SecWiki周刊(第45期)
2015/01/05-2015/01/11
安全资讯
[论文]  SRG:Security Research Group For Student
http://srg.gitcafe.io/
[设备安全]  扒一扒那些“开后门”的路由器厂商
http://www.freebuf.com/news/special/55444.html
[移动安全]  World’s first (known) bootkit for OS X can permanently backdoor Macs
http://arstechnica.com/security/2015/01/worlds-first-known-bootkit-for-os-x-can-permanently-backdoor-macs/
[其它]  SecWiki如何快捷提交资讯
http://www.sec-wiki.com/about/submit
[运维安全]  Top 10 Web Hacking Techniques of 2014
http://blog.whitehatsec.com/top-10-web-hacking-techniques-of-2014/
[恶意分析]  情境感知(Context-Aware-Security)的几点理解
http://www.sec-un.org/context-aware-context-aware-security-several-points-of-understanding.html
[数据挖掘]  深入大数据安全分析:为什么需要大数据安全分析
http://yepeng.blog.51cto.com/3101105/1599937
[Web安全]  关于信息安全短板的思考
http://www.sec-un.org/thoughts-on-information-security-weaknesses.html
[恶意分析]  Who’s Attacking Whom? Realtime Attack Trackers
http://krebsonsecurity.com/2015/01/whos-attacking-whom-realtime-attack-trackers/
[会议]  REcon:2015 computer security conference
http://recon.cx/2015/index.html
[恶意分析]  AOL Advertising Network Abused to Distribute Malware
http://thehackernews.com/2015/01/aol-advertising-network-abused-to_6.html
[会议]  ShmooCon 2015 Schedule
http://www.shmoocon.org/schedule
[恶意分析]  Linux恶意软件简史
http://select.yeeyan.org/view/102595/439271
[漏洞分析]  VulReport in TW
https://vulreport.net/
[恶意分析]  Cyber-Terrorism: Complexity and Strategy
http://resources.infosecinstitute.com/cyber-terrorism-complexity-strategy/
[恶意分析]  DOD Fights Researcher Over Access to Report on Israel's Nuclear Needs
http://www.courthousenews.com/2014/12/31/dod-fights-researcher-over-access-to-report-on-israels-nuclear-needs.htm
[视频]  Video: Hackers: the Internet's immune system
http://www.ted.com/talks/keren_elazari_hackers_the_internet_s_immune_system?
[恶意分析]  美国能源部的安全威胁情报应用案例 Flexible Transform
http://www.sec-un.org/united-states-energy-security-threat-intelligence-application-flexible-transform.html
[会议]  ICCS 2015:International Conference on Cyber Security
http://iccs.fordham.edu/program/iccs2015/
安全技术
[Web安全]  Metasploit系列教程(第一季)
http://www.freebuf.com/articles/web/35930.html
[Web安全]  website backdoors leverage the pastebin service
http://blog.sucuri.net/2015/01/website-backdoors-leverage-the-pastebin-service.html
[移动安全]  深度:针对超强手机木马DenDroid的分析与测试
http://www.freebuf.com/tools/55392.html
[移动安全]  “暗隐间谍”--利用NDK NativeActivity技术实现Android加固
http://blog.csdn.net/androidsecurity/article/details/42142575
[移动安全]  Dalvik 指令集汇编
http://hj-h.com/558.html
[Web安全]  Kali Linux 视频教程
http://www.cnblogs.com/xuanhun/tag/Kali%20Linux/
[文档]  30 Best Sources For Linux / *BSD / Unix Documentation On the Web
http://www.cyberciti.biz/tips/linux-unix-bsd-documentations.html
[数据挖掘]  Spy vs. Spy: Rumor Source Obfuscation
http://arxiv.org/pdf/1412.8439.pdf
[文档]  Hacker学习发展流程图 V1.0
http://a1pass.blog.163.com/blog/static/29713732201505105831199
[漏洞分析]  Augmenting Binary Analysis with Python and Pin on Vimeo
http://vimeo.com/album/3063779/video/114700985
[视频]  2014 Video archives of security conferences and workshops
http://contagiodump.blogspot.com/2015/01/video-archives-of-security-conferences.html
[Web安全]  bypass防火墙绕过技巧总结
http://lcx.cc/?i=4474
[视频]  Yeslab现任明教教主TCP/IP 2011完整版
http://www.tudou.com/plcover/_ZtUcoNtguw/
[Web安全]  31C3 CTF web关writeup
http://drops.wooyun.org/papers/4525
[设备安全]  Embedded devices hacking --IPCAM hacking
http://hackdog.me/dog/index.php/2014/11/17/3.html
[视频]  31C3 #youtube video
https://www.youtube.com/user/mediacccde
[Web安全]  pwntools:CTF framework used by Gallopsled in every CTF
https://github.com/Gallopsled/pwntools?v=2.2
[无线安全]  the-backdoor-factory:Patch PE, ELF, Mach-O binaries with shellcode
