_with_one_bug/

[Web安全] Bruce Schneier_信息安全事件响应领域的发展现状
http://vdisk.weibo.com/s/Ei9aTv-oZyZN

[Web安全] 事件追踪：索尼影视员工数据进一步泄露
http://www.freebuf.com/news/53605.html

[Web安全] 索尼聘请火眼公司调查大规模网络攻击事件
http://sc.qq.com/fx/t?r=Hbtgef

[Web安全] 肖新光：开放博弈方能网络强国
http://theory.people.com.cn/n/2014/1201/c386964-26124349.html

[漏洞分析] 从业之路_yuange1975
http://blog.sina.com.cn/s/blog_85e506df0100w7dn.html

[恶意分析] 黑客组织专门对华尔街公司发动钓鱼攻击
http://www.solidot.org/story?sid=42118

[Web安全] 索尼入侵事件新发现：强大的恶意程序BKDR_WIPALL
http://www.freebuf.com/news/53583.html

[设备安全] 伊朗黑客组织手术刀（Operation Cleaver）剑指全球工控系统
http://www.secpulse.com/archives/2831.html

[Web安全] 一周海外安全事件回顾：混乱的中东网络战
http://www.freebuf.com/news/53295.html

[Web安全] 中国顶级黑客团队Keen Team加入Google全球黑客天团计划
https://www.t00ls.net/news-28683.html

[Web安全] 索尼入侵事件与朝鲜有关？揭秘朝鲜黑客部队
http://www.freebuf.com/news/53333.html

安全技术

[Web安全] 射手网复活攻略：用百度快照和phantomjs让射手网起死回生
http://www.freebuf.com/news/special/53197.html

[无线安全] 802.11协议帧格式、Wi-Fi连接交互过程、无线破解入门研究
http://www.cnblogs.com/littlehann/p/3700357.html

[Web安全] 使用Burp Suite爆破Web应用密码
http://lewisec.sinaapp.com/2014/12/03/burpsuite-web/

[数据挖掘] Bazinga Team:阿里巴巴大数据竞赛
http://vdisk.weibo.com/s/vc5taB3Byfky/1408942526

[漏洞分析] wordpress 存储型XSS 全自动化攻击工具
http://www.secpulse.com/archives/2822.html

[运维安全] A look at the pcap file format
http://www.kroosec.com/2012/10/a-look-at-pcap-file-format.html

[漏洞分析] Offset2lib: bypassing full ASLR on 64bit Linux
http://cybersecurity.upv.es/attacks/offset2lib/offset2lib.html

[Web安全] 【Web漏洞响应】WordPress罕曝高危XSS
http://nsfocus.blog.163.com/blog/static/194602157201411232741227/

[数据挖掘] 通过nltk的机器学习方法实现论坛垃圾帖的过滤
http://blog.sina.com.cn/s/blog_630c58cb0100vkw3.html

[数据挖掘] TextRank4ZH:从中文文本中自动提取关键词和摘要
https://github.com/someus/TextRank4ZH

[漏洞分析] cve_2013_3918 exp分析
http://bbs.pediy.com/showthread.php?p=1334580#post1334580

[文档] hackfest2014 slide
https://files.sans.org/summit/hackfest2014/

[运维安全] SSL/TLS部署最佳实践
https://raw.githubusercontent.com/citypw/citypw-SCFE/master/security/Documentation/ssl-tls_deployment_best_practices.txt

[数据挖掘] 数据可视化：基本图表
http://www.ruanyifeng.com/blog/2014/11/basic-charts.html

[Web安全] 9447-ctf-2014 write-ups
https://github.com/ctfs/write-ups/tree/master/9447-ctf-2014

[数据挖掘] Stock Price Prediction With Big Data and Machine Learning
http://eugenezhulenev.com/blog/2014/11/14/stock-price-prediction-with-big-data-and-machine-learning/

[漏洞分析] Internet Explorer EPM沙盒跳出漏洞的分析（CVE-2014-6350）
http://drops.wooyun.org/papers/4162

