SecWiki周刊(第49期)
2015/02/02-2015/02/08
安全资讯
[运维安全]  一种新型的DDoS:“胡乱域名”攻击
http://www.aqniu.com/threat-alert/6568.html
[恶意分析]  初创公司通过CPU拦截恶意软件
http://www.aqniu.com/neotech/6497.html
[其它]  奥巴马要求140亿美元建立网络空间安全
http://www.aqniu.com/news/6529.html
[Web安全]  2月3日sec-un安全技术沙龙技术观点速记
http://www.sec-un.org/february-3-sec-un-security-technology-salon-technical-shorthand.html
[会议]  SyScan'15 Singapore program
https://www.syscan.org/index.php/sg/program
安全技术
[Web安全]  TangScan:唐朝Web漏洞扫描器框架
https://github.com/WooYun/TangScan
[漏洞分析]  Microsoft Windows Server 2003 SP2(CVE-2014-4076)本地提权(含exp)
http://www.cnxhacker.com/2015/02/02/6966.html
[移动安全]  Android Banking Trojan and SMS stealer floating in the wild
http://research.zscaler.com/2015/02/android-banking-trojan-and-sms-stealer.html
[数据挖掘]  谷歌全球ip地址库,妈妈再也不用担心我上不去谷歌啦~
http://www.cnxhacker.com/2014/06/11/424.html
[无线安全]  通过javascript破解TP-Link路由器(含Poc和视频)
http://www.cnxhacker.com/2015/02/05/7084.html
[Web安全]  leakScan:在线漏洞扫描
https://github.com/Skycrab/leakScan
[Web安全]  wydomain:目标系统信息收集组件
https://github.com/ring04h/wydomain
[取证分析]  文件系统取证分析(第11章:NTFS概念)
http://www.cnblogs.com/skogkatt/p/4246783.html
[设备安全]  对欧姆龙设备的一次全球统计报告
http://plcscan.org/blog/2015/02/omron-fins-protocol-global-census-report/
[工具]  iptraf: A TCP/UDP Network Monitoring Utility | Unixmen
http://www.unixmen.com/iptraf-tcpudp-network-monitoring-utility/
[漏洞分析]  逆向分析 360 for linux 版本
http://v2ex.com/t/168194#reply0
[恶意分析]  Angler Exploit Kit – New Variants
http://blogs.cisco.com/security/talos/angler-variants
[取证分析]  电子取证实例:基于文件系统的磁盘数据取证分析
http://www.freebuf.com/articles/system/57804.html
[工具]  Python scripts for reverse engineering.
https://github.com/tandasat/scripts_for_RE
[运维安全]  Akamai互联网安全情报:2014年第四季度DDoS报告
http://www.aqniu.com/security-reports/6509.html
[Web安全]  wyportmap:目标端口扫描+系统服务指纹识别
https://github.com/ring04h/wyportmap
[运维安全]  Awk 20 分钟入门介绍
http://blog.jobbole.com/83844/
[运维安全]  How To Keep A Process Running After Putty Or SSH Session Closed
http://www.unixmen.com/linux-troubleshooting-keep-process-running-putty-ssh-session-closed/
[编程技术]  libfacedetection:人脸检测库
https://github.com/ShiqiYu/libfacedetection
[恶意分析]  RansomWeb:一种新兴的web安全威胁
http://drops.wooyun.org/papers/4834
[Web安全]  Account Hunting for Invoke-TokenManipulation
https://www.trustedsec.com/january-2015/account-hunting-invoke-tokenmanipulation/
[Web安全]  理解php对象注入
http://drops.wooyun.org/papers/4820
[取证分析]  Dshell:a network forensic analysis framework.
https://github.com/USArmyResearchLab/Dshell
[恶意分析]  PortEx:a Java library for static malware analysis of portable executable file
http://katjahahn.github.io/PortEx/
[漏洞分析]  Exploiting “BadIRET” (CVE-2014-9322, Linux kernel privilege escalation)
http://labs.bromium.com/2015/02/02/exploiting-badiret-vulnerability-cve-2014-9322-linux-kernel-privilege-escalation/
[漏洞分析]  CPU backdoors
http://danluu.com/cpu-backdoors/
[编程技术]  从源码编译Chrome(chromium)
http://wendal.net/2015/02/04.html
[Web安全]  Analysis on Internet Explorer's UXSS
http://innerht.ml/blog/ie-uxss.html
[工具]  ToolsWatch Newsletter January 2015
http://www.toolswatch.org/2015/02/toolswatch-newsletter-january-2015/
[Web安全]  Comparing DOM based XSS Identification Tools on Rea Vulnerability
http://blog.mindedsecurity.com/2015/02/comparing-dom-based-xss-identification.html
[漏洞分析]  VolatilityBot – An automated malicious code dumper
http://fightingmalware.com/blog/?p=221
[杂志]  黑客防线2015年第1期杂志
http://www.hacker.com.cn/show-7-2743-1.html
[恶意分析]  An In-depth analysis of the Fiesta Exploit Kit: An infection in 2015
http://blog.0x3a.com/post/110052845124/an-in-depth-analysis-of-the-fiesta-exploit-kit-an
[漏洞分析]  2014 Static Analysis Benchmarks
http://blog.regehr.org/archives/1217
[编程技术]  Python中的高级数据结构
http://python.jobbole.com/65218/
[漏洞分析]   Symbolic execution in vuln research
http://lcamtuf.blogspot.com/2015/02/symbolic-execution-in-vuln-research.html
[Web安全]  CMSmap:a python open source CMS scanner
https://github.com/dionach/CMSmap
[漏洞分析]  A New Zero-Day of Adobe Flash CVE-2015-0313 Exploited in the Wild
http://blog.spiderlabs.com/2015/02/a-new-zero-day-of-adobe-flash-cve-2015-0313-exploited-in-the-wild.html
[数据挖掘]  实例详解机器学习如何解决问题
http://tech.meituan.com/mt-mlinaction-how-to-ml.html
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第49期)