SecWiki周刊(第44期)
2014/12/29-2015/01/04
安全资讯
IEEE Security & Privacy
http://spw15.langsec.org/
http://spw15.langsec.org/
Gallery of Web Admin's Tears
http://blog.sucuri.net/2015/01/website-hacks-defacements-2014.html
http://blog.sucuri.net/2015/01/website-hacks-defacements-2014.html
揭秘安全狗安全云主机12道加固工序
http://www.youxia.org/safedog-12.html
http://www.youxia.org/safedog-12.html
Windows 8.1 (32/64 bit) - Privilege Escalation
http://www.exploit-db.com/exploits/35661/
http://www.exploit-db.com/exploits/35661/
测一测才知道,百度安全软件是不是真流氓?
http://www.freebuf.com/news/special/55190.html
http://www.freebuf.com/news/special/55190.html
The 5 Most Dangerous Software Bugs of 2014
http://www.wired.com/2014/12/most-dangerous-software-bugs-2014/
http://www.wired.com/2014/12/most-dangerous-software-bugs-2014/
Google Pays Out $50,000 Reward For App Engine Vulnerabilities
http://www.securityweek.com/google-pays-out-50000-reward-app-engine-vulnerabilities
http://www.securityweek.com/google-pays-out-50000-reward-app-engine-vulnerabilities
GitHub supports advanced search operators much like Google
https://github.com/search#search_cheatsheet_pane
https://github.com/search#search_cheatsheet_pane
关于“安全威胁情报”的几个思考点漫谈
http://www.weibo.com/p/2304185610604c0102vbo0
http://www.weibo.com/p/2304185610604c0102vbo0
DEF CON CTF 2015
https://legitbs.net/
https://legitbs.net/
Silicon Valley Security Meetup
http://silisec.org/meetup/2014/January/
http://silisec.org/meetup/2014/January/
soundhax : getting unsigned code execution through sound (DS)
https://www.youtube.com/watch?v=zEd4Vw2bmBE&feature=youtu.be
https://www.youtube.com/watch?v=zEd4Vw2bmBE&feature=youtu.be
微软威胁情报中心总经理 John Lambert 谈安全
http://www.weibo.com/p/1001603793127075874659
http://www.weibo.com/p/1001603793127075874659
Top 10 Security Incidents and Vulnerabilities of 2014
http://news.hitb.org/content/top-10-security-incidents-and-vulnerabilities-2014
http://news.hitb.org/content/top-10-security-incidents-and-vulnerabilities-2014
22 years of DEF CON
http://www.2501research.com/new-blog/2014/9/9/22-years-of-def-con-on-one-map
http://www.2501research.com/new-blog/2014/9/9/22-years-of-def-con-on-one-map
SecWiki社团招募中
http://weibo.com/p/1001603795301793161356
http://weibo.com/p/1001603795301793161356
2014,这些网站的用户信息被黑客拿到了
http://www.daxigua.com/archives/491
http://www.daxigua.com/archives/491
Hacker Generates Fingerprint of German Defense Minister from Public Photos
http://news.softpedia.com/news/Hacker-Copies-Fingerprint-of-German-Defense-Minister-from-Public-Photos-468459.shtml
http://news.softpedia.com/news/Hacker-Copies-Fingerprint-of-German-Defense-Minister-from-Public-Photos-468459.shtml
Vote For 2014 Best Security Tool
https://docs.google.com/forms/d/1akABnnF_3LPD6tkQWRfUDgMxpdMoJZZ-aeIz3p2XzVA/viewform?&hl=en
https://docs.google.com/forms/d/1akABnnF_3LPD6tkQWRfUDgMxpdMoJZZ-aeIz3p2XzVA/viewform?&hl=en
安全技术
DevOOPS – a modern bootstrap dashboard theme
http://devoops.me/themes/devoops2/
http://devoops.me/themes/devoops2/
Thunderstrike: EFI bootkits for Apple MacBooks
https://www.youtube.com/watch?v=TsRt76v8gPQ
https://www.youtube.com/watch?v=TsRt76v8gPQ
