SecWiki周刊(第61期)
2015/04/27-2015/05/03
安全资讯
我是谁:没有绝对安全的系统
http://www.acfun.tv/v/ac1866576
http://www.acfun.tv/v/ac1866576
Top 30 Targeted High Risk Vulnerabilities
https://www.us-cert.gov/ncas/alerts/TA15-119A
https://www.us-cert.gov/ncas/alerts/TA15-119A
0ops副队长讲解决赛题目
http://v.qq.com/page/w/e/z/w0152n2duez.html
http://v.qq.com/page/w/e/z/w0152n2duez.html
RSA2015–弯曲评论的观察
http://www.valleytalk.org/2015/04/28/rsa2015-%e5%bc%af%e6%9b%b2%e8%af%84%e8%ae%ba%e7%9a%84%e8%a7%82%e5%af%9f/
http://www.valleytalk.org/2015/04/28/rsa2015-%e5%bc%af%e6%9b%b2%e8%af%84%e8%ae%ba%e7%9a%84%e8%a7%82%e5%af%9f/
Password Alert Chrome Extension: Protect Google Account from Phishers
http://thehackernews.com/2015/04/google-password-alert.html
http://thehackernews.com/2015/04/google-password-alert.html
MOSEC移动安全会议
http://mosec.org/?forcelang=true
http://mosec.org/?forcelang=true
RSA会议:2015六大新型攻击趋势
http://www.freebuf.com/news/65650.html
http://www.freebuf.com/news/65650.html
我眼中的RSA 2015 – 改变和信心
http://www.freebuf.com/articles/neopoints/65809.html
http://www.freebuf.com/articles/neopoints/65809.html
安全技术
Automated Data Exfiltration With XXE
http://blog.gdssecurity.com/labs/2015/4/29/automated-data-exfiltration-with-xxe.html
http://blog.gdssecurity.com/labs/2015/4/29/automated-data-exfiltration-with-xxe.html
The Spy in the Sandbox – Practical Cache Attacks in Javascript
http://arxiv.org/pdf/1502.07373v2.pdf
http://arxiv.org/pdf/1502.07373v2.pdf
TSRC安全群英汇•上海站嘉宾分享PPT下载
http://t.cn/RA85feu
http://t.cn/RA85feu
IEEE S&P 2015会议论文预读系列
http://vonwei.com/post/IEEESP2015Papers1.html
http://vonwei.com/post/IEEESP2015Papers1.html
QCon 北京 2015 议题下载
http://pan.baidu.com/s/1eQ5wOuu
http://pan.baidu.com/s/1eQ5wOuu
Fuzzing with AFL-Fuzz, a Practical Example ( AFL vs binutils )
http://www.evilsocket.net/2015/04/30/fuzzing-with-afl-fuzz-a-practical-example-afl-vs-binutils/
http://www.evilsocket.net/2015/04/30/fuzzing-with-afl-fuzz-a-practical-example-afl-vs-binutils/
WordPress 4.2以下版本XSS漏洞Getshell
http://blog.linux520.com/?p=62
http://blog.linux520.com/?p=62
Using Machine-Readable Threat Intelligence to Block Unknown Threats
https://www.brighttalk.com/webcast/8241/150227
https://www.brighttalk.com/webcast/8241/150227
WordPress 4.2 Stored XSS
http://klikki.fi/adv/wordpress2.html
http://klikki.fi/adv/wordpress2.html
AppSec is Eating Security - Alex Stamos - Opening Keynote
https://www.youtube.com/watch?v=2OTRU--HtLM&feature=youtu.be
https://www.youtube.com/watch?v=2OTRU--HtLM&feature=youtu.be
BeeCli:基于PoC框架Beebeeto-framework的利用工具
https://github.com/RickGray/BeeCli
https://github.com/RickGray/BeeCli
講個秘訣 - 0ctf Final 0cms
http://blog.orange.tw/2015/05/0ctf-final-0cms.html
http://blog.orange.tw/2015/05/0ctf-final-0cms.html
Top 10 Web Hacking Techniques of 2014
http://www.rsaconference.com/writable/presentations/file_upload/ht-f01-top-10-web-hacking-techniques-of-2014_final.pdf
http://www.rsaconference.com/writable/presentations/file_upload/ht-f01-top-10-web-hacking-techniques-of-2014_final.pdf
WPSploit - Exploiting Wordpress With Metasploit
https://github.com/espreto/wpsploit
https://github.com/espreto/wpsploit
wargame behemoth writeup
http://drops.wooyun.org/binary/5831
http://drops.wooyun.org/binary/5831
GitHack: git folder disclosure exploit