[漏洞分析] CVE-2014-6321 schannel堆溢出漏洞分析
http://drops.wooyun.org/papers/4194

[书籍] EasyCTF Tutorials
http://learn.easyctf.com/

[漏洞分析] Escaping the Internet Explorer Sandbox
http://blog.trendmicro.com/trendlabs-security-intelligence/escaping-the-internet-explorer-sandbox-analyzing-cve-2014-6349/

[视频] DEF CON 22 Video and Slides Torrent
https://www.defcon.org/html/torrent/DEF%20CON%2022%20video%20and%20slides.torrent

[Web安全] Hurl.it — Make HTTP Requests
http://hurl.bosondata.net/

[运维安全] SDN落地的实践与思考：带着问题找方案，别管定义啦
http://www.infoq.com/cn/articles/sdn-practice-and-thinking-problem-plan#0-tsina-1-5746-397232819ff9a47a7b7e80a40613cfe1

[运维安全] 应对CC攻击的自动防御系统——原理与实现
http://drops.wooyun.org/%e8%bf%90%e7%bb%b4%e5%ae%89%e5%85%a8/4151

[漏洞分析] MS14-063 A Potential XP Exploit
http://blogs.cisco.com/security/talos/ms14-063-a-potential-xp-exploit

[漏洞分析] CVE-2014-1824 – A New Windows Fuzzing Target
http://blog.beyondtrust.com/cve-2014-1824-searching-for-windows-attack-surface

[设备安全] 许鑫：谈工控网络的脆弱性和安全防护技术
http://bobao.360.cn/course/detail/105.html

[数据挖掘] 大数据科学论坛PPT下载(11月30日-12月1日）
http://blog.sciencenet.cn/blog-3075-848329.html

[无线安全] WiGLE: Wireless Network Mapping
https://wigle.net/

[编程技术] Getting Started with Bootflat Framework
http://bootflat.github.io/getting-started.html

[Web安全] SpoofedMe Social Login Attack Discovered
http://securityintelligence.com/spoofedme-social-login-attack-discovered-by-ibm-x-force-researchers#.VIDxP6QlfjI

[无线安全] 利用GRC进行安全研究和审计 – 将无线电信号转换为数据包
http://drops.wooyun.org/wireless/4118

[编程技术] test VMs of Windows Download
https://www.modern.ie/en-us/virtualization-tools

[Web安全] Top cybersecurity predictions of 2015
http://www.zdnet.com/top-cybersecurity-predictions-of-2015-7000036102/

[编程技术] YC创业课中文社区
http://startupclass.club/

[Web安全] 高屋建瓴之WebMail攻与防
http://www.secpulse.com/archives/2664.html

[Web安全] Capture the Flag: Security Tools and Sites
http://faculty.cs.nku.edu/~waldenj/ctf/tools.html

[书籍] 用Python进行自然语言处理(中文)
http://vdisk.weibo.com/s/dxRHG7y0jQiPH

[Web安全] 9447 CTF 2014 – Web 100 – tumorous – Wiremask
http://wiremask.eu/9447-ctf-2014-web-100-tumorous/

[漏洞分析] Project Zero: Internet Explorer EPM Sandbox Escape CVE-2014-6350
http://googleprojectzero.blogspot.co.uk/2014/12/internet-explorer-epm-sandbox-escape.html

[移动安全] Attack on the Core
http://www.slideshare.net/PeterHlavaty/attack-on-the-core

[Web安全] Hacking Facebook.com/thanks Posting on behalf of your friends!
http://www.anandprakash.pw/2014/11/hacking-facebookcomthanks-posting-on.html

[漏洞分析] Methods for Binary Symbolic Execution (Anthony Romano's dissertation)
http://web.stanford.edu/~ajromano/dis.pdf

[Web安全] Installing Metasploit Framework on OS X Yosemite
http://hackerforhire.com.au/

[Web安全] OQL(对象查询语言)在产品实现中造成的RCE(Object Injection)
http://drops.wooyun.org/papers/4115

-----微信ID：SecWiki-----
SecWiki，12年来一直专注安全技术资讯分析！
SecWiki：https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第40期)

SecWiki周刊（第40期）

最新公告

友情链接

SecWiki公众号

安全学术圈