SecWiki周刊(第30期)
2014/09/22-2014/09/28
安全资讯
一周海外安全事件回顾(9.15-9.21): 说好的分手呢?
http://www.freebuf.com/news/44839.html
http://www.freebuf.com/news/44839.html
A Week in Security (Sept 14 – 20)
https://blog.malwarebytes.org/online-security/2014/09/a-week-in-security-sept-14-20/
https://blog.malwarebytes.org/online-security/2014/09/a-week-in-security-sept-14-20/
安全技术
Even uploading a JPG file can lead to Cross Domain Data Hijacking (client-side a
https://soroush.secproject.com/blog/2014/05/even-uploading-a-jpg-file-can-lead-to-cross-domain-data-hijacking-client-side-attack/
https://soroush.secproject.com/blog/2014/05/even-uploading-a-jpg-file-can-lead-to-cross-domain-data-hijacking-client-side-attack/
xss挑战赛writeup
http://drops.wooyun.org/tips/3059
http://drops.wooyun.org/tips/3059
A very well done post on solving the FireEye challenges
http://www.ghettoforensics.com/2014/09/a-walkthrough-for-flare-re-challenges.html
http://www.ghettoforensics.com/2014/09/a-walkthrough-for-flare-re-challenges.html
Upload a web.config File for Fun & Profit
https://soroush.secproject.com/blog/2014/07/upload-a-web-config-file-for-fun-profit/
https://soroush.secproject.com/blog/2014/07/upload-a-web-config-file-for-fun-profit/
Heatmiser WiFi thermostat vulnerabilities
http://cybergibbons.com/security-2/heatmiser-wifi-thermostat-vulnerabilities/
http://cybergibbons.com/security-2/heatmiser-wifi-thermostat-vulnerabilities/
Sublime Text 全程指引
http://www.cnblogs.com/figure9/p/sublime-text-complete-guide.html
http://www.cnblogs.com/figure9/p/sublime-text-complete-guide.html
Droidmarking: resilient software watermarking for impeding android application
http://dl.acm.org/citation.cfm?id=2642977
http://dl.acm.org/citation.cfm?id=2642977
Kali Linux NetHunter Download
http://www.offensive-security.com/kali-linux-nethunter-download/
http://www.offensive-security.com/kali-linux-nethunter-download/
Kisskiss - Unpacker for various Android packers/protectors
https://github.com/strazzere/android-unpacker/tree/master/native-unpacker
https://github.com/strazzere/android-unpacker/tree/master/native-unpacker
Elasticsearch权威指南中文版
https://github.com/looly/elasticsearch-definitive-guide-cn
https://github.com/looly/elasticsearch-definitive-guide-cn
mitmproxy中libmproxy简单介绍
http://drops.wooyun.org/tips/2943
http://drops.wooyun.org/tips/2943
无状态扫描工具masscan 介绍
http://labs.redcoast.org/?p=28
http://labs.redcoast.org/?p=28
金刚——安卓APP安全漏洞审计系统
http://service.security.tencent.com/kingkong
http://service.security.tencent.com/kingkong
用 Python 做文本挖掘的流程
http://zhuanlan.zhihu.com/textmining-experience/19630762
http://zhuanlan.zhihu.com/textmining-experience/19630762
Python自然语言处理实践: 在NLTK中使用斯坦福中文分词器
http://www.52nlp.cn/python%e8%87%aa%e7%84%b6%e8%af%ad%e8%a8%80%e5%a4%84%e7%90%86%e5%ae%9e%e8%b7%b5-%e5%9c%a8nltk%e4%b8%ad%e4%bd%bf%e7%94%a8%e6%96%af%e5%9d%a6%e7%a6%8f%e4%b8%ad%e6%96%87%e5%88%86%e8%af%8d%e5%99%a8
http://www.52nlp.cn/python%e8%87%aa%e7%84%b6%e8%af%ad%e8%a8%80%e5%a4%84%e7%90%86%e5%ae%9e%e8%b7%b5-%e5%9c%a8nltk%e4%b8%ad%e4%bd%bf%e7%94%a8%e6%96%af%e5%9d%a6%e7%a6%8f%e4%b8%ad%e6%96%87%e5%88%86%e8%af%8d%e5%99%a8
The Mole to exploit SQL Injections using SQLMAP
http://themole.sourceforge.net/?q=tutorial
http://themole.sourceforge.net/?q=tutorial
14 Best Open Source Web Application Vulnerability Scanners
http://resources.infosecinstitute.com/14-popular-web-application-vulnerability-scanners/