https://github.com/secretsquirrel/the-backdoor-factory
[无线安全]  wifiphisher:Fast automated phishing attacks against WPA networks
https://github.com/sophron/wifiphisher
[编程技术]  pyspider 爬虫教程(1):HTML 和 CSS 选择器
http://blog.binux.me/2015/01/pyspider-tutorial-level-1-html-and-css-selector/
[设备安全]  CTF:华硕RT-AC66U路由器漏洞解题分析
http://bobao.360.cn/learning/detail/195.html
[运维安全]  日志审计系统解决方案
http://www.youxia.org/rizhi-shenji-xitong.html
[恶意分析]  Anunak: APT Against Financial Institutions
http://www.fox-it.com/en/files/2014/12/Anunak_APT-against-financial-institutions2.pdf
[移动安全]  A new Reverse-Engineering Tool for Android and Java Bytecode
http://sseblog.ec-spride.de/2014/12/codeinspect/
[Web安全]  Yosemite中安装 Metasploit Framework
https://gist.github.com/illnino/a5de098e31e820bab4d7
[恶意分析]  Hacking the Tor Network: Follow Up
http://resources.infosecinstitute.com/hacking-tor-network-follow/
[移动安全]  安卓app漏洞自动化挖掘PPT
http://static.nagain.com/media/AndroidAPP.pdf
[运维安全]  Bitcoin over Tor isn’t a good idea
http://arxiv.org/pdf/1410.6079.pdf
[Web安全]  2014年中国网站安全报告
http://ad6aslbbut.l7.yunpan.cn/lk/cyPuZG3eXNgLt
[Web安全]  Websites Compromised with CloudFrond Injection
http://blog.sucuri.net/2015/01/websites-compromised-with-cloudfrond-injection.html
[Web安全]  初探验证码识别
http://drops.wooyun.org/tips/4550
[编程技术]  针对 Node.js 初学者的入门资源汇总
http://blog.jobbole.com/17174/
[设备安全]  Targeted Attacks against Industrial Control Systems
https://seclab.cs.ucsb.edu/media/uploads/papers/targetedattacksvsicss.pdf
[无线安全]  Hack无线门铃
http://parsec.me/808.html
[移动安全]  Android APP通用型拒绝服务漏洞分析报告
http://www.weibo.com/p/1001603796016938781326
[数据挖掘]  人类社会行为分析 SSI
http://www.oschina.net/p/ssi
[运维安全]  安全威胁情报体系的建设与应用
http://pan.baidu.com/s/1hqGe3YG
[编程技术]  Beginner's Guide to Linkers
http://www.lurklurk.org/linkers/linkers.html
[编程技术]  漫谈搜素引擎的排序模型
http://blog.csdn.net/yangbutao/article/details/42501371
[Web安全]  Email Address Harvesting for Phishing Attacks
http://www.shortbus.ninja/email-address-harvesting-for-phishing-attacks/
[恶意分析]  SpamAssassin:Enterprise Open-Source Spam Filter
http://spamassassin.apache.org/
[编程技术]  MaxMind:IP Geolocation
https://www.maxmind.com/en/home
[编程技术]  pyspider:A Powerful Spider(Web Crawler) System in Python
https://github.com/binux/pyspider
[运维安全]  4A安全性分析
http://drops.wooyun.org/tips/4484
[移动安全]  jeb:The Interactive Android Decompiler
http://down.52pojie.cn/Tools/Android_Tools/
[漏洞分析]  NtApphelpCacheControl漏洞分析
http://blogs.360.cn/blog/ntapphelpcachecontrol_vulnerability_anaysis/
[数据挖掘]  机器学习问题的十个实例
http://blog.jobbole.com/62334/
[恶意分析]  从WORD中提取EXE的分析技术
http://blog.sina.com.cn/s/blog_e8e60bc00102velj.html
[移动安全]  2014移动安全年度漏洞报告
http://jaq.alibaba.com/blog/blog.htm?spm=0.0.0.0.LHNAaE&id=3
[编程技术]  PyExcelerate:Accelerated Excel XLSX Writing Library for Python
https://github.com/kz26/PyExcelerate
[漏洞分析]  ASUS Router UDP Broadcast Command Execution
https://github.com/jduck/asus-cmd
[Web安全]  Per-Context Sanitizer Functions
https://gist.github.com/soaj1664/a19779edc44abc9743c5
[无线安全]  BACKDOORING EXECUTABLES OVER HTTP
http://www.hackinsight.org/news,186.html
[漏洞分析]  PinTools:Pin tools for dynamic binary analysis
https://github.com/JonathanSalwan/PinTools
[恶意分析]  peframe: static analysis on (portable executable) malware
https://github.com/guelfoweb/peframe
[编程技术]  Splinter: an open source tool for testing web applications
http://splinter.cobrateam.info/en/latest/
[移动安全]  三星KNOX远程静默安装漏洞深入分析报告
http://www.secpulse.com/archives/3817.html
[漏洞分析]  发掘和利用ntpd漏洞
http://drops.wooyun.org/papers/4486
[Web安全]  babel-sf:Babel Scripting Framework
https://github.com/attackdebris/babel-sf
[编程技术]  国外程序员收集整理的 PHP 资源大全
http://blog.jobbole.com/82908/
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第45期)