SecWiki周刊（第46期)

SecWiki周刊（第46期）

2015/01/12-2015/01/18

安全资讯

[移动安全] 2015移动安全挑战赛
http://msc.pediy.com/

[运维安全] 2014年互联网十大安全漏洞及思考
http://security.alibaba.com/blog/blog.htm?spm=0.0.0.0.9YDnsM&id=8

[论文] 复杂网络前沿问题研讨会日程
http://blog.sciencenet.cn/blog-3075-859295.html

[Web安全] Anatomy of a privacy leak: Apple OS X search engine in the Spotlight
https://nakedsecurity.sophos.com/2015/01/11/anatomy-of-a-privacy-leak-apple-os-x-search-engine-in-the-spotlight/

[会议] AtlSecCon 2015 Speakers
http://atlseccon.com/speakers/

[Web安全] Facebook Vulnerability Allows to Video-Call Mark Zuckerberg!
http://blog.hackersonlineclub.com/2015/01/facebook-vulnerability-allows-to-video.html

[视频] Blackhat – A Review
https://blog.whitehatsec.com/blackhat-a-review/

[其它] 微软2015年7月结束对Windows Server 2003支持服务
http://www.youxia.org/2015-7-windows-server-2003.html

[恶意分析] 广告件发展现状分析
http://blog.avlyun.com/2015/01/2079/malicious-adware/

[无线安全] Politicians and journalists stung by fake open Wi-Fi protest
http://www.welivesecurity.com/2015/01/16/politicians-journalists-stung-fake-open-wi-fi-security-conference/

[恶意分析] Obama pushes cybercrime law
http://www.politico.com/story/2015/01/obama-cybersecurity-crime-proposal-114211.html

[运维安全] 2014年Linux界发生的好事，坏事和丑事
http://linux.cn/article-4659-1.html

[其它] 2015 ShmooCon Hiring
https://docs.google.com/spreadsheets/d/1TytbnvqekJEF0jxLANe6sNa5fu05dFaHEP7zudlJej0/edit#gid=0

[其它] 2015年国内最具成长力的八家安全企业
http://www.aqniu.com/news/6326.html

[其它] 冷眼观CES 2015：可能被Hacking的产品
http://www.secpulse.com/archives/4220.html

[其它] 西安电子科大成立网络与信息安全学院
http://www.sn.xinhuanet.com/2014-12/31/c_1113840868.htm

[其它] San Francisco Senior Network Security Engineer Job
http://jobs.akamai.com/job/San-Francisco-Senior-Network-Security-Engineer-Job-CA-94101/227544300/

安全技术

[工具] IDA_Pro_v6.6_and_Hex-Rays_Decompiler_(ARM,x64,x.86)
http://www.52pojie.cn/thread-319763-1-1.html

[移动安全] Android Internals: A Confectioner's Cookbook
http://www.newandroidbook.com/

[编程技术] pyspider 爬虫教程（三）：使用 PhantomJS 渲染带 JS 的页面
http://segmentfault.com/blog/binux/1190000002477913

[Web安全] 在线数据包分析实现 - Online Pcap Analyzer
http://le4f.net/post/post/pcap-online-analyzer

[移动安全] 吊丝如何逆袭女神—-Android安全审计与攻击框架—-drozer全功能介绍
http://hj-h.com/565.html

[编程技术] pyspider 爬虫教程（一）：HTML 和 CSS 选择器
http://segmentfault.com/blog/binux/1190000002477863

[数据挖掘] 社工教程心理战
http://pan.baidu.com/share/home?uk=2352211748&view=share#category/type=0

[Web安全] 简单获取CDN背后网站的真实IP
http://zone.wooyun.org/content/18058

[移动安全] Android逆向必备网址
http://hj-h.com/563.html

[编程技术] pyspider 爬虫教程（二）：AJAX 和 HTTP
http://segmentfault.com/blog/binux/1190000002477870

[运维安全] Dionaea蜜罐指南
http://drops.wooyun.org/papers/4584

[Web安全] 论PHP常见的漏洞
http://drops.wooyun.org/papers/4544

[编程技术] EasyPR:中文的开源车牌识别系统
https://github.com/liuruoze/EasyPR

[Web安全] 乌云沙龙：赛棍的自我修养
http://bobao.360.cn/learning/detail/196.html

[Web安全] Sqlmap小技巧
https://sobug.com/article/detail/2

[数据挖掘] 北京10月机器学习班的所有PPT
http://pan.baidu.com/s/1o6r6dWA

[文档] 乌云沙龙第三期内容分享
http://www.weibo.com/p/1001603798621979038395

[漏洞分析] MS15-002 telnet服务缓冲区溢出漏洞分析与POC构造
http://drops.wooyun.org/papers/4621

[Web安全] The Double-Edged sword of HSTS persistence and privacy
http://paper.aliapp.com/md/super-cookie-over-HSTS.txt

[无线安全] ESP8266App:基于ESP8266芯片的WiFi模块固件
https://git.oschina.net/supergis/ESP8266App

[视频] DockerCon EU Breakouts from Day 2
http://blog.docker.com/2015/01/dockercon-eu-breakouts-from-day-2/

[文档] CTFs - Wiki-like CTF write-ups repository
https://github.com/ctfs

[移动安全] 使用渗透测试框架Xposed Framework hook调试Android APP
http://www.freebuf.com/articles/terminal/56453.html

[数据挖掘] Python自然语言处理：相关类库
http://www.mathackers.com/2015/01/nlpy-libraries/

[恶意分析] Powershell script to automatically generate a malicious Excel document
https://github.com/enigma0x3/Generate-Macro/blob/master/Generate-Macro.ps1

