SecWiki周刊(第45期)
2015/01/05-2015/01/11
安全资讯
SRG:Security Research Group For Student
http://srg.gitcafe.io/
http://srg.gitcafe.io/
扒一扒那些“开后门”的路由器厂商
http://www.freebuf.com/news/special/55444.html
http://www.freebuf.com/news/special/55444.html
World’s first (known) bootkit for OS X can permanently backdoor Macs
http://arstechnica.com/security/2015/01/worlds-first-known-bootkit-for-os-x-can-permanently-backdoor-macs/
http://arstechnica.com/security/2015/01/worlds-first-known-bootkit-for-os-x-can-permanently-backdoor-macs/
[网络安全]美国网络信息安全产业格局分析报告
http://mp.weixin.qq.com/s?__biz=MjM5NDMzNTk2MA==&mid=202435694&idx=3&sn=2e67bdf66924b00507855140d2e02630&scene=2&from=timeline&isappinstalled=0%23rd
http://mp.weixin.qq.com/s?__biz=MjM5NDMzNTk2MA==&mid=202435694&idx=3&sn=2e67bdf66924b00507855140d2e02630&scene=2&from=timeline&isappinstalled=0%23rd
SecWiki如何快捷提交资讯
http://www.sec-wiki.com/about/submit
http://www.sec-wiki.com/about/submit
Top 10 Web Hacking Techniques of 2014
http://blog.whitehatsec.com/top-10-web-hacking-techniques-of-2014/
http://blog.whitehatsec.com/top-10-web-hacking-techniques-of-2014/
情境感知(Context-Aware-Security)的几点理解
http://www.sec-un.org/context-aware-context-aware-security-several-points-of-understanding.html
http://www.sec-un.org/context-aware-context-aware-security-several-points-of-understanding.html
深入大数据安全分析:为什么需要大数据安全分析
http://yepeng.blog.51cto.com/3101105/1599937
http://yepeng.blog.51cto.com/3101105/1599937
Who’s Attacking Whom? Realtime Attack Trackers
http://krebsonsecurity.com/2015/01/whos-attacking-whom-realtime-attack-trackers/
http://krebsonsecurity.com/2015/01/whos-attacking-whom-realtime-attack-trackers/
REcon:2015 computer security conference
http://recon.cx/2015/index.html
http://recon.cx/2015/index.html
AOL Advertising Network Abused to Distribute Malware
http://thehackernews.com/2015/01/aol-advertising-network-abused-to_6.html
http://thehackernews.com/2015/01/aol-advertising-network-abused-to_6.html
ShmooCon 2015 Schedule
http://www.shmoocon.org/schedule
http://www.shmoocon.org/schedule
Linux恶意软件简史
http://select.yeeyan.org/view/102595/439271
http://select.yeeyan.org/view/102595/439271
VulReport in TW
https://vulreport.net/
https://vulreport.net/
Cyber-Terrorism: Complexity and Strategy
http://resources.infosecinstitute.com/cyber-terrorism-complexity-strategy/
http://resources.infosecinstitute.com/cyber-terrorism-complexity-strategy/
DOD Fights Researcher Over Access to Report on Israel's Nuclear Needs
http://www.courthousenews.com/2014/12/31/dod-fights-researcher-over-access-to-report-on-israels-nuclear-needs.htm
http://www.courthousenews.com/2014/12/31/dod-fights-researcher-over-access-to-report-on-israels-nuclear-needs.htm
Video: Hackers: the Internet's immune system
http://www.ted.com/talks/keren_elazari_hackers_the_internet_s_immune_system?
http://www.ted.com/talks/keren_elazari_hackers_the_internet_s_immune_system?
