SecWiki周刊(第46期)
2015/01/12-2015/01/18
安全资讯
[移动安全]  2015移动安全挑战赛
http://msc.pediy.com/
[运维安全]  2014年互联网十大安全漏洞及思考
http://security.alibaba.com/blog/blog.htm?spm=0.0.0.0.9YDnsM&id=8
[论文]  复杂网络前沿问题研讨会日程
http://blog.sciencenet.cn/blog-3075-859295.html
[Web安全]  Anatomy of a privacy leak: Apple OS X search engine in the Spotlight
https://nakedsecurity.sophos.com/2015/01/11/anatomy-of-a-privacy-leak-apple-os-x-search-engine-in-the-spotlight/
[会议]  AtlSecCon 2015 Speakers
http://atlseccon.com/speakers/
[Web安全]  Facebook Vulnerability Allows to Video-Call Mark Zuckerberg!
http://blog.hackersonlineclub.com/2015/01/facebook-vulnerability-allows-to-video.html
[视频]  Blackhat – A Review
https://blog.whitehatsec.com/blackhat-a-review/
[恶意分析]  广告件发展现状分析
http://blog.avlyun.com/2015/01/2079/malicious-adware/
[其它]  微软2015年7月结束对Windows Server 2003支持服务
http://www.youxia.org/2015-7-windows-server-2003.html
[无线安全]  Politicians and journalists stung by fake open Wi-Fi protest
http://www.welivesecurity.com/2015/01/16/politicians-journalists-stung-fake-open-wi-fi-security-conference/
[运维安全]  2014年Linux界发生的好事,坏事和丑事
http://linux.cn/article-4659-1.html
[其它]  2015年国内最具成长力的八家安全企业
http://www.aqniu.com/news/6326.html
[其它]  冷眼观CES 2015:可能被Hacking的产品
http://www.secpulse.com/archives/4220.html
[其它]  西安电子科大成立网络与信息安全学院
http://www.sn.xinhuanet.com/2014-12/31/c_1113840868.htm
安全技术
[工具]  IDA_Pro_v6.6_and_Hex-Rays_Decompiler_(ARM,x64,x.86)
http://www.52pojie.cn/thread-319763-1-1.html
[移动安全]  Android Internals: A Confectioner's Cookbook
http://www.newandroidbook.com/
[编程技术]  pyspider 爬虫教程(三):使用 PhantomJS 渲染带 JS 的页面
http://segmentfault.com/blog/binux/1190000002477913
[Web安全]  在线数据包分析实现 - Online Pcap Analyzer
http://le4f.net/post/post/pcap-online-analyzer
[移动安全]  吊丝如何逆袭女神—-Android安全审计与攻击框架—-drozer全功能介绍
http://hj-h.com/565.html
[编程技术]  pyspider 爬虫教程(一):HTML 和 CSS 选择器
http://segmentfault.com/blog/binux/1190000002477863
[Web安全]  简单获取CDN背后网站的真实IP
http://zone.wooyun.org/content/18058
[移动安全]  Android逆向必备网址
http://hj-h.com/563.html
[运维安全]  Dionaea蜜罐指南
http://drops.wooyun.org/papers/4584
[Web安全]  论PHP常见的漏洞
http://drops.wooyun.org/papers/4544
[编程技术]  pyspider 爬虫教程(二):AJAX 和 HTTP
http://segmentfault.com/blog/binux/1190000002477870
[编程技术]  EasyPR:中文的开源车牌识别系统
https://github.com/liuruoze/EasyPR
[Web安全]  乌云沙龙:赛棍的自我修养
http://bobao.360.cn/learning/detail/196.html
[Web安全]  Sqlmap小技巧
https://sobug.com/article/detail/2
[数据挖掘]  北京10月机器学习班的所有PPT
http://pan.baidu.com/s/1o6r6dWA
[文档]  乌云沙龙第三期内容分享
http://www.weibo.com/p/1001603798621979038395
[Web安全]  The Double-Edged sword of HSTS persistence and privacy
http://paper.aliapp.com/md/super-cookie-over-HSTS.txt
[漏洞分析]  MS15-002 telnet服务缓冲区溢出漏洞分析与POC构造
http://drops.wooyun.org/papers/4621
[无线安全]  ESP8266App:基于ESP8266芯片的WiFi模块固件
https://git.oschina.net/supergis/ESP8266App
[视频]  DockerCon EU Breakouts from Day 2
http://blog.docker.com/2015/01/dockercon-eu-breakouts-from-day-2/
[文档]  CTFs - Wiki-like CTF write-ups repository
https://github.com/ctfs
[恶意分析]  Powershell script to automatically generate a malicious Excel document
https://github.com/enigma0x3/Generate-Macro/blob/master/Generate-Macro.ps1
