SecWiki周刊（第20期)

SecWiki周刊（第20期）

2014/07/14-2014/07/20

安全资讯

[Web安全] Schneier on Security: GCHQ Catalog of Exploit Tools
https://www.schneier.com/blog/archives/2014/07/gchq_catalog_of.html

[恶意分析] Havex：以工控设备为狩猎目标的恶意软件
http://www.freebuf.com/articles/system/38525.html

安全技术

[Web安全] 安全科普：SQLi Labs 指南 Part 2
http://www.freebuf.com/articles/web/38315.html

[Web安全] #乌云月爆# wooyun monthly -7
http://pan.baidu.com/s/1c0w5I2c

[恶意分析] TrapX_ZOMBIE_Report_Final
http://www.trapx.com/wp-content/uploads/2014/07/TrapX_ZOMBIE_Report_Final.pdf

[恶意分析] Reversing a PHP Script Dynamically and Statically
http://www.kahusecurity.com/2014/reversing-a-php-script-dynamically-and-statically/

[漏洞分析] Isolated Heap & Friends - Object Allocation Hardening in Web Browsers
https://labs.mwrinfosecurity.com/blog/2014/06/20/isolated-heap-friends---object-allocation-hardening-in-web-browsers/

[无线安全] 修改摩托罗拉C118过滤器
http://radiowar.org/hardware/motorola-c118-filter-replacement.html

[设备安全] Industrial Control Systems Cyber Security Conference
http://www.icscybersecurityconference.com/

[漏洞分析] CVE-2014-0321 - Exploiting IE11 on windows 8.1 32bits
http://www.weibo.com/p/1001603732980651659108

[取证分析] 反黑工具箱
http://vdisk.weibo.com/s/G_jLEbJqVyCU/1405318127

[无线安全] 移动基站是如何被假冒的，发送欺诈广告短信的伪基站如何工作？
http://www.zhihu.com/question/21389742

[漏洞分析] 微软最近干了些啥
http://hi.baidu.com/0x557/item/167c852a2a0096caa5275abf

[运维安全] 漫谈云上架构和运维的艺术
http://t.cn/RPAmzh8

[Web安全] 绿盟科技安全+技术内刊 025期
http://www.nsfocus.com/images/6_about/journal/6_10_025_j.pdf

[Web安全] Abusing Oracle’s CREATE DATABASE LINK privilege for fun and profit!
http://www.notsosecure.com/blog/2014/07/08/abusing-oracles-create-database-link-privilege-for-fun-and-profit/

[运维安全] Oracle安全配置
http://drops.wooyun.org/%e8%bf%90%e7%bb%b4%e5%ae%89%e5%85%a8/2547

[运维安全] 主流WAF架构分析与探索
http://security.tencent.com/index.php/blog/msg/56

[恶意分析] linux python版webshell智能查杀程序-SeayFindShell
http://www.cnseay.com/3984/

[Web安全] Dump Windows password hashes efficiently
http://bernardodamele.blogspot.hk/2011/12/dump-windows-password-hashes.html

[Web安全] Email Grab
http://www.intellipedia.info/downloads/emailgrab.0.3.5.zip

[漏洞分析] Is use-after-free exploitation dead? The new IE memory protector will tell you
http://blog.fortinet.com/Is-use-after-free-exploitation-dead--The-new-IE-memory-protector-will-tell-you/

[恶意分析] Bypassing AV with Veil-Evasion
https://www.netspi.com/blog/entryid/234/bypassing-av-with-veil-evasion

[书籍] Anti-Hacker Tool Kit, 4th Edition
http://pan.baidu.com/s/1rPWPS

[Web安全] 译言精选-大误：网络安全五大迷思
http://select.yeeyan.org/view/270688/415556

[移动安全] iOS_Backdoors_Attack_Points_Surveillance_Mechanisms
http://t.cn/RPAaSN8

[Web安全] PunkSPIDER:a global web application vulnerability search engine
http://punkspider.hyperiongray.com/

[Web安全] 上传文件的陷阱II 纯数字字母的swf是漏洞么
http://drops.wooyun.org/tips/2554

[漏洞分析] Vulnerability Summary for the Week of July 7, 2014
http://www.us-cert.gov/ncas/bulletins/SB14-195

[Web安全] Flash 0day特性带来的攻击思路杂谈
http://evilcos.me/?p=425

[Web安全] 给开发者的终极XSS防护备忘录
http://blog.knownsec.com/wp-content/uploads/2014/07/%E7%BB%99%E5%BC%80%E5%8F%91%E8%80%85%E7%9A%84%E7%BB%88%E6%9E%81XSS%E9%98%B2%E6%8A%A4%E5%A4%87%E5%BF%98%E5%BD%95.pdf

[Web安全] web.py 使用不当可能造成代码执行
http://lcx.cc/?i=4395

[移动安全] Android Security Enhancements
http://androidtamer.com/android-security-enhancements/

[编程技术] 学习JavaScript的在线课程和指南
http://blog.jobbole.com/73465/

[Web安全] TPLINK渗透实战
http://drops.wooyun.org/tips/2552

-----微信ID：SecWiki-----
SecWiki，12年来一直专注安全技术资讯分析！
SecWiki：https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第20期)