Pcshare远控源码偏重分析(一)
http://drops.wooyun.org/tips/4412
http://drops.wooyun.org/tips/4412
wdbgark:WinDBG Anti-RootKit Extension
https://github.com/swwwolf/wdbgark
https://github.com/swwwolf/wdbgark
PacSec 2014 Security Conference PPT
https://pacsec.jp/psj14archive.html
https://pacsec.jp/psj14archive.html
too-many-cooks-exploiting-tr069_tal-oppenheim
http://mis.fortunecook.ie/too-many-cooks-exploiting-tr069_tal-oppenheim_31c3.pdf
http://mis.fortunecook.ie/too-many-cooks-exploiting-tr069_tal-oppenheim_31c3.pdf
31C3: a new dawn
http://media.ccc.de/browse/congress/2014/index.html
http://media.ccc.de/browse/congress/2014/index.html
揭秘:对美国国安局(NSA)而言,加密技术大多已形同虚设
http://www.freebuf.com/news/55324.html
http://www.freebuf.com/news/55324.html
Retargetable Decompiler Online
http://decompiler.fit.vutbr.cz/decompilation/
http://decompiler.fit.vutbr.cz/decompilation/
A Cuckoo Sandbox Extension for Android
https://github.com/idanr1986/cuckoo?utm_content=buffer61912&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
https://github.com/idanr1986/cuckoo?utm_content=buffer61912&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
python-libshorttext:setup script for libshorttext
https://github.com/2shou/python-libshorttext
https://github.com/2shou/python-libshorttext
Hyperfox:HTTPs traffic interceptor
https://hyperfox.org/
https://hyperfox.org/
Log Analysis for Web Attacks: A Beginner's Guide
http://resources.infosecinstitute.com/log-analysis-web-attacks-beginners-guide/
http://resources.infosecinstitute.com/log-analysis-web-attacks-beginners-guide/
xdef2014-flanker-Android应用漏洞攻与防
http://vdisk.weibo.com/s/sRWJQLLcWVxM
http://vdisk.weibo.com/s/sRWJQLLcWVxM
4G安全:通过SMS攻击USB调制解调器及SIM卡
http://bobao.360.cn/news/detail/1070.html
http://bobao.360.cn/news/detail/1070.html
RadicalResearch HSTS Super Cookies
http://www.radicalresearch.co.uk/lab/hstssupercookies/
http://www.radicalresearch.co.uk/lab/hstssupercookies/
DNP3设备公网暴露情况统计与分析报告
http://plcscan.org/blog/2015/01/dnp3-on-the-internet/
http://plcscan.org/blog/2015/01/dnp3-on-the-internet/
4G Security: Hacking USB Modem and SIM Card via SMS
http://blog.ptsecurity.com/2014/12/4g-security-hacking-usb-modem-and-sim.html
http://blog.ptsecurity.com/2014/12/4g-security-hacking-usb-modem-and-sim.html
内容分发平台个性化推荐系统经验简单总结
http://blog.csdn.net/yangbutao/article/details/42319317
http://blog.csdn.net/yangbutao/article/details/42319317
On the new Snowden documents
http://blog.cryptographyengineering.com/2014/12/on-new-snowden-documents.html
http://blog.cryptographyengineering.com/2014/12/on-new-snowden-documents.html
Evolution of Banking Malwares, Part 1
http://resources.infosecinstitute.com/evolution-banking-malwares-part-1/
http://resources.infosecinstitute.com/evolution-banking-malwares-part-1/
NSA today released 3 more compliance reports to Intel Oversight Board
http://t.co/6zFK2D2sah
http://t.co/6zFK2D2sah
数据挖掘项目总结文档
http://needpp.com/post/10
http://needpp.com/post/10
miasm:Reverse engineering framework in Python
https://github.com/cea-sec/miasm
https://github.com/cea-sec/miasm
Machine Learning Library
http://getprismatic.com/story/1419860920223