[移动安全]  使用渗透测试框架Xposed Framework hook调试Android APP
http://www.freebuf.com/articles/terminal/56453.html
[数据挖掘]  Python自然语言处理:相关类库
http://www.mathackers.com/2015/01/nlpy-libraries/
[取证分析]  GRR Rapid Response: remote live forensics for incident response
https://github.com/google/grr
[无线安全]  proxmark3: RFID penetration testing tool
http://github.com/Proxmark/proxmark3
[数据挖掘]  Python自然语言处理:语料库
http://www.mathackers.com/2015/01/nlpy-corpora/
[视频]   软件加密解密第三版视频教程
http://pan.baidu.com/s/1hqsYXMW%20
[移动安全]  Analyzing the WeakSauce Exploit
http://www.newandroidbook.com/Articles/HTC.html
[运维安全]  返璞归真—流量中提取文件的五种方法
http://blog.sina.com.cn/s/blog_e8e60bc00102vfd9.html
[恶意分析]  Javascript恶意脚本Scanbox源码分析与演示
http://www.freebuf.com/tools/56092.html
[恶意分析]  Security Onion: New securityonion-samples packages
http://blog.securityonion.net/2015/01/new-securityonion-samples-packages.html
[移动安全]  OSXCollector: Forensic Collection and Automated Analysis for OS X
http://engineeringblog.yelp.com/2015/01/osxcollector-forensic-collection-and-automated-analysis-for-os-x.html
[漏洞分析]  Python_Pin:Python bindings for pin
https://github.com/blankwall/Python_Pin
[取证分析]  pcapng:Convert PcapNG to PCAP
http://pcapng.com/
[Web安全]  Post-Exploitation Using Veil-Pillage
http://resources.infosecinstitute.com/post-exploitation-using-veil-pillage/
[运维安全]  Arp欺骗原理及Android环境下的检测方法
http://www.freebuf.com/articles/terminal/55987.html
[移动安全]  USBdriveby: Weaponized USB Backdoor
http://samy.pl/usbdriveby
[恶意分析]  MMD-0030-2015 New ELF malware on Shellshock: the ChinaZ
http://blog.malwaremustdie.org/2015/01/mmd-0030-2015-new-elf-malware-on.html
[恶意分析]  Exploit Pack - The next Exploit Framework
http://exploitpack.com/
[工具]  sql++: cross-database command line SQL client
https://github.com/samyk/sqlpp/
[Web安全]  DiscuzX系列命令执行分析公开
http://drops.wooyun.org/papers/4611
[设备安全]  DCS、SCADA安全漏洞分析
http://www.youxia.org/dcs-scada-huangmin.html
[移动安全]  Analyzing text protocols with a TCP proxy
http://www.leaseweblabs.com/2015/01/tcp-proxy-analyzing-text-protocols/
[恶意分析]  Diving into a Silverlight Exploit and Shellcode - Analysis and Techniques
http://www.checkpoint.com/downloads/partners/TCC-Silverlight-Jan2015.pdf
[Web安全]  从零开始学CSRF
http://www.freebuf.com/articles/web/55965.html
[设备安全]  Open-Source USB Exploitation Library - Teensyduino
http://malware.cat/?p=89
[漏洞分析]  BARF : open source Binary Analysis and Reverse Framework
https://github.com/programa-stic/barf-project
[Web安全]  Cracking a Captcha . Nullcon| EMC2 CTF 2015
http://garage4hackers.com/entry.php?b=3103
[编程技术]  A Simple Performance Comparison of HTTPS, SPDY and HTTP/2
http://blog.httpwatch.com/2015/01/16/a-simple-performance-comparison-of-https-spdy-and-http2/
[Web安全]  CTF Writeup Summary
http://sec.yka.me/
[编程技术]  ConEmu:Windows console with tabs
http://sourceforge.net/projects/conemu/
[恶意分析]  Kippo蜜罐指南
http://drops.wooyun.org/papers/4578
[Web安全]  SQL Injection via DNS
http://drops.wooyun.org/tips/4605
[Web安全]   PHP tainted analysis extension
https://github.com/laruence/php-taint
[杂志]  《安全参考》HACKCTO-201501-25
http://pan.baidu.com/s/1pJiG4sj
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第46期)