SecWiki周刊(第41期)
2014/12/08-2014/12/14
安全资讯
绝大部分php探针存在xss漏洞
http://www.wooyun.org/bugs/wooyun-2014-075468
http://www.wooyun.org/bugs/wooyun-2014-075468
企鹅Turla(Penquin Turla):史上最复杂的APT间谍软件
http://www.freebuf.com/news/53931.html
http://www.freebuf.com/news/53931.html
插入U盘自动攻击:BadUSB原理与实现(含视频)
http://www.freebuf.com/articles/terminal/53886.html
http://www.freebuf.com/articles/terminal/53886.html
黑客在朝鲜属于养尊处优的精英阶层
http://www.solidot.org/story?sid=42176
http://www.solidot.org/story?sid=42176
Top 10 Phishing Attacks of 2014
http://phishme.com/top-10-phishing-attacks-2014/
http://phishme.com/top-10-phishing-attacks-2014/
The Current State of Machine Intelligence
https://medium.com/@shivon/the-current-state-of-machine-intelligence-f76c20db2fe1
https://medium.com/@shivon/the-current-state-of-machine-intelligence-f76c20db2fe1
Security Updates available for Adobe Reader and Acrobat
http://helpx.adobe.com/security/products/reader/apsb14-28.html
http://helpx.adobe.com/security/products/reader/apsb14-28.html
谁蹭了我的WiFi?浅谈家用无线路由器攻防
http://www.freebuf.com/news/special/53556.html
http://www.freebuf.com/news/special/53556.html
安全技术
揭秘网络战军火商Vupen:0day在手,天下我有
http://www.freebuf.com/news/special/53722.html
http://www.freebuf.com/news/special/53722.html
Deobfuscation: recovering an OLLVM-protected program
http://blog.quarkslab.com/deobfuscation-recovering-an-ollvm-protected-program.html
http://blog.quarkslab.com/deobfuscation-recovering-an-ollvm-protected-program.html
新的U盘自动运行——BadUSB原理与实现
http://security.tencent.com/index.php/blog/msg/74
http://security.tencent.com/index.php/blog/msg/74
DefCamp 2014 video and slide
http://defcamp.ro/speakers/
http://defcamp.ro/speakers/
窃听风云——关机窃听原理与实现
http://security.tencent.com/index.php/blog/msg/73
http://security.tencent.com/index.php/blog/msg/73
NoSuchCon 2014 Videos
http://www.nosuchcon.org/streaming/video/
http://www.nosuchcon.org/streaming/video/
DEF CON 22 Audio Torrent is Live!
https://www.defcon.org/html/torrent/DEF%20CON%2022%20audio.torrent
https://www.defcon.org/html/torrent/DEF%20CON%2022%20audio.torrent
bandit:Python AST-based static analyzer
http://git.openstack.org/cgit/stackforge/bandit/
http://git.openstack.org/cgit/stackforge/bandit/
2014 SDN技术峰会
http://www.sdnlab.com/conference
http://www.sdnlab.com/conference
CVE-2014-8439 Vulnerability: Trend Micro Solutions Ahead of the Game
http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2014-8439-vulnerability-trend-micro-solutions-ahead-of-the-game/
http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2014-8439-vulnerability-trend-micro-solutions-ahead-of-the-game/
Faster fuzzing with Python
https://labs.mwrinfosecurity.com/blog/2014/12/10/faster-fuzzing-with-python/
https://labs.mwrinfosecurity.com/blog/2014/12/10/faster-fuzzing-with-python/
xss2shell:abusing XSS vulnerabilities on Wordpress and Joomla
https://github.com/Prochainezo/xss2shell
https://github.com/Prochainezo/xss2shell
Cloud Atlas: RedOctober APT is back in style
https://securelist.com/blog/research/68083/cloud-atlas-redoctober-apt-is-back-in-style/
https://securelist.com/blog/research/68083/cloud-atlas-redoctober-apt-is-back-in-style/
Metasploit: Good-bye msfpayload and msfencode
https://community.rapid7.com/community/metasploit/blog/2014/12/08/good-bye-msfpayload-and-msfencode
https://community.rapid7.com/community/metasploit/blog/2014/12/08/good-bye-msfpayload-and-msfencode
Simplify - Android Deobfuscator / Decryptor
http://androidcracking.blogspot.com/2014/12/simplify-android-deobfuscator-decryptor.html
http://androidcracking.blogspot.com/2014/12/simplify-android-deobfuscator-decryptor.html
关于和利时LK系列PLC安全性的杂谈
http://plcscan.org/blog/2014/12/hollysys-lk-series-plc-system-default-password-vulnerability/
http://plcscan.org/blog/2014/12/hollysys-lk-series-plc-system-default-password-vulnerability/
How Lastline Has Better Breach Detection Capabilities
http://blog.strom.com/wp/wp-content/uploads/2014/12/Lastline-review.pdf
http://blog.strom.com/wp/wp-content/uploads/2014/12/Lastline-review.pdf
'Destover' Malware Now Digitally Signed by Sony Certificates
http://securelist.com/blog/security-policies/68073/destover-malware-now-digitally-signed-by-sony-certificates/
http://securelist.com/blog/security-policies/68073/destover-malware-now-digitally-signed-by-sony-certificates/
xctf sctf summary, little writeup
http://anhkgg.gitcafe.com/sctf-summary/
http://anhkgg.gitcafe.com/sctf-summary/
渗透工具PuttyRider使用心得分享
http://bobao.360.cn/learning/detail/137.html
http://bobao.360.cn/learning/detail/137.html
Getting Started with OpenBTS
http://openbts.org/book/
http://openbts.org/book/
InsertScript: Multiple PDF Vulnerabilites
http://insert-script.blogspot.co.at/2014/12/multiple-pdf-vulnerabilites-text-and.html
http://insert-script.blogspot.co.at/2014/12/multiple-pdf-vulnerabilites-text-and.html
SCTF-WriteUp
http://drops.wooyun.org/tips/4243
http://drops.wooyun.org/tips/4243
Twitter sentiment analysis using Python and NLTK
http://www.laurentluce.com/posts/twitter-sentiment-analysis-using-python-and-nltk/
http://www.laurentluce.com/posts/twitter-sentiment-analysis-using-python-and-nltk/
APK签名校验绕过
http://drops.wooyun.org/mobile/4296
http://drops.wooyun.org/mobile/4296
IE Array Object Heap Spraying
http://www.cnblogs.com/wal613/p/3958692.html
http://www.cnblogs.com/wal613/p/3958692.html
典型移动恶意代码编年史第二期(更新至2014年11月)
http://blog.avlyun.com/2014/12/1813/malware-chronicle/
http://blog.avlyun.com/2014/12/1813/malware-chronicle/
AutoScan-Network : Free Network Scanner
http://autoscan-network.com/
http://autoscan-network.com/
SECCON CTF 2014 – Crypto 100
http://wiremask.eu/seccon-ctf-2014-crypto-100-easy-cipher/
http://wiremask.eu/seccon-ctf-2014-crypto-100-easy-cipher/
SCTF-WriteUp
http://drops.wooyun.org/tips/4243
http://drops.wooyun.org/tips/4243
Honeypots: Tracking Hackers
http://www.it-docs.net/ddata/792.pdf
http://www.it-docs.net/ddata/792.pdf
SCTF Writeup
http://www.secpulse.com/archives/2926.html
http://www.secpulse.com/archives/2926.html
-----微信ID:SecWiki-----
SecWiki,13年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第41期)
