SecWiki周刊(第44期)
2014/12/29-2015/01/04
安全资讯
[论文]  IEEE Security & Privacy
http://spw15.langsec.org/
[恶意分析]  Gallery of Web Admin's Tears
http://blog.sucuri.net/2015/01/website-hacks-defacements-2014.html
[运维安全]  揭秘安全狗安全云主机12道加固工序
http://www.youxia.org/safedog-12.html
[漏洞分析]  Windows 8.1 (32/64 bit) - Privilege Escalation
http://www.exploit-db.com/exploits/35661/
[其它]  测一测才知道,百度安全软件是不是真流氓?
http://www.freebuf.com/news/special/55190.html
[漏洞分析]  The 5 Most Dangerous Software Bugs of 2014
http://www.wired.com/2014/12/most-dangerous-software-bugs-2014/
[漏洞分析]  Google Pays Out $50,000 Reward For App Engine Vulnerabilities
http://www.securityweek.com/google-pays-out-50000-reward-app-engine-vulnerabilities
[运维安全]  GitHub supports advanced search operators much like Google
https://github.com/search#search_cheatsheet_pane
[Web安全]  关于“安全威胁情报”的几个思考点漫谈
http://www.weibo.com/p/2304185610604c0102vbo0
[Web安全]  DEF CON CTF 2015
https://legitbs.net/
[Web安全]  Silicon Valley Security Meetup
http://silisec.org/meetup/2014/January/
[设备安全]  soundhax : getting unsigned code execution through sound (DS)
https://www.youtube.com/watch?v=zEd4Vw2bmBE&feature=youtu.be
[运维安全]  Top 10 Security Incidents and Vulnerabilities of 2014
http://news.hitb.org/content/top-10-security-incidents-and-vulnerabilities-2014
[Web安全]  微软威胁情报中心总经理 John Lambert 谈安全
http://www.weibo.com/p/1001603793127075874659
[其它]  SecWiki社团招募中
http://weibo.com/p/1001603795301793161356
[Web安全]  2014,这些网站的用户信息被黑客拿到了
http://www.daxigua.com/archives/491
[设备安全]  Hacker Generates Fingerprint of German Defense Minister from Public Photos
http://news.softpedia.com/news/Hacker-Copies-Fingerprint-of-German-Defense-Minister-from-Public-Photos-468459.shtml
安全技术
[工具]  DevOOPS – a modern bootstrap dashboard theme
http://devoops.me/themes/devoops2/
[漏洞分析]   Thunderstrike: EFI bootkits for Apple MacBooks
https://www.youtube.com/watch?v=TsRt76v8gPQ
[编程技术]  Pcshare远控源码偏重分析(一)
http://drops.wooyun.org/tips/4412
[漏洞分析]  wdbgark:WinDBG Anti-RootKit Extension
https://github.com/swwwolf/wdbgark
[文档]  PacSec 2014 Security Conference PPT
https://pacsec.jp/psj14archive.html
[文档]  too-many-cooks-exploiting-tr069_tal-oppenheim
http://mis.fortunecook.ie/too-many-cooks-exploiting-tr069_tal-oppenheim_31c3.pdf
[Web安全]  揭秘:对美国国安局(NSA)而言,加密技术大多已形同虚设
http://www.freebuf.com/news/55324.html
[漏洞分析]  Retargetable Decompiler Online
http://decompiler.fit.vutbr.cz/decompilation/
[数据挖掘]  python-libshorttext:setup script for libshorttext
https://github.com/2shou/python-libshorttext
[运维安全]  Hyperfox:HTTPs traffic interceptor
https://hyperfox.org/
[取证分析]  Log Analysis for Web Attacks: A Beginner's Guide
http://resources.infosecinstitute.com/log-analysis-web-attacks-beginners-guide/
[移动安全]  xdef2014-flanker-Android应用漏洞攻与防
http://vdisk.weibo.com/s/sRWJQLLcWVxM
