SecWiki周刊(第43期)
2014/12/22-2014/12/28
安全资讯
31C3 CTF online
https://31c3ctf.aachen.ccc.de/announcements/
https://31c3ctf.aachen.ccc.de/announcements/
WPcache-Blogger:Affects Thousands more WordPress Websites
http://blog.sucuri.net/2014/12/new-malware-campaign-wpcache-blogger-affects-thousands-more-wordpress-websites-via-revslider.html
http://blog.sucuri.net/2014/12/new-malware-campaign-wpcache-blogger-affects-thousands-more-wordpress-websites-via-revslider.html
2014国内外数据泄密事件大盘点
http://www.freebuf.com/articles/database/54631.html
http://www.freebuf.com/articles/database/54631.html
2014年最值得观看的科技和商业领域TED演讲
http://www.36kr.com/p/218084.html
http://www.36kr.com/p/218084.html
高潮不断:攻击索尼的“格盘病毒”又重创了韩国核电站
http://www.freebuf.com/news/54958.html
http://www.freebuf.com/news/54958.html
2015 Security Predictions: The Rise of Hacking Campaigns
http://resources.infosecinstitute.com/2015-security-predictions-rise-hacking-campaigns/
http://resources.infosecinstitute.com/2015-security-predictions-rise-hacking-campaigns/
为什么你应该(从现在开始就)写博客
http://mindhacks.cn/2009/02/15/why-you-should-start-blogging-now/
http://mindhacks.cn/2009/02/15/why-you-should-start-blogging-now/
CIA Review of High-Value Target Assassination Programs
https://wikileaks.org/cia-hvt-counterinsurgency/page-1.html
https://wikileaks.org/cia-hvt-counterinsurgency/page-1.html
安全技术
随机更换代理的Burpsuite插件
http://zone.wooyun.org/content/17503
http://zone.wooyun.org/content/17503
Burp_MultiProxy(jar版)
http://zone.wooyun.org/content/17543
http://zone.wooyun.org/content/17543
Gif多图:我常用的 16 个 Sublime Text 快捷键
http://blog.jobbole.com/82527/
http://blog.jobbole.com/82527/
学点Python挺好
http://www.cnblogs.com/vamei/tag/Python/
http://www.cnblogs.com/vamei/tag/Python/
知名安全检测工具IBM Rational AppScan v9.0.1.1发布
http://www.freebuf.com/tools/55090.html
http://www.freebuf.com/tools/55090.html
snoopsnitch:collects and analyzes mobile radio data
https://opensource.srlabs.de/projects/snoopsnitch
https://opensource.srlabs.de/projects/snoopsnitch
基于bootstrap的网页开发
http://www.imooc.com/view/182?utm_source=jobboleweibo
http://www.imooc.com/view/182?utm_source=jobboleweibo
SS7: Locate. Track. Manipulate
http://streaming.media.ccc.de/relive/6249/
http://streaming.media.ccc.de/relive/6249/
极路由(HiWiFi)1S硬件分析与改造研究
http://www.freebuf.com/news/special/54862.html
http://www.freebuf.com/news/special/54862.html
如何进行浏览器Fuzz
http://bobao.360.cn/learning/detail/160.html
http://bobao.360.cn/learning/detail/160.html
从SQLiGOD到XSS
http://blog.sycsec.com/?p=505
http://blog.sycsec.com/?p=505
SoakSoak恶意软件追踪研究报告 V2
http://blog.knownsec.com/2014/12/soaksoak-v2/
http://blog.knownsec.com/2014/12/soaksoak-v2/
Hey, We Catch You: Dynamic Analysis of Android Applications
https://pacsec.jp/psj14/PSJ2014_Wenjun_Hey-%20We%20Catch%20You%20-%20Dynamic%20Analysis%20of%20Android%20Applications.pdf
https://pacsec.jp/psj14/PSJ2014_Wenjun_Hey-%20We%20Catch%20You%20-%20Dynamic%20Analysis%20of%20Android%20Applications.pdf
Mongodb未授权访问漏洞全网探测报告
http://www.hackersoul.com/post/mongodb_unauthorized_access_vulnerability_global_probing_report.html
http://www.hackersoul.com/post/mongodb_unauthorized_access_vulnerability_global_probing_report.html
BFuzzer:A Browser Fuzzer for Vulnerbilities
https://github.com/hikerell/BFuzzer
https://github.com/hikerell/BFuzzer
Mongodb学习笔记(3)--注入攻击篇
http://th1nk.info/index.php/%E5%AD%A6%E4%B9%A0%E7%AC%94%E8%AE%B0/65.html
http://th1nk.info/index.php/%E5%AD%A6%E4%B9%A0%E7%AC%94%E8%AE%B0/65.html
Memory corruption in QSEECOM driver (CVE-2014-4322)
https://www.codeaurora.org/projects/security-advisories/memory-corruption-qseecom-driver-cve-2014-4322
https://www.codeaurora.org/projects/security-advisories/memory-corruption-qseecom-driver-cve-2014-4322
Static DOM XSS scanner
