SecWiki周刊(第42期)
2014/12/15-2014/12/21
安全资讯
FBI warns hacker groups are targeting US energy firms
http://www.welivesecurity.com/2014/12/15/fbi-warns-hacker-groups-targeting-us-energy-firms/
http://www.welivesecurity.com/2014/12/15/fbi-warns-hacker-groups-targeting-us-energy-firms/
The 5 Most Popular Frontend Frameworks of 2014 Compared
http://www.sitepoint.com/5-most-popular-frontend-frameworks-compared/
http://www.sitepoint.com/5-most-popular-frontend-frameworks-compared/
The Linux “Grinch” Vulnerability: Separating Fact From FUD
http://blog.threatstack.com/the-linux-grinch-vulnerability-separating-the-fact-from-the-fud
http://blog.threatstack.com/the-linux-grinch-vulnerability-separating-the-fact-from-the-fud
FireEye predictions for cybersecurity in 2015
http://www.zdnet.com/article/fireeye-predictions-for-cybersecurity-in-2015/#ftag=RSSbaffb68
http://www.zdnet.com/article/fireeye-predictions-for-cybersecurity-in-2015/#ftag=RSSbaffb68
Top 100+ Cyber Security Blogs & Infosec Resources
http://ddosattackprotection.org/blog/cyber-security-blogs/
http://ddosattackprotection.org/blog/cyber-security-blogs/
Wireless Aerial Surveillance Platform, the DIY Spy Drone
http://securityaffairs.co/wordpress/31190/hacking/wireless-aerial-surveillance-platform-diy-spy-drone.html
http://securityaffairs.co/wordpress/31190/hacking/wireless-aerial-surveillance-platform-diy-spy-drone.html
Gartner2014安全防护技术成熟度曲线
http://www.sec-un.org/security-technology-trends-gartner2014-security-protection-technology-maturity-curve.html
http://www.sec-un.org/security-technology-trends-gartner2014-security-protection-technology-maturity-curve.html
企业信息安全新思路应用代码审计
http://www.sec-un.org/new-idea-of-enterprise-information-security-application-code-audit.html
http://www.sec-un.org/new-idea-of-enterprise-information-security-application-code-audit.html
下一代安全威胁(1):TA(定向攻击)那些名词、那些事儿
http://www.sec-un.org/the-next-generation-of-security-threats-1-ta-directed-against-those-terms-those-things-2.html
http://www.sec-un.org/the-next-generation-of-security-threats-1-ta-directed-against-those-terms-those-things-2.html
新旧比较:APT 目标针对性攻击所用的漏洞
http://blog.csdn.net/iqushi/article/details/41946051
http://blog.csdn.net/iqushi/article/details/41946051
Agenda for 2014 ICS Cyber Security Conference
http://www.icscybersecurityconference.com/#!2014-conference-agenda/ch6q
http://www.icscybersecurityconference.com/#!2014-conference-agenda/ch6q
2014 Bot Traffic Report
http://www.incapsula.com/blog/bot-traffic-report-2014.html
http://www.incapsula.com/blog/bot-traffic-report-2014.html
The FBI Used the Web's Favorite Hacking Tool to Unmask Tor Users
http://www.wired.com/2014/12/fbi-metasploit-tor/
http://www.wired.com/2014/12/fbi-metasploit-tor/
安全技术
王力宏出演:2015年最新黑客电影《Blackhat》(含预告片)
http://www.freebuf.com/news/54368.html
http://www.freebuf.com/news/54368.html
android逆向菜鸟速参手册完蛋版
http://pan.baidu.com/share/link?shareid=3343403382&uk=1817307148
http://pan.baidu.com/share/link?shareid=3343403382&uk=1817307148
DNP3协议简单介绍及协议识别方法
http://plcscan.org/blog/2014/12/dnp3-protocol-overview/
http://plcscan.org/blog/2014/12/dnp3-protocol-overview/
IDAEye:IDA Pro plugin
http://www.mfmokbel.com/Down/RCE/Documentation.html
http://www.mfmokbel.com/Down/RCE/Documentation.html
SCTF(三叶草CTF) Write-Up
http://www.freebuf.com/articles/web/54176.html
http://www.freebuf.com/articles/web/54176.html
Underground Hacker Markets
http://www.secureworks.com/assets/pdf-store/white-papers/wp-dell-secureworks-underground-hacking-report.pdf
http://www.secureworks.com/assets/pdf-store/white-papers/wp-dell-secureworks-underground-hacking-report.pdf
Tutorial: WPA Packet Capture Explained
http://www.aircrack-ng.org/doku.php?id=wpa_capture
http://www.aircrack-ng.org/doku.php?id=wpa_capture
USBdriveby:backdoor and override DNS settings
http://samy.pl/usbdriveby/
http://samy.pl/usbdriveby/
WIFI万能钥匙协议分析
http://my.oschina.net/auo/blog/338168
http://my.oschina.net/auo/blog/338168
简易安全 rsync 远程多备份方案
http://ichuan.net/post/62/simple-secure-rsync-rotate-backup/
http://ichuan.net/post/62/simple-secure-rsync-rotate-backup/