[无线安全]  4G安全:通过SMS攻击USB调制解调器及SIM卡
http://bobao.360.cn/news/detail/1070.html
[Web安全]  RadicalResearch HSTS Super Cookies
http://www.radicalresearch.co.uk/lab/hstssupercookies/
[设备安全]  DNP3设备公网暴露情况统计与分析报告
http://plcscan.org/blog/2015/01/dnp3-on-the-internet/
[无线安全]  4G Security: Hacking USB Modem and SIM Card via SMS
http://blog.ptsecurity.com/2014/12/4g-security-hacking-usb-modem-and-sim.html
[数据挖掘]  内容分发平台个性化推荐系统经验简单总结
http://blog.csdn.net/yangbutao/article/details/42319317
[恶意分析]  Evolution of Banking Malwares, Part 1
http://resources.infosecinstitute.com/evolution-banking-malwares-part-1/
[恶意分析]  NSA today released 3 more compliance reports to Intel Oversight Board
http://t.co/6zFK2D2sah
[数据挖掘]  数据挖掘项目总结文档
http://needpp.com/post/10
[漏洞分析]  深入理解AVM验证器
http://vdisk.weibo.com/s/zo6LlFyd3FRe8/1420045341
[恶意分析]  miasm:Reverse engineering framework in Python
https://github.com/cea-sec/miasm
[数据挖掘]  Machine Learning Library
http://getprismatic.com/story/1419860920223
[恶意分析]  Hunting and Decrypting Communications of Gh0st RAT in Memory
http://malware-unplugged.blogspot.com/2015/01/hunting-and-decrypting-communications.html
[Web安全]  Intro to the VPN Exploitation Process
http://www.spiegel.de/media/media-35515.pdf
[恶意分析]  Attacks on UEFI Security slides
https://t.co/j8S6vgDcBH
[无线安全]  Introduction to RFID Security
http://resources.infosecinstitute.com/introduction-rfid-security/
[Web安全]  #31c3ctf writeups
http://tasteless.eu/?s=31c3
[编程技术]  正则表达式参考文档
http://www.regexlab.com/zh/regref.htm
[漏洞分析]  git漏洞cve-2014-9390分析
http://blog.vulnhunt.com/
[恶意分析]  APTnotes:Various public documents, whitepapers and articles
https://github.com/kbandla/APTnotes
[编程技术]  Python编写shellcode注入程序
http://drops.wooyun.org/tips/4413
[Web安全]  Isolating and Restricting Client-Side JavaScript
https://www.kuleuven.be/doctoraatsverdediging/cm/3E10/3E101004.htm
[漏洞分析]   Finding and exploiting ntpd vulnerabilities
http://googleprojectzero.blogspot.com/2015/01/finding-and-exploiting-ntpd.html
[漏洞分析]  安全漏洞本质扯谈之扯谈安全漏洞本质
http://www.weibo.com/p/1001643795222273386013
[Web安全]  2014年总结——竞赛的一年
http://maskray.me/blog/2014-12-31-summary
[编程技术]  程序员英语学习指引
http://zh.lucida.me/blog/english-for-programmers/
[Web安全]  利用CSP探测网站登陆状态
http://drops.wooyun.org/tips/4482
[Web安全]  夏日的风:盘点2014
http://lewisec.sinaapp.com/2014/12/31/my2014/
[运维安全]  被忽视的开发安全问题
http://drops.wooyun.org/papers/4439
[移动安全]  2014年移动恶意色情应用研究报告
http://blog.avlyun.com/2014/12/2026/mobile-malicious-porn-app/
[漏洞分析]  Mining for Bugs with Graph Database Queries
http://user.informatik.uni-goettingen.de/~fyamagu/pdfs/2014-ccc.pdf
[恶意分析]  Masochist:XNU Rootkit Framework
https://github.com/squiffy/Masochist
[Web安全]  浅谈PHP弱类型安全
http://drops.wooyun.org/tips/4483
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第44期)