SecWiki周刊(第40期)
2014/12/01-2014/12/07
安全资讯
[运维安全]  SSDP:DDoS攻击的“新宠”
http://www.searchsecurity.com.cn/showcontent_86458.htm
[Web安全]  走近科学:那些年,媒体笔下被夸大的黑客
http://www.freebuf.com/news/special/53108.html
[Web安全]  一洞观全球:看各国网络战防御能力
http://blog.knownsec.com/2014/12/look_up_the_gloable_world_defence_ability_with_one_bug/
[Web安全]  Bruce Schneier_信息安全事件响应领域的发展现状
http://vdisk.weibo.com/s/Ei9aTv-oZyZN
[Web安全]  事件追踪:索尼影视员工数据进一步泄露
http://www.freebuf.com/news/53605.html
[Web安全]  索尼聘请火眼公司调查大规模网络攻击事件
http://sc.qq.com/fx/t?r=Hbtgef
[Web安全]  肖新光:开放博弈方能网络强国
http://theory.people.com.cn/n/2014/1201/c386964-26124349.html
[漏洞分析]  从业之路_yuange1975
http://blog.sina.com.cn/s/blog_85e506df0100w7dn.html
[恶意分析]  黑客组织专门对华尔街公司发动钓鱼攻击
http://www.solidot.org/story?sid=42118
[Web安全]  索尼入侵事件新发现:强大的恶意程序BKDR_WIPALL
http://www.freebuf.com/news/53583.html
[设备安全]  伊朗黑客组织手术刀(Operation Cleaver)剑指全球工控系统
http://www.secpulse.com/archives/2831.html
[Web安全]  一周海外安全事件回顾:混乱的中东网络战
http://www.freebuf.com/news/53295.html
[Web安全]  中国顶级黑客团队Keen Team加入Google全球黑客天团计划
https://www.t00ls.net/news-28683.html
[Web安全]  索尼入侵事件与朝鲜有关?揭秘朝鲜黑客部队
http://www.freebuf.com/news/53333.html
安全技术
[Web安全]  射手网复活攻略:用百度快照和phantomjs让射手网起死回生
http://www.freebuf.com/news/special/53197.html
[无线安全]  802.11协议帧格式、Wi-Fi连接交互过程、无线破解入门研究
http://www.cnblogs.com/littlehann/p/3700357.html
[Web安全]  使用Burp Suite爆破Web应用密码
http://lewisec.sinaapp.com/2014/12/03/burpsuite-web/
[数据挖掘]  Bazinga Team:阿里巴巴大数据竞赛
http://vdisk.weibo.com/s/vc5taB3Byfky/1408942526
[漏洞分析]  wordpress 存储型XSS 全自动化攻击工具
http://www.secpulse.com/archives/2822.html
[运维安全]  A look at the pcap file format
http://www.kroosec.com/2012/10/a-look-at-pcap-file-format.html
[漏洞分析]  Offset2lib: bypassing full ASLR on 64bit Linux
http://cybersecurity.upv.es/attacks/offset2lib/offset2lib.html
[Web安全]  【Web漏洞响应】WordPress罕曝高危XSS
http://nsfocus.blog.163.com/blog/static/194602157201411232741227/
[数据挖掘]  通过nltk的机器学习方法实现论坛垃圾帖的过滤
http://blog.sina.com.cn/s/blog_630c58cb0100vkw3.html
[漏洞分析]  cve_2013_3918 exp分析
http://bbs.pediy.com/showthread.php?p=1334580#post1334580
[数据挖掘]  TextRank4ZH:从中文文本中自动提取关键词和摘要
https://github.com/someus/TextRank4ZH
[文档]  hackfest2014 slide
https://files.sans.org/summit/hackfest2014/
[数据挖掘]  数据可视化:基本图表
http://www.ruanyifeng.com/blog/2014/11/basic-charts.html
[数据挖掘]  Stock Price Prediction With Big Data and Machine Learning
http://eugenezhulenev.com/blog/2014/11/14/stock-price-prediction-with-big-data-and-machine-learning/
[漏洞分析]  Internet Explorer EPM沙盒跳出漏洞的分析(CVE-2014-6350)
http://drops.wooyun.org/papers/4162
[漏洞分析]  CVE-2014-6321 schannel堆溢出漏洞分析
http://drops.wooyun.org/papers/4194
[书籍]  EasyCTF Tutorials
http://learn.easyctf.com/
[Web安全]  Hurl.it — Make HTTP Requests
http://hurl.bosondata.net/
[运维安全]  SDN落地的实践与思考:带着问题找方案,别管定义啦
http://www.infoq.com/cn/articles/sdn-practice-and-thinking-problem-plan#0-tsina-1-5746-397232819ff9a47a7b7e80a40613cfe1
[运维安全]  应对CC攻击的自动防御系统——原理与实现
http://drops.wooyun.org/%e8%bf%90%e7%bb%b4%e5%ae%89%e5%85%a8/4151
[漏洞分析]  MS14-063 A Potential XP Exploit
http://blogs.cisco.com/security/talos/ms14-063-a-potential-xp-exploit
[漏洞分析]  CVE-2014-1824 – A New Windows Fuzzing Target
http://blog.beyondtrust.com/cve-2014-1824-searching-for-windows-attack-surface
[设备安全]  许鑫:谈工控网络的脆弱性和安全防护技术
http://bobao.360.cn/course/detail/105.html
[数据挖掘]  大数据科学论坛PPT下载(11月30日-12月1日)
http://blog.sciencenet.cn/blog-3075-848329.html
[无线安全]  WiGLE: Wireless Network Mapping
https://wigle.net/
[编程技术]  Getting Started with Bootflat Framework
http://bootflat.github.io/getting-started.html
[无线安全]  利用GRC进行安全研究和审计 – 将无线电信号转换为数据包
http://drops.wooyun.org/wireless/4118
[编程技术]   test VMs of Windows Download
https://www.modern.ie/en-us/virtualization-tools
[Web安全]  Top cybersecurity predictions of 2015
http://www.zdnet.com/top-cybersecurity-predictions-of-2015-7000036102/
[编程技术]  YC创业课中文社区
http://startupclass.club/
[Web安全]  高屋建瓴之WebMail攻与防
http://www.secpulse.com/archives/2664.html
[Web安全]  Capture the Flag: Security Tools and Sites
http://faculty.cs.nku.edu/~waldenj/ctf/tools.html
[书籍]  用Python进行自然语言处理(中文)
http://vdisk.weibo.com/s/dxRHG7y0jQiPH
[Web安全]  9447 CTF 2014 – Web 100 – tumorous – Wiremask
http://wiremask.eu/9447-ctf-2014-web-100-tumorous/
[漏洞分析]  Project Zero: Internet Explorer EPM Sandbox Escape CVE-2014-6350
http://googleprojectzero.blogspot.co.uk/2014/12/internet-explorer-epm-sandbox-escape.html
[Web安全]  Hacking Facebook.com/thanks Posting on behalf of your friends!
http://www.anandprakash.pw/2014/11/hacking-facebookcomthanks-posting-on.html
[漏洞分析]  Methods for Binary Symbolic Execution (Anthony Romano's dissertation)
http://web.stanford.edu/~ajromano/dis.pdf
[Web安全]  Installing Metasploit Framework on OS X Yosemite
http://hackerforhire.com.au/
[Web安全]  OQL(对象查询语言)在产品实现中造成的RCE(Object Injection)
http://drops.wooyun.org/papers/4115
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第40期)