NUKE同学共享的安全威胁情报相关资料
http://www.sec-un.org/nuke-classmates-shared-security-threat-intelligence-related-information-continuous-updates.html
http://www.sec-un.org/nuke-classmates-shared-security-threat-intelligence-related-information-continuous-updates.html
美国能源部的安全威胁情报应用案例 Flexible Transform
http://www.sec-un.org/united-states-energy-security-threat-intelligence-application-flexible-transform.html
http://www.sec-un.org/united-states-energy-security-threat-intelligence-application-flexible-transform.html
ICCS 2015:International Conference on Cyber Security
http://iccs.fordham.edu/program/iccs2015/
http://iccs.fordham.edu/program/iccs2015/
安全技术
Metasploit系列教程(第一季)
http://www.freebuf.com/articles/web/35930.html
http://www.freebuf.com/articles/web/35930.html
website backdoors leverage the pastebin service
http://blog.sucuri.net/2015/01/website-backdoors-leverage-the-pastebin-service.html
http://blog.sucuri.net/2015/01/website-backdoors-leverage-the-pastebin-service.html
深度:针对超强手机木马DenDroid的分析与测试
http://www.freebuf.com/tools/55392.html
http://www.freebuf.com/tools/55392.html
“暗隐间谍”--利用NDK NativeActivity技术实现Android加固
http://blog.csdn.net/androidsecurity/article/details/42142575
http://blog.csdn.net/androidsecurity/article/details/42142575
Dalvik 指令集汇编
http://hj-h.com/558.html
http://hj-h.com/558.html
Kali Linux 视频教程
http://www.cnblogs.com/xuanhun/tag/Kali%20Linux/
http://www.cnblogs.com/xuanhun/tag/Kali%20Linux/
30 Best Sources For Linux / *BSD / Unix Documentation On the Web
http://www.cyberciti.biz/tips/linux-unix-bsd-documentations.html
http://www.cyberciti.biz/tips/linux-unix-bsd-documentations.html
Spy vs. Spy: Rumor Source Obfuscation
http://arxiv.org/pdf/1412.8439.pdf
http://arxiv.org/pdf/1412.8439.pdf
Hacker学习发展流程图 V1.0
http://a1pass.blog.163.com/blog/static/29713732201505105831199
http://a1pass.blog.163.com/blog/static/29713732201505105831199
Augmenting Binary Analysis with Python and Pin on Vimeo
http://vimeo.com/album/3063779/video/114700985
http://vimeo.com/album/3063779/video/114700985
2014 Video archives of security conferences and workshops
http://contagiodump.blogspot.com/2015/01/video-archives-of-security-conferences.html
http://contagiodump.blogspot.com/2015/01/video-archives-of-security-conferences.html
bypass防火墙绕过技巧总结
http://lcx.cc/?i=4474
http://lcx.cc/?i=4474
Yeslab现任明教教主TCP/IP 2011完整版
http://www.tudou.com/plcover/_ZtUcoNtguw/
http://www.tudou.com/plcover/_ZtUcoNtguw/
XboxOne_NOV_SDK Download
https://mega.co.nz/#!iEhAETgQ!EUMxhVRGl4ENGfGmWIPmLEPNieuA5Z5TzNOxhkrFjaA
https://mega.co.nz/#!iEhAETgQ!EUMxhVRGl4ENGfGmWIPmLEPNieuA5Z5TzNOxhkrFjaA
31C3 CTF web关writeup
http://drops.wooyun.org/papers/4525
http://drops.wooyun.org/papers/4525
Embedded devices hacking --IPCAM hacking
http://hackdog.me/dog/index.php/2014/11/17/3.html
http://hackdog.me/dog/index.php/2014/11/17/3.html
31C3 #youtube video
https://www.youtube.com/user/mediacccde
https://www.youtube.com/user/mediacccde
病毒木马查杀系列教程
http://www.52pojie.cn/forum.php?mod=forumdisplay&fid=32&filter=digest&digest=1&orderby=dateline
http://www.52pojie.cn/forum.php?mod=forumdisplay&fid=32&filter=digest&digest=1&orderby=dateline
the-backdoor-factory:Patch PE, ELF, Mach-O binaries with shellcode
https://github.com/secretsquirrel/the-backdoor-factory
https://github.com/secretsquirrel/the-backdoor-factory
wifiphisher:Fast automated phishing attacks against WPA networks
https://github.com/sophron/wifiphisher
https://github.com/sophron/wifiphisher
pwntools:CTF framework used by Gallopsled in every CTF
https://github.com/Gallopsled/pwntools?v=2.2
https://github.com/Gallopsled/pwntools?v=2.2
pyspider 爬虫教程(1):HTML 和 CSS 选择器
http://blog.binux.me/2015/01/pyspider-tutorial-level-1-html-and-css-selector/
http://blog.binux.me/2015/01/pyspider-tutorial-level-1-html-and-css-selector/
CTF:华硕RT-AC66U路由器漏洞解题分析
http://bobao.360.cn/learning/detail/195.html
http://bobao.360.cn/learning/detail/195.html
A Deep Dive Analysis of Android System Service Vulnerability
http://researchcenter.paloaltonetworks.com/2015/01/cve-2014-7911-deep-dive-analysis-android-system-service-vulnerability-exploitation/
http://researchcenter.paloaltonetworks.com/2015/01/cve-2014-7911-deep-dive-analysis-android-system-service-vulnerability-exploitation/
Anunak: APT Against Financial Institutions
http://www.fox-it.com/en/files/2014/12/Anunak_APT-against-financial-institutions2.pdf
http://www.fox-it.com/en/files/2014/12/Anunak_APT-against-financial-institutions2.pdf
