SecWiki周刊(第6期)
2014/04/07-2014/04/13
安全技术
[Web安全]  MS14-010 CVE-2014-0293 IE UXSS
http://www.securityfocus.com/archive/1/531600
[移动安全]  XDS: Cross-Device Scripting Attacks on Smartphones through HTML5-based Apps
http://www.cis.syr.edu/~wedu/attack/
[漏洞分析]  ssltest4multi.py
http://pan.baidu.com/s/1c0vghfM
[移动安全]  某视频客户端逆向实践
http://esoftmobile.com/2014/04/06/video-app-reverse/
[漏洞分析]  "Hack Away at the Unessential" with ExpLib2 in Metasploit
https://securitystreet.jive-mobile.com/#jive-document?content=%2Fapi%2Fcore%2Fv2%2Fposts%2F6597
[Web安全]  某互联网公司安全测试面试题
http://weibo.com/p/1001603696479058425112
[运维安全]  Log4Grid:分布式应用日志管理
https://github.com/IKende/Log4Grid
[Web安全]  Obfuscalp:suspicious/malicious code planted inside PHP
https://github.com/Orbixx/Obfuscalp
[Web安全]  Kioptrix: vulnerable machine for beginner
http://vulnhub.com/
[编程技术]  jQuery 内容滑块 jQuery lightSlider
https://github.com/sachinchoolur/lightslider
[Web安全]  PyHTTPShell:Python HTTP Shell
http://exploit.co.il/hacking/python-http-shell/
[其它]  WhiteHat Security Observations and Advice about the Heartbleed OpenSSL Exploit
https://blog.whitehatsec.com/whitehat-security-observations-and-advice-about-the-heartbleed-openssl-exploit/
[Web安全]  Webshell 远程提权
http://www.91ri.org/8618.html
[其它]  Internet Heartbleed Health Report
https://zmap.io/heartbleed/
[恶意分析]  CVE-2014-1761 0day exploit 已經大量出現在台灣的APT攻擊
http://blog.xecure-lab.com/2014/04/cve-2014-1761-0day-exploit-apt.html
[会议]  SyScan2014 Conference Slides
http://www.syscan.org/index.php/download
[运维安全]  dnsproxy:A simple DNS proxy server
https://github.com/vietor/dnsproxy
[恶意分析]  Malwarelyse.me (An MfS-Enterprise Project)
http://www.malwarelyse.me/
[漏洞分析]  Embedded in Academia : Heartbleed and Static Analysis
http://blog.regehr.org/archives/1125
[Web安全]  Cookies with HttpOnly Flag: Problem in Some Browsers
http://resources.infosecinstitute.com/cookies-httponly-flag-problem-browsers/
[Web安全]  一次通过漏洞挖掘成功渗透某网站的过程
http://www.freebuf.com/articles/web/31053.html
[移动安全]  Fuzzing Application AndroidManifest
https://gist.github.com/k3170makan/10001255
[其它]  firewall-sosdg:Firewall/SOSDG & SRFirewall
https://code.google.com/p/firewall-sosdg/
[漏洞分析]  IIS4\IIS5 CGI环境块伪造0day
http://hi.baidu.com/yuange1975/item/b2cc7141c22108e91e19bc2e
[恶意分析]  8×8 Script Leads to Infinity Drive-By
http://www.kahusecurity.com/2014/8x8-script-leads-to-infinity-drive-by/
[编程技术]  Putty的颜色设置
http://blog.csdn.net/pan_tian/article/details/8111390
[Web安全]  关于OpenSSL“心脏出血”漏洞的分析
http://drops.wooyun.org/papers/1381
[其它]  收集的资料从来不看怎么办
http://blog.hiddenwangcc.com/archives/1778
[其它]  sslsniff:A tool for automated MITM attacks on SSL connections
https://github.com/moxie0/sslsniff
[其它]  OPENSSL TLS 支持smtp, pop3, imap, ftp, or xmpp
https://raw.githubusercontent.com/decal/ssltest-stls/master/ssltest-stls.py
[运维安全]  云计算防入侵最佳实践
http://blog.aliyun.com/181?spm=0.0.0.0.sk6WTM
[移动安全]  Android Bug Superior to Master Key
http://www.saurik.com/id/18
[编程技术]  编程不易的《码农周刊》(第26期)
http://weekly.manong.io/issues/26?ref=wiki
[恶意分析]  Analyzing the "Power Worm" PowerShell-based Malware
http://www.exploit-monday.com/2014/04/powerworm-analysis.html
[移动安全]  Hardening Android for Security and Privacy
https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy
[编程技术]  微信公众平台完整开发教程
http://segmentfault.com/a/1190000000446237
[其它]  passivedns:A network sniffer that logs all DNS server replies
https://github.com/gamelinux/passivedns
[杂志]  SecWiki周刊(第5期)
http://www.sec-wiki.com/weekly/5
[编程技术]  表达式语法分析
http://www.zzsec.org/2014/04/expression-parser/
安全专题
互联网Web安全职位面试题目汇总
https://www.sec-wiki.com/topic/44
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第6期)