SecWiki周刊(第26期)
2014/08/25-2014/08/31
安全资讯
Netcore路由器存在后门,任何人可远程登陆
http://www.freebuf.com/news/41940.html
http://www.freebuf.com/news/41940.html
Palo Alto 新一代防火墙产品概述
http://security.ctocio.com.cn/41/12654541.shtml
http://security.ctocio.com.cn/41/12654541.shtml
安全技术
KCon Conference Slideshare
https://github.com/knownsec/KCon
https://github.com/knownsec/KCon
SyScan'11 Singapore: Fuzzing and Debugging Cisco IOS
https://www.youtube.com/watch?v=ufBpsuVqPac
https://www.youtube.com/watch?v=ufBpsuVqPac
Ida Collection(include Windows, MacOS IDAv5.3-V6.1, Linux IDAv5.3-v5.7)
http://www.52pojie.cn/thread-286850-1-1.html
http://www.52pojie.cn/thread-286850-1-1.html
exp-sky/HitCon-2014-IE-11-0day-Windows-8.1-Exploit
https://github.com/exp-sky/HitCon-2014-IE-11-0day-Windows-8.1-Exploit
https://github.com/exp-sky/HitCon-2014-IE-11-0day-Windows-8.1-Exploit
21 Popular Digital Forensics Tools
http://resources.infosecinstitute.com/21-popular-digital-forensics-tools/
http://resources.infosecinstitute.com/21-popular-digital-forensics-tools/
Car Hacker's Handbook
http://opengarages.org/handbook/
http://opengarages.org/handbook/
Exploiting Fundamental Weaknesses in Botnet Command and Control (C&C) Panels
http://secniche.org/blackhat-2014/blackhat_2014_briefings_whitepaper_exp_cc_flaws_adityaks.pdf
http://secniche.org/blackhat-2014/blackhat_2014_briefings_whitepaper_exp_cc_flaws_adityaks.pdf
lnmp虚拟主机安全配置研究
http://drops.wooyun.org/tips/2866
http://drops.wooyun.org/tips/2866
从分析8000条工程师招聘信息所学到的
http://blog.jobbole.com/75717/
http://blog.jobbole.com/75717/
CloudFlare防护下的破绽:寻找真实IP的几条途径
http://www.freebuf.com/articles/web/41533.html
http://www.freebuf.com/articles/web/41533.html
UAC提升权限的细节
http://blog.sinzy.net/127/entry/20243
http://blog.sinzy.net/127/entry/20243
Use-after-frees: That pointer may be pointing to something bad
http://securityintelligence.com/use-after-frees-that-pointer-may-be-pointing-to-something-bad
http://securityintelligence.com/use-after-frees-that-pointer-may-be-pointing-to-something-bad
Understanding IE's New Exploit Mitigations: The Memory Protector and the Isolated Heap
http://securityintelligence.com/understanding-ies-new-exploit-mitigations-the-memory-protector-and-the-isolated-heap
http://securityintelligence.com/understanding-ies-new-exploit-mitigations-the-memory-protector-and-the-isolated-heap
hitcon-ctf-2014 write-ups
https://github.com/ctfs/write-ups/tree/master/hitcon-ctf-2014
https://github.com/ctfs/write-ups/tree/master/hitcon-ctf-2014
An xposed module that disables SSL certificate checking
https://github.com/Fuzion24/JustTrustMe
https://github.com/Fuzion24/JustTrustMe
XSScrapy: fast, thorough XSS vulnerability spider
http://danmcinerney.org/xsscrapy-fast-thorough-xss-vulnerability-spider/
http://danmcinerney.org/xsscrapy-fast-thorough-xss-vulnerability-spider/
php绕过安全狗检测的小马分享
http://lcx.cc/?i=4423
http://lcx.cc/?i=4423
Veil Framework: various attack methods focused on evading detection
https://www.veil-framework.com/
https://www.veil-framework.com/
Metasploit: R7-2014-12: More Amplification Vuln.
https://community.rapid7.com/community/metasploit/blog/2014/08/25/r7-2014-12-more-amplification-vulnerabilities-in-ntp-allow-even-more-drdos-attacks
https://community.rapid7.com/community/metasploit/blog/2014/08/25/r7-2014-12-more-amplification-vulnerabilities-in-ntp-allow-even-more-drdos-attacks
GSM_Sniffer steps
http://debugwar.com/archives/369/gsm_sniffer
http://debugwar.com/archives/369/gsm_sniffer
我是如何通过微博悄无声息的定位到某某明星位置信息
http://www.wooyun.org/bugs/wooyun-2014-068337
http://www.wooyun.org/bugs/wooyun-2014-068337
XSPA----跨越维度的攻击方式
http://phpsec-wordpress.stor.sinaapp.com/uploads/2014/08/XSPA.pdf
http://phpsec-wordpress.stor.sinaapp.com/uploads/2014/08/XSPA.pdf
malicious-domain-profiling
https://code.google.com/p/malicious-domain-profiling/
https://code.google.com/p/malicious-domain-profiling/
小米手机MIUI远程代码执行漏洞分析
http://blogs.360.cn/360mobile/2014/08/25/miui-rce-vul/
http://blogs.360.cn/360mobile/2014/08/25/miui-rce-vul/
Using Java SecurityManager to grant/deny access to system functions
http://www.javablogging.com/using-java-securitymanager-to-grantdeny-access-to-system-functions/
http://www.javablogging.com/using-java-securitymanager-to-grantdeny-access-to-system-functions/
Bypass AV Dynamics
http://packetstorm.foofus.com/papers/virus/BypassAVDynamics.pdf
http://packetstorm.foofus.com/papers/virus/BypassAVDynamics.pdf
国外信息安全站点整理
https://gitcafe.com/IDF_LAB/Sites
https://gitcafe.com/IDF_LAB/Sites
idb: some common tasks for iOS pentesting and research
https://github.com/dmayer/idb
https://github.com/dmayer/idb
Viproy VoIP Penetration Testing and Exploitation Kit
http://www.viproy.com/
http://www.viproy.com/
KCon V3 技术概述
http://blog.knownsec.com/2014/08/kcon-v3-successfully-conducted-and-zoomeye-published-new-version/
http://blog.knownsec.com/2014/08/kcon-v3-successfully-conducted-and-zoomeye-published-new-version/
Videos for Day 1 & 2 of Malware Dynamic Analysis class posted
http://opensecuritytraining.info/ChangeBlog/Entries/2014/8/24_Videos_for_Day_1_%26_2_of_Malware_Dynamic_Analysis_class_posted.html
http://opensecuritytraining.info/ChangeBlog/Entries/2014/8/24_Videos_for_Day_1_%26_2_of_Malware_Dynamic_Analysis_class_posted.html
一次app抓包引发的Android分析记录
http://drops.wooyun.org/tips/2871
http://drops.wooyun.org/tips/2871
AdBlock Plus detection demonstration
http://erikswan.net/abp/
http://erikswan.net/abp/
HitCon'14: On the Feasibility of Automatically Generating Android Component Hija
http://www.slideshare.net/daoyuan0x/chv-exploit-hitcon-38299593
http://www.slideshare.net/daoyuan0x/chv-exploit-hitcon-38299593
Sulo:Dynamic instrumentation tool for Adobe Flash Player built on Intel
https://github.com/F-Secure/Sulo
https://github.com/F-Secure/Sulo
gencs.js
http://fuzzing.me/?p=105
http://fuzzing.me/?p=105
-----微信ID:SecWiki-----
SecWiki,13年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第26期)
