SecWiki周刊(第48期)
2015/01/26-2015/02/01
安全资讯
[运维安全]  GitHub给安全行业的四大启示
http://www.aqniu.com/neotech/secured-development/6445.html
[漏洞分析]  GHOST glibc Linux Remote Code Execution Vulnerability
http://threatpost.com/ghost-glibc-remote-code-execution-vulnerability-affects-all-linux-systems/110679
[会议]  nullcon Goa 2015 conference speakers
http://nullcon.net/website/goa-15/about-speakers.php#night-talks
[会议]  2015年2月3日[sec-un]北京沙龙
http://www.sec-un.org/february-3-2015-beijing-salon-notice.html
安全技术
[Web安全]  中国姓名排行TOP500(来自人口数据库)
http://zone.wooyun.org/content/18372
[设备安全]  Full Disclosure: OpenSSH =6.6 SFTP misconfiguration exploit for 64bit Linux
http://seclists.org/fulldisclosure/2014/Oct/35?spm=5176.7189909.0.0.0lYRbk
[其它]  Top 5 Websites To Learn How To Hack Like A Pro
http://www.makeuseof.com/tag/top-5-websites-to-learn-how-to-hack-like-a-pro/
[移动安全]  菜鸟之2015MSC解题思路(前三题)
http://bbs.pediy.com/showthread.php?t=197330
[漏洞分析]  Triggering Deep Vulnerabilities Using Symbolic Execution [30c3]
https://www.youtube.com/watch?v=Febh70kldP0
[工具]   VulnHub Resources
https://www.vulnhub.com/resources/
[漏洞分析]  exploiting tutorials from fuzzysecurity
http://www.fuzzysecurity.com/tutorials.html
[其它]  Getting back determinism in the Low Fragmentation Heap
http://blog.lse.epita.fr/cat/security/index.html
[运维安全]  Linux下如何过滤、分割以及合并 pcap 文件
http://linux.cn/article-4762-weibo.html
[恶意分析]  Static analysis of an unknown compression format
http://blog.lse.epita.fr/articles/8-static-analysis-of-an-unknown-compression-format.html
[恶意分析]  A Different Exploit Angle on Adobe's Recent Zero-Day
https://www.fireeye.com/blog/threat-research/2015/01/a_different_exploit.html
[杂志]  黑客防线2014年第12期杂志
http://www.hacker.com.cn/show-7-2742-1.html
[编程技术]  Synergy Binaries Download Mirror
http://synergykm.com/synergy-binaries-mirror/
[移动安全]  Android APP安全测试之使用调试器
http://www.secpulse.com/archives/4370.html
[无线安全]  GNU Radio – CC1111 packets encoder/decoder blocks
https://funoverip.net/2014/07/gnu-radio-cc1111-packets-encoderdecoder-blocks/
[恶意分析]  “暗云”BootKit木马详细技术分析
http://www.freebuf.com/vuls/57868.html
[无线安全]  Reverse Engineer a Verisure Wireless Alarm part 1 – Radio Communications
https://funoverip.net/2014/11/reverse-engineer-a-verisure-wireless-alarm-part-1-radio-communications/
[取证分析]  Recover Lost Data from iPhone 5s/5C/5/4S/4
https://archive.org/details/iPhone-data-recovery-tenorshare
[运维安全]  BadSamba – Exploiting Windows Startup Scripts Using a Malicious SMB Server
http://www.tuicool.com/articles/yMjM7jy
[运维安全]  metrilyx-2.0:Visualization and analytics interface for OpenTSDB
https://github.com/Ticketmaster/Metrilyx-2.0
[工具]  Shellcodeexec - essentially a payload stager.
https://github.com/inquisb/shellcodeexec
[Web安全]  webrtc-ips:STUN IP Address requests for WebRTC
https://github.com/diafygi/webrtc-ips
[编程技术]  paperwork:OpenSource note-taking & archiving
https://github.com/twostairs/paperwork
[漏洞分析]  A heap analysis tool for Immunity Debugger.
https://github.com/net-ninja/heaper
[Web安全]  PHP disable_function Bypass的一种姿势
http://bobao.360.cn/learning/detail/225.html
[移动安全]  Android APP安全测试入门
http://www.secpulse.com/archives/4325.html
[工具]  Sh@d0w v1.0 - Cloak your presence in the network
http://www.fuzzysecurity.com/scripts/1.html
[恶意分析]  Discovering and remediating an active but disused botnet
http://colin.keigher.ca/2015/01/discovering-and-remediating-active-but.html
[编程技术]  Implementing generic double-word compare and swap for x86/x86-64
http://blog.lse.epita.fr/cat/tutorials/index.html
[编程技术]  Bin v1.0 - Write shellcode to a binary file
http://www.fuzzysecurity.com/scripts/4.html
[运维安全]  Docker安全部署的17条建议
http://dockerone.com/article/150
[Web安全]  ipcalf:Gives back your public IP address
https://github.com/natevw/ipcalf/
[漏洞分析]  infiltrate12-the stack is back
https://jon.oberheide.org/files/infiltrate12-thestackisback.pdf
[漏洞分析]  安全漏洞本质扯谈之漏洞“串串烧”之整型溢出
http://www.weibo.com/p/1001643803191148956529
[取证分析]  rekall:Rekall Memory Forensic Framework
https://github.com/google/rekall
[无线安全]  Reverse Engineer a Verisure Wireless Alarm part 2 – Firmwares and crypto keys
https://funoverip.net/2014/12/reverse-engineer-a-verisure-wireless-alarm-part-2-firmwares-and-crypto-keys/
[工具]  IKAT - Binaries That Bypass Group Policy
http://ha.cked.net/Windows/index.html
[Web安全]  Cartero:Mailing Phishing Framework
http://section9labs.github.io/Cartero/
[取证分析]  Autopsy:数字取证平台
http://www.sleuthkit.org/autopsy/
[设备安全]  Telematics电子汽车安全风险分析
http://bobao.360.cn/learning/detail/153.html
[漏洞分析]  malwaRE:malware repository framework
https://github.com/c633/malwaRE
[Web安全]  Nscan: Fast internet-wide scanner
https://github.com/OffensivePython/Nscan
[Web安全]  linux symbolic link attack tutorial
http://drops.wooyun.org/papers/4762
[Web安全]  The Web Platform: Browser technologies
https://platform.html5.org/
[漏洞分析]  Windows10安全增强:Build 9926引入的两个字体安全特性
http://blogs.360.cn/blog/windows10_font_security_mitigations/
安全专题
Symbolic Execution Source Tools
https://www.sec-wiki.com/topic/57
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第48期)