https://github.com/lijiejie/GitHack
https://github.com/lijiejie/GitHack
pdf-parser: A Method To Manipulate PDFs Part 2
http://blog.didierstevens.com/2015/04/29/pdf-parser-a-method-to-manipulate-pdfs-part-2/
http://blog.didierstevens.com/2015/04/29/pdf-parser-a-method-to-manipulate-pdfs-part-2/
Wordpress < 4.1.2 存储型XSS分析与稳定POC
http://www.leavesongs.com/HTML/wordpress-4-1-stored-xss.html
http://www.leavesongs.com/HTML/wordpress-4-1-stored-xss.html
Intelligence-Driven Computer Network Defense
http://www.valleytalk.org/wp-content/uploads/2015/04/LM-White-Paper-Intel-Driven-Defense.pdf
http://www.valleytalk.org/wp-content/uploads/2015/04/LM-White-Paper-Intel-Driven-Defense.pdf
Developing MIPS Exploits to Hack Routers
https://www.exploit-db.com/docs/36806.pdf
https://www.exploit-db.com/docs/36806.pdf
The h Index for Computer Science
http://www.cs.ucla.edu/~palsberg/h-number.html
http://www.cs.ucla.edu/~palsberg/h-number.html
Threat Spotlight: TeslaCrypt – Decrypt It Yourself
http://blogs.cisco.com/security/talos/teslacrypt
http://blogs.cisco.com/security/talos/teslacrypt
Race conditions on Facebook, DigitalOcean and others (fixed)
http://josipfranjkovic.blogspot.kr/2015/04/race-conditions-on-facebook.html
http://josipfranjkovic.blogspot.kr/2015/04/race-conditions-on-facebook.html
ShellCheck:static analysis and linting tool for sh/bash scripts
http://www.shellcheck.net/about.html
http://www.shellcheck.net/about.html
SSQLInjection:超级SQL注入工具
http://pan.baidu.com/s/1kTxemcJ
http://pan.baidu.com/s/1kTxemcJ
Full Stack Python
http://www.fullstackpython.com/
http://www.fullstackpython.com/
Becoming a Bayesian, Part 1
http://www.nowozin.net/sebastian/blog/becoming-a-bayesian-part-1.html
http://www.nowozin.net/sebastian/blog/becoming-a-bayesian-part-1.html
移动App中常见的Web漏洞
http://www.dickeye.com/?id=16
http://www.dickeye.com/?id=16
HTTP Cache Poisoning Demo
https://github.com/EtherDream/mitm-http-cache-poisoning
https://github.com/EtherDream/mitm-http-cache-poisoning
Amazon EC2 GPU HVM Spot Instance Password Cracking
http://thehackerblog.com/amazon-ec2-gpu-hvm-spot-instance-cracking-setup-tutorial/
http://thehackerblog.com/amazon-ec2-gpu-hvm-spot-instance-cracking-setup-tutorial/
PART 1 - TOP-HAT-SEC REVERSING MINI-SERIES
http://www.top-hat-sec.com/r4v3ns-blog/top-hat-sec-reversing-mini-series
http://www.top-hat-sec.com/r4v3ns-blog/top-hat-sec-reversing-mini-series
Unpacking CCTV Firmware
http://itsjack.cc/blog/2015/04/unpacking-cctv-firmware/
http://itsjack.cc/blog/2015/04/unpacking-cctv-firmware/
JDWP exploitation script
https://github.com/IOActive/jdwp-shellifier
https://github.com/IOActive/jdwp-shellifier
一次心惊肉跳的服务器误删文件的恢复过程
http://netsecurity.51cto.com/art/201504/473962_all.htm
http://netsecurity.51cto.com/art/201504/473962_all.htm
pdf-parser: A Method To Manipulate PDFs Part 1
http://blog.didierstevens.com/2015/04/16/pdf-parser-a-method-to-manipulate-pdfs-part-1/
http://blog.didierstevens.com/2015/04/16/pdf-parser-a-method-to-manipulate-pdfs-part-1/
Seeweb Hacking Contest: Blackout Ressurection
https://ctf-team.vulnhub.com/seeweb-hacking-contest-blackout-ressurection/
https://ctf-team.vulnhub.com/seeweb-hacking-contest-blackout-ressurection/
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第61期)