二进制漏洞挖掘技术实战
http://blog.topsec.com.cn/ad_lab/010fuzz/
http://blog.topsec.com.cn/ad_lab/010fuzz/
10万WordPress网站沦陷:恶意软件SoakSoak来了
http://www.freebuf.com/news/54306.html
http://www.freebuf.com/news/54306.html
A hacky debugger UI
https://github.com/snare/voltron
https://github.com/snare/voltron
小型的Zoomeye----从技术细节探讨到实现
http://blog.csdn.net/u011721501/article/details/41967847
http://blog.csdn.net/u011721501/article/details/41967847
Worktile中百万级实时消息推送服务的实现
http://blog.jobbole.com/81125/
http://blog.jobbole.com/81125/
Lanmitm:Android中间人攻击测试工具
https://github.com/ssun125/Lanmitm
https://github.com/ssun125/Lanmitm
某EXCEL漏洞样本shellcode分析
http://blog.jowto.com/?p=81
http://blog.jowto.com/?p=81
Alina POS malware "sparks" off a new variant
http://blog.spiderlabs.com/2014/12/alina-pos-malware-sparks-off-a-new-variant.html
http://blog.spiderlabs.com/2014/12/alina-pos-malware-sparks-off-a-new-variant.html
Router Forensics project
http://www.router-forensics.net/
http://www.router-forensics.net/
Bypassing Windows 8.1 Mitigations using Unsafe COM Objects
http://www.contextis.com/resources/blog/windows-mitigaton-bypass/
http://www.contextis.com/resources/blog/windows-mitigaton-bypass/
大小写惹得祸:Git客户端中曝出高危漏洞
http://www.freebuf.com/news/54658.html
http://www.freebuf.com/news/54658.html
Google Chrome Exploitation – A Case Study
http://researchcenter.paloaltonetworks.com/2014/12/google-chrome-exploitation-case-study/
http://researchcenter.paloaltonetworks.com/2014/12/google-chrome-exploitation-case-study/
IPS BYPASS姿势
http://drops.wooyun.org/papers/4323
http://drops.wooyun.org/papers/4323
DataMaps:Customizable SVG map visualizations
http://datamaps.github.io/
http://datamaps.github.io/
Pangu8越狱中所用 /usr/libexec/neagent 漏洞原理分析
http://bbs.pediy.com/showthread.php?t=195495
http://bbs.pediy.com/showthread.php?t=195495
Android Content Provider Security
http://drops.wooyun.org/tips/4314
http://drops.wooyun.org/tips/4314
如何学习Android逆向—入门篇(完整示例)
http://oinux.com/how-to-learn-android-reverse-begin/
http://oinux.com/how-to-learn-android-reverse-begin/
Oracle数据库漏洞分析:无需用户名和密码进入你的数据库
http://www.freebuf.com/articles/database/54289.html
http://www.freebuf.com/articles/database/54289.html
CoolReaper Revealed: A Backdoor in Coolpad Android Devices
http://researchcenter.paloaltonetworks.com/2014/12/coolreaper-revealed-backdoor-coolpad-android-devices/
http://researchcenter.paloaltonetworks.com/2014/12/coolreaper-revealed-backdoor-coolpad-android-devices/
索尼影业愈100G数据泄露
http://www.secpulse.com/archives/3306.html
http://www.secpulse.com/archives/3306.html
Roll Your Own IP Attack Graphs with IPew
http://datadrivensecurity.info/blog/posts/2014/Oct/roll-your-own-ip-attack-graphs/
http://datadrivensecurity.info/blog/posts/2014/Oct/roll-your-own-ip-attack-graphs/
Tiny Jsp Backdoor Usage
http://www.secpulse.com/archives/3407.html
http://www.secpulse.com/archives/3407.html
leakdb:The Remedy for Billions of Security Leaks
https://leakdb.abusix.com/
https://leakdb.abusix.com/
kids:Kids Is Data Stream
https://github.com/zhihu/kids
https://github.com/zhihu/kids
Snoopy v2.0 - modular digital terrestrial tracking framework
https://github.com/sensepost/snoopy-ng
https://github.com/sensepost/snoopy-ng
浅谈移动金融业务外包开发中的信息安全风险
http://security.tencent.com/index.php/blog/msg/75
http://security.tencent.com/index.php/blog/msg/75
Nmap command help
https://highon.coffee/docs/nmap/
https://highon.coffee/docs/nmap/
Malware Attacks Targeting Syrian ISIS Critics
https://citizenlab.org/2014/12/malware-attack-targeting-syrian-isis-critics/
https://citizenlab.org/2014/12/malware-attack-targeting-syrian-isis-critics/
大数据翻页的难点和技巧
http://www.techug.com/big-data-pagination
http://www.techug.com/big-data-pagination
菜刀@20141213
http://www.maicaidao.com/
http://www.maicaidao.com/
Obfuscating "Hello world!"
http://benkurtovic.com/2014/06/01/obfuscating-hello-world.html
http://benkurtovic.com/2014/06/01/obfuscating-hello-world.html
《安全参考》HACKCTO-201412-24
http://pan.baidu.com/s/1mgkhGFY
http://pan.baidu.com/s/1mgkhGFY
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第42期)
