SecWiki周刊(第42期)
2014/12/15-2014/12/21
安全资讯
[无线安全]  伪基站开源检测项目
https://github.com/SecUpwN/Android-IMSI-Catcher-Detector
[恶意分析]  FBI warns hacker groups are targeting US energy firms
http://www.welivesecurity.com/2014/12/15/fbi-warns-hacker-groups-targeting-us-energy-firms/
[编程技术]  The 5 Most Popular Frontend Frameworks of 2014 Compared
http://www.sitepoint.com/5-most-popular-frontend-frameworks-compared/
[漏洞分析]  The Linux “Grinch” Vulnerability: Separating Fact From FUD
http://blog.threatstack.com/the-linux-grinch-vulnerability-separating-the-fact-from-the-fud
[恶意分析]  FireEye predictions for cybersecurity in 2015
http://www.zdnet.com/article/fireeye-predictions-for-cybersecurity-in-2015/#ftag=RSSbaffb68
[恶意分析]  Top 100+ Cyber Security Blogs & Infosec Resources
http://ddosattackprotection.org/blog/cyber-security-blogs/
[无线安全]  Wireless Aerial Surveillance Platform, the DIY Spy Drone
http://securityaffairs.co/wordpress/31190/hacking/wireless-aerial-surveillance-platform-diy-spy-drone.html
[Web安全]  下一代安全威胁(1):TA(定向攻击)那些名词、那些事儿
http://www.sec-un.org/the-next-generation-of-security-threats-1-ta-directed-against-those-terms-those-things-2.html
[恶意分析]  新旧比较:APT 目标针对性攻击所用的漏洞
http://blog.csdn.net/iqushi/article/details/41946051
[设备安全]  Agenda for 2014 ICS Cyber Security Conference
http://www.icscybersecurityconference.com/#!2014-conference-agenda/ch6q
[恶意分析]  2014 Bot Traffic Report
http://www.incapsula.com/blog/bot-traffic-report-2014.html
[Web安全]  The FBI Used the Web's Favorite Hacking Tool to Unmask Tor Users
http://www.wired.com/2014/12/fbi-metasploit-tor/
安全技术
[其它]  王力宏出演:2015年最新黑客电影《Blackhat》(含预告片)
http://www.freebuf.com/news/54368.html
[移动安全]  android逆向菜鸟速参手册完蛋版
http://pan.baidu.com/share/link?shareid=3343403382&uk=1817307148
[设备安全]  DNP3协议简单介绍及协议识别方法
http://plcscan.org/blog/2014/12/dnp3-protocol-overview/
[恶意分析]  IDAEye:IDA Pro plugin
http://www.mfmokbel.com/Down/RCE/Documentation.html
[Web安全]  SCTF(三叶草CTF) Write-Up
http://www.freebuf.com/articles/web/54176.html
[无线安全]  Tutorial: WPA Packet Capture Explained
http://www.aircrack-ng.org/doku.php?id=wpa_capture
[设备安全]  USBdriveby:backdoor and override DNS settings
http://samy.pl/usbdriveby/
[无线安全]  WIFI万能钥匙协议分析
http://my.oschina.net/auo/blog/338168
[运维安全]  简易安全 rsync 远程多备份方案
http://ichuan.net/post/62/simple-secure-rsync-rotate-backup/
[Web安全]  10万WordPress网站沦陷:恶意软件SoakSoak来了
http://www.freebuf.com/news/54306.html
[漏洞分析]  二进制漏洞挖掘技术实战
http://blog.topsec.com.cn/ad_lab/010fuzz/
[工具]  A hacky debugger UI
https://github.com/snare/voltron
[Web安全]  小型的Zoomeye----从技术细节探讨到实现
http://blog.csdn.net/u011721501/article/details/41967847
[Web安全]  暴力破解字典
http://lewisec.sinaapp.com/2014/12/14/dic/
[编程技术]  Worktile中百万级实时消息推送服务的实现
http://blog.jobbole.com/81125/
[移动安全]  Lanmitm:Android中间人攻击测试工具
https://github.com/ssun125/Lanmitm
[恶意分析]  某EXCEL漏洞样本shellcode分析
http://blog.jowto.com/?p=81
[恶意分析]  Alina POS malware "sparks" off a new variant
http://blog.spiderlabs.com/2014/12/alina-pos-malware-sparks-off-a-new-variant.html
[取证分析]  Router Forensics project
http://www.router-forensics.net/
[漏洞分析]  Bypassing Windows 8.1 Mitigations using Unsafe COM Objects
http://www.contextis.com/resources/blog/windows-mitigaton-bypass/
[Web安全]  大小写惹得祸:Git客户端中曝出高危漏洞
http://www.freebuf.com/news/54658.html
[漏洞分析]  Google Chrome Exploitation – A Case Study
http://researchcenter.paloaltonetworks.com/2014/12/google-chrome-exploitation-case-study/
[Web安全]  IPS BYPASS姿势
http://drops.wooyun.org/papers/4323
[编程技术]  DataMaps:Customizable SVG map visualizations
http://datamaps.github.io/
[漏洞分析]  Pangu8越狱中所用 /usr/libexec/neagent 漏洞原理分析
http://bbs.pediy.com/showthread.php?t=195495
[移动安全]  Android Content Provider Security
http://drops.wooyun.org/tips/4314
[移动安全]  如何学习Android逆向—入门篇(完整示例)
http://oinux.com/how-to-learn-android-reverse-begin/
[Web安全]  Oracle数据库漏洞分析:无需用户名和密码进入你的数据库
http://www.freebuf.com/articles/database/54289.html
[移动安全]  CoolReaper Revealed: A Backdoor in Coolpad Android Devices
http://researchcenter.paloaltonetworks.com/2014/12/coolreaper-revealed-backdoor-coolpad-android-devices/
[Web安全]  索尼影业愈100G数据泄露
http://www.secpulse.com/archives/3306.html
[恶意分析]  Roll Your Own IP Attack Graphs with IPew
http://datadrivensecurity.info/blog/posts/2014/Oct/roll-your-own-ip-attack-graphs/
[Web安全]  Tiny Jsp Backdoor Usage
http://www.secpulse.com/archives/3407.html
[Web安全]  leakdb:The Remedy for Billions of Security Leaks
https://leakdb.abusix.com/
[运维安全]  kids:Kids Is Data Stream
https://github.com/zhihu/kids
[无线安全]  Snoopy v2.0 - modular digital terrestrial tracking framework
https://github.com/sensepost/snoopy-ng
[移动安全]  浅谈移动金融业务外包开发中的信息安全风险
http://security.tencent.com/index.php/blog/msg/75
[Web安全]  Nmap command help
https://highon.coffee/docs/nmap/
[恶意分析]  Malware Attacks Targeting Syrian ISIS Critics
https://citizenlab.org/2014/12/malware-attack-targeting-syrian-isis-critics/
[编程技术]  大数据翻页的难点和技巧
http://www.techug.com/big-data-pagination
[Web安全]  菜刀@20141213
http://www.maicaidao.com/
[杂志]  《安全参考》HACKCTO-201412-24
http://pan.baidu.com/s/1mgkhGFY
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第42期)