http://dangerousprototypes.com/2014/11/21/static-dom-xss-scanner/
http://dangerousprototypes.com/2014/11/21/static-dom-xss-scanner/
网络信息安全攻防学习平台
http://hackinglab.sinaapp.com/
http://hackinglab.sinaapp.com/
firing-range:test bed for web application security scanners
https://github.com/google/firing-range
https://github.com/google/firing-range
Worldwide attacks on SS7/SIGTRAN network
http://www.slideshare.net/p1sec/worldwide-attacks-onss7networkp1securityhackito2014
http://www.slideshare.net/p1sec/worldwide-attacks-onss7networkp1securityhackito2014
theZoo:A repository of LIVE malwares
https://github.com/ytisf/theZoo
https://github.com/ytisf/theZoo
安全威胁情报体系的建设与应用-PPT
http://www.sec-un.org/construction-and-application-of-information-system-security-threats-ppt.html
http://www.sec-un.org/construction-and-application-of-information-system-security-threats-ppt.html
IE漏洞调试之CVE-2013-3893
http://www.freebuf.com/vuls/54786.html
http://www.freebuf.com/vuls/54786.html
深度剖析智能插座的破解过程
http://bobao.360.cn/learning/detail/163.html
http://bobao.360.cn/learning/detail/163.html
jother编码之谜
http://drops.wooyun.org/web/4410
http://drops.wooyun.org/web/4410
关于磊科(NetCore)全系列路由器中的“疑似后门”程序
http://www.weibo.com/p/1001603792736686871336
http://www.weibo.com/p/1001603792736686871336
oledump: Extracting Embedded EXE From DOC
http://blog.didierstevens.com/2014/12/23/oledump-extracting-embedded-exe-from-doc/
http://blog.didierstevens.com/2014/12/23/oledump-extracting-embedded-exe-from-doc/
你的银行卡,我的钱——POS机安全初探
http://security.tencent.com/index.php/blog/msg/76
http://security.tencent.com/index.php/blog/msg/76
【译】网络钓鱼检测:综述
http://cubernet.cn/phishing-review/
http://cubernet.cn/phishing-review/
metasploit在ubuntu系统下的安装配置
http://www.weibo.com/p/1001603792569774570534
http://www.weibo.com/p/1001603792569774570534
开源爬虫Scrapy的学习及应用
http://blog.csdn.net/heiyeshuwu/article/details/42170017
http://blog.csdn.net/heiyeshuwu/article/details/42170017
Online Shell Services Backdoor Analysises
http://h4x0resec.blogspot.tw/2014/12/online-shell-services-backdoor.html
http://h4x0resec.blogspot.tw/2014/12/online-shell-services-backdoor.html
一天可以学会的实用计算机技能
http://blog.jobbole.com/82633/
http://blog.jobbole.com/82633/
bypass 最新安全狗
http://lcx.cc/?i=4464
http://lcx.cc/?i=4464
常见的HTTPS攻击方法
http://drops.wooyun.org/tips/4403
http://drops.wooyun.org/tips/4403
Your Friendly North Korean Network Observer by nknetobserver
http://nknetobserver.github.io/
http://nknetobserver.github.io/
GSM Security Map
http://gsmmap.org/
http://gsmmap.org/
如何高效利用GitHub
http://www.yangzhiping.com/tech/github.html
http://www.yangzhiping.com/tech/github.html
Android Broadcast Security
http://drops.wooyun.org/tips/4393#comment-185348
http://drops.wooyun.org/tips/4393#comment-185348
Facebook Users Targeted By Android Same Origin Policy Exploit
http://blog.trendmicro.com/trendlabs-security-intelligence/facebook-users-targeted-by-android-same-origin-policy-exploit/
http://blog.trendmicro.com/trendlabs-security-intelligence/facebook-users-targeted-by-android-same-origin-policy-exploit/
CC-SHELLCODING framework
https://github.com/k33nteam/cc-shellcoding
https://github.com/k33nteam/cc-shellcoding
Android Broadcast Security
http://drops.wooyun.org/tips/4393
http://drops.wooyun.org/tips/4393
Linux内核源码分析方法
http://www.zeuux.com/blog/content/5429/
http://www.zeuux.com/blog/content/5429/
Damn Small FI Scanner
http://www.secpulse.com/archives/3526.html
http://www.secpulse.com/archives/3526.html
给使用Grinder不顺的朋友多一个选择
http://www.weibo.com/p/1001603790707428072287
http://www.weibo.com/p/1001603790707428072287
安全专题
Android在线分析平台
https://www.sec-wiki.com/topic/56
https://www.sec-wiki.com/topic/56
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第43期)