A new Reverse-Engineering Tool for Android and Java Bytecode
http://sseblog.ec-spride.de/2014/12/codeinspect/
http://sseblog.ec-spride.de/2014/12/codeinspect/
Yosemite中安装 Metasploit Framework
https://gist.github.com/illnino/a5de098e31e820bab4d7
https://gist.github.com/illnino/a5de098e31e820bab4d7
Hacking the Tor Network: Follow Up
http://resources.infosecinstitute.com/hacking-tor-network-follow/
http://resources.infosecinstitute.com/hacking-tor-network-follow/
安卓app漏洞自动化挖掘PPT
http://static.nagain.com/media/AndroidAPP.pdf
http://static.nagain.com/media/AndroidAPP.pdf
Bitcoin over Tor isn’t a good idea
http://arxiv.org/pdf/1410.6079.pdf
http://arxiv.org/pdf/1410.6079.pdf
2014年中国网站安全报告
http://ad6aslbbut.l7.yunpan.cn/lk/cyPuZG3eXNgLt
http://ad6aslbbut.l7.yunpan.cn/lk/cyPuZG3eXNgLt
Useful tools for CTF
http://delimitry.blogspot.com/2014/10/useful-tools-for-ctf.html
http://delimitry.blogspot.com/2014/10/useful-tools-for-ctf.html
Websites Compromised with CloudFrond Injection
http://blog.sucuri.net/2015/01/websites-compromised-with-cloudfrond-injection.html
http://blog.sucuri.net/2015/01/websites-compromised-with-cloudfrond-injection.html
Targeted Attacks against Industrial Control Systems
https://seclab.cs.ucsb.edu/media/uploads/papers/targetedattacksvsicss.pdf
https://seclab.cs.ucsb.edu/media/uploads/papers/targetedattacksvsicss.pdf
针对 Node.js 初学者的入门资源汇总
http://blog.jobbole.com/17174/
http://blog.jobbole.com/17174/
Hack无线门铃
http://parsec.me/808.html
http://parsec.me/808.html
Android APP通用型拒绝服务漏洞分析报告
http://www.weibo.com/p/1001603796016938781326
http://www.weibo.com/p/1001603796016938781326
人类社会行为分析 SSI
http://www.oschina.net/p/ssi
http://www.oschina.net/p/ssi
安全威胁情报体系的建设与应用
http://pan.baidu.com/s/1hqGe3YG
http://pan.baidu.com/s/1hqGe3YG
Beginner's Guide to Linkers
http://www.lurklurk.org/linkers/linkers.html
http://www.lurklurk.org/linkers/linkers.html
Email Address Harvesting for Phishing Attacks
http://www.shortbus.ninja/email-address-harvesting-for-phishing-attacks/
http://www.shortbus.ninja/email-address-harvesting-for-phishing-attacks/
SpamAssassin:Enterprise Open-Source Spam Filter
http://spamassassin.apache.org/
http://spamassassin.apache.org/
MaxMind:IP Geolocation
https://www.maxmind.com/en/home
https://www.maxmind.com/en/home
pyspider:A Powerful Spider(Web Crawler) System in Python
https://github.com/binux/pyspider
https://github.com/binux/pyspider
jeb:The Interactive Android Decompiler
http://down.52pojie.cn/Tools/Android_Tools/
http://down.52pojie.cn/Tools/Android_Tools/
NtApphelpCacheControl漏洞分析
http://blogs.360.cn/blog/ntapphelpcachecontrol_vulnerability_anaysis/
http://blogs.360.cn/blog/ntapphelpcachecontrol_vulnerability_anaysis/
机器学习问题的十个实例
http://blog.jobbole.com/62334/
http://blog.jobbole.com/62334/
Deobfuscating Malicious Macros Using Python
http://blog.spiderlabs.com/2015/01/tips-for-deobfuscating-the-malicious-macros-using-python.html
http://blog.spiderlabs.com/2015/01/tips-for-deobfuscating-the-malicious-macros-using-python.html
从WORD中提取EXE的分析技术
http://blog.sina.com.cn/s/blog_e8e60bc00102velj.html
http://blog.sina.com.cn/s/blog_e8e60bc00102velj.html
PyExcelerate:Accelerated Excel XLSX Writing Library for Python
https://github.com/kz26/PyExcelerate
https://github.com/kz26/PyExcelerate
ASUS Router UDP Broadcast Command Execution
https://github.com/jduck/asus-cmd
https://github.com/jduck/asus-cmd
Per-Context Sanitizer Functions
https://gist.github.com/soaj1664/a19779edc44abc9743c5
https://gist.github.com/soaj1664/a19779edc44abc9743c5
BACKDOORING EXECUTABLES OVER HTTP
http://www.hackinsight.org/news,186.html
http://www.hackinsight.org/news,186.html
PinTools:Pin tools for dynamic binary analysis
https://github.com/JonathanSalwan/PinTools
https://github.com/JonathanSalwan/PinTools
peframe: static analysis on (portable executable) malware
https://github.com/guelfoweb/peframe
https://github.com/guelfoweb/peframe
Splinter: an open source tool for testing web applications
http://splinter.cobrateam.info/en/latest/
http://splinter.cobrateam.info/en/latest/
三星KNOX远程静默安装漏洞深入分析报告
http://www.secpulse.com/archives/3817.html
http://www.secpulse.com/archives/3817.html
发掘和利用ntpd漏洞
http://drops.wooyun.org/papers/4486
http://drops.wooyun.org/papers/4486
babel-sf:Babel Scripting Framework
https://github.com/attackdebris/babel-sf
https://github.com/attackdebris/babel-sf
国外程序员收集整理的 PHP 资源大全
http://blog.jobbole.com/82908/
http://blog.jobbole.com/82908/
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第45期)