[其它] Examining Shellcode in a Debugger through Control of the Instruction Pointer
http://digital-forensics.sans.org/blog/2014/12/30/taking-control-of-the-instruction-pointer?utm_content=buffer1a3ee&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer

[无线安全] proxmark3: RFID penetration testing tool
http://github.com/Proxmark/proxmark3

[取证分析] GRR Rapid Response: remote live forensics for incident response
https://github.com/google/grr

[Web安全] 2014 Top Security Tools
http://www.toolswatch.org/2015/01/2014-top-security-tools-as-voted-by-toolswatch-org-readers/

[数据挖掘] Python自然语言处理:语料库
http://www.mathackers.com/2015/01/nlpy-corpora/

[移动安全] Analyzing the WeakSauce Exploit
http://www.newandroidbook.com/Articles/HTC.html

[视频] 软件加密解密第三版视频教程
http://pan.baidu.com/s/1hqsYXMW%20

[运维安全] 返璞归真—流量中提取文件的五种方法
http://blog.sina.com.cn/s/blog_e8e60bc00102vfd9.html

[恶意分析] Javascript恶意脚本Scanbox源码分析与演示
http://www.freebuf.com/tools/56092.html

[移动安全] OSXCollector: Forensic Collection and Automated Analysis for OS X
http://engineeringblog.yelp.com/2015/01/osxcollector-forensic-collection-and-automated-analysis-for-os-x.html

[恶意分析] Security Onion: New securityonion-samples packages
http://blog.securityonion.net/2015/01/new-securityonion-samples-packages.html

[取证分析] pcapng:Convert PcapNG to PCAP
http://pcapng.com/

[设备安全] 华硕路由器9999端口远程命令执行研究报告 V1
http://blog.knownsec.com/2015/01/%e5%8d%8e%e7%a1%95%e8%b7%af%e7%94%b1%e5%99%a89999%e7%ab%af%e5%8f%a3%e8%bf%9c%e7%a8%8b%e5%91%bd%e4%bb%a4%e6%89%a7%e8%a1%8c%e7%a0%94%e7%a9%b6%e6%8a%a5%e5%91%8a-v1/

[Web安全] Post-Exploitation Using Veil-Pillage
http://resources.infosecinstitute.com/post-exploitation-using-veil-pillage/

[漏洞分析] Python_Pin:Python bindings for pin
https://github.com/blankwall/Python_Pin

[运维安全] Arp欺骗原理及Android环境下的检测方法
http://www.freebuf.com/articles/terminal/55987.html

[移动安全] USBdriveby: Weaponized USB Backdoor
http://samy.pl/usbdriveby

[工具] sql++: cross-database command line SQL client
https://github.com/samyk/sqlpp/

[恶意分析] Exploit Pack - The next Exploit Framework
http://exploitpack.com/

[Web安全] DiscuzX系列命令执行分析公开
http://drops.wooyun.org/papers/4611

[恶意分析] MMD-0030-2015 New ELF malware on Shellshock: the ChinaZ
http://blog.malwaremustdie.org/2015/01/mmd-0030-2015-new-elf-malware-on.html

[设备安全] DCS、SCADA安全漏洞分析
http://www.youxia.org/dcs-scada-huangmin.html

[移动安全] Analyzing text protocols with a TCP proxy
http://www.leaseweblabs.com/2015/01/tcp-proxy-analyzing-text-protocols/

[恶意分析] Diving into a Silverlight Exploit and Shellcode - Analysis and Techniques
http://www.checkpoint.com/downloads/partners/TCC-Silverlight-Jan2015.pdf

[Web安全] 从零开始学CSRF
http://www.freebuf.com/articles/web/55965.html

[设备安全] Open-Source USB Exploitation Library - Teensyduino
http://malware.cat/?p=89

[漏洞分析] BARF : open source Binary Analysis and Reverse Framework
https://github.com/programa-stic/barf-project

[编程技术] A Simple Performance Comparison of HTTPS, SPDY and HTTP/2
http://blog.httpwatch.com/2015/01/16/a-simple-performance-comparison-of-https-spdy-and-http2/

[Web安全] Cracking a Captcha . Nullcon| EMC2 CTF 2015
http://garage4hackers.com/entry.php?b=3103

[Web安全] CTF Writeup Summary
http://sec.yka.me/

[编程技术] ConEmu:Windows console with tabs
http://sourceforge.net/projects/conemu/

[恶意分析] Skeleton Key Malware Analysis
http://www.secureworks.com/cyber-threat-intelligence/threats/skeleton-key-malware-analysis/

[恶意分析] Kippo蜜罐指南
http://drops.wooyun.org/papers/4578

[运维安全] Docker Secure Deployment Guidelines
http://blog.gdssecurity.com/labs/2015/1/12/docker-secure-deployment-guidelines.html

[Web安全] SQL Injection via DNS
http://drops.wooyun.org/tips/4605

[其它] Powershell Popups + Capture
http://www.room362.com/blog/2015/01/12/powershell-popups-plus-capture/

[漏洞分析] Windows Exploitation in 2014
http://www.welivesecurity.com/wp-content/uploads/2015/01/Windows-Exploitation-in-2014.pdf

[Web安全] PHP tainted analysis extension
https://github.com/laruence/php-taint

[杂志] 《安全参考》HACKCTO-201501-25
http://pan.baidu.com/s/1pJiG4sj

-----微信ID：SecWiki-----
SecWiki，12年来一直专注安全技术资讯分析！
SecWiki：https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第46期)

SecWiki周刊（第46期）

最新公告

友情链接

SecWiki公众号

安全学术圈