http://getprismatic.com/story/1419860920223
Hunting and Decrypting Communications of Gh0st RAT in Memory
http://malware-unplugged.blogspot.com/2015/01/hunting-and-decrypting-communications.html
http://malware-unplugged.blogspot.com/2015/01/hunting-and-decrypting-communications.html
Intro to the VPN Exploitation Process
http://www.spiegel.de/media/media-35515.pdf
http://www.spiegel.de/media/media-35515.pdf
HHVM at Baidu
http://lamp.baidu.com/2014/11/04/hhvm-in-baidu/
http://lamp.baidu.com/2014/11/04/hhvm-in-baidu/
Attacks on UEFI Security slides
https://t.co/j8S6vgDcBH
https://t.co/j8S6vgDcBH
google-security-research Issues
https://code.google.com/p/google-security-research/issues/list?can=1&q=&colspec=ID+Type+Status+Priority+Milestone+Owner+Summary&cells=tiles
https://code.google.com/p/google-security-research/issues/list?can=1&q=&colspec=ID+Type+Status+Priority+Milestone+Owner+Summary&cells=tiles
Introduction to RFID Security
http://resources.infosecinstitute.com/introduction-rfid-security/
http://resources.infosecinstitute.com/introduction-rfid-security/
#31c3ctf writeups
http://tasteless.eu/?s=31c3
http://tasteless.eu/?s=31c3
git漏洞cve-2014-9390分析
http://blog.vulnhunt.com/
http://blog.vulnhunt.com/
APTnotes:Various public documents, whitepapers and articles
https://github.com/kbandla/APTnotes
https://github.com/kbandla/APTnotes
Python编写shellcode注入程序
http://drops.wooyun.org/tips/4413
http://drops.wooyun.org/tips/4413
Isolating and Restricting Client-Side JavaScript
https://www.kuleuven.be/doctoraatsverdediging/cm/3E10/3E101004.htm
https://www.kuleuven.be/doctoraatsverdediging/cm/3E10/3E101004.htm
Finding and exploiting ntpd vulnerabilities
http://googleprojectzero.blogspot.com/2015/01/finding-and-exploiting-ntpd.html
http://googleprojectzero.blogspot.com/2015/01/finding-and-exploiting-ntpd.html
ShmooCon Ticket Contest Writeup
http://www.projectmentor.net/2014/12/shmoocon-ticket-contest-writeup.html
http://www.projectmentor.net/2014/12/shmoocon-ticket-contest-writeup.html
安全漏洞本质扯谈之扯谈安全漏洞本质
http://www.weibo.com/p/1001643795222273386013
http://www.weibo.com/p/1001643795222273386013
2014年总结——竞赛的一年
http://maskray.me/blog/2014-12-31-summary
http://maskray.me/blog/2014-12-31-summary
利用CSP探测网站登陆状态
http://drops.wooyun.org/tips/4482
http://drops.wooyun.org/tips/4482
被忽视的开发安全问题
http://drops.wooyun.org/papers/4439
http://drops.wooyun.org/papers/4439
2014年移动恶意色情应用研究报告
http://blog.avlyun.com/2014/12/2026/mobile-malicious-porn-app/
http://blog.avlyun.com/2014/12/2026/mobile-malicious-porn-app/
World's Biggest Data Breaches
http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/static/
http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/static/
Mining for Bugs with Graph Database Queries
http://user.informatik.uni-goettingen.de/~fyamagu/pdfs/2014-ccc.pdf
http://user.informatik.uni-goettingen.de/~fyamagu/pdfs/2014-ccc.pdf
Masochist:XNU Rootkit Framework
https://github.com/squiffy/Masochist
https://github.com/squiffy/Masochist
浅谈PHP弱类型安全
http://drops.wooyun.org/tips/4483
http://drops.wooyun.org/tips/4483
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第44期)