http://resources.infosecinstitute.com/14-popular-web-application-vulnerability-scanners/
Kali Nethunter初体验
http://drops.wooyun.org/tools/3113
http://drops.wooyun.org/tools/3113
CVE-2014-6271资料汇总
http://drops.wooyun.org/papers/3064
http://drops.wooyun.org/papers/3064
Web扫描器科普系列:Web2.0爬虫
http://www.imiyoo.com/webscan/2014/09/23/271.html
http://www.imiyoo.com/webscan/2014/09/23/271.html
Exploit-Exercises Nebula全攻略
https://github.com/1u4nx/Exploit-Exercises-Nebula
https://github.com/1u4nx/Exploit-Exercises-Nebula
Choosing a Recommender Model
http://blog.graphlab.com/choosing-a-recommender-model
http://blog.graphlab.com/choosing-a-recommender-model
BASH BUG:cve-2014-6271验证与利用
http://bobao.360.cn/learning/detail/43.html
http://bobao.360.cn/learning/detail/43.html
pwc-moneytree-q2-2014-summary-report
http://vdisk.weibo.com/s/C72IDYVydM0Va/1411294602
http://vdisk.weibo.com/s/C72IDYVydM0Va/1411294602
xss挑战赛writeup
http://drops.wooyun.org/tips/3059
http://drops.wooyun.org/tips/3059
CVE2014-6271 Bash Environment Variables Code Injection Vulnerability Analysis
http://www.cnblogs.com/LittleHann/p/3992778.html
http://www.cnblogs.com/LittleHann/p/3992778.html
张益唐:我若在中国无法取得今天这样的学术突破
http://www.mysanco.cn/wenda/index.php?class=discuss&action=question_item&questionid=6591
http://www.mysanco.cn/wenda/index.php?class=discuss&action=question_item&questionid=6591
《安全参考》HACKCTO-201409-21
http://pan.baidu.com/s/1c07wz64
http://pan.baidu.com/s/1c07wz64
Bash漏洞批量检测工具与修复方案
http://www.freebuf.com/tools/45311.html
http://www.freebuf.com/tools/45311.html
Fileless Infections from Exploit Kit: An Overview
https://blog.malwarebytes.org/exploits-2/2014/09/fileless-infections-from-exploit-kit-an-overview/
https://blog.malwarebytes.org/exploits-2/2014/09/fileless-infections-from-exploit-kit-an-overview/
Scaling the NetScaler
http://console-cowboys.blogspot.hk/2014/09/scaling-netscaler.html
http://console-cowboys.blogspot.hk/2014/09/scaling-netscaler.html
反调试之遍历驱动名-熙甫JoyChou
http://vdisk.weibo.com/s/zFE_kIDWI5fx-/1411349943
http://vdisk.weibo.com/s/zFE_kIDWI5fx-/1411349943
Google Android官方培训课程中文版(v0.4)
https://github.com/kesenhoo/android-training-course-in-chinese
https://github.com/kesenhoo/android-training-course-in-chinese
破壳漏洞(CVE-2014-6271)综合分析
http://www.antiy.com/response/Bash%20Shellshock(cve-2014-6271)_V1.5.pdf
http://www.antiy.com/response/Bash%20Shellshock(cve-2014-6271)_V1.5.pdf
绕过浏览器的XSS防御机制(4)
http://parsec.me/780.html
http://parsec.me/780.html
[CTF]AliCTF-Quals-2014-L-WriteUp
http://le4f.net/post/writeup/-ctf-alictf-quals-2014-l-writeup
http://le4f.net/post/writeup/-ctf-alictf-quals-2014-l-writeup
Beebeeto:安全研究人员所共同维护的POC/EXP平台
http://beebeeto.com/
http://beebeeto.com/
A Security Analysis Of Browser Extensions
http://drops.wooyun.org/web/2918
http://drops.wooyun.org/web/2918
Blind Return Oriented Programming (BROP) Attack
http://drops.wooyun.org/tips/3071
http://drops.wooyun.org/tips/3071
未知攻焉知防——XXE漏洞攻防
http://security.tencent.com/index.php/blog/msg/69
http://security.tencent.com/index.php/blog/msg/69
CSAW CTF 2014
https://ctf.isis.poly.edu/
https://ctf.isis.poly.edu/
SlimerJS:A scriptable browser for Web developers
http://www.slimerjs.org/index.html
http://www.slimerjs.org/index.html
Android逆向之动态调试总结
http://www.52pojie.cn/thread-293648-1-1.html
http://www.52pojie.cn/thread-293648-1-1.html
CSAW CTF 2014 – Web 300 – hashes writeup
http://wiremask.eu/csaw-ctf-2014-web-300-hashes-writeup/
http://wiremask.eu/csaw-ctf-2014-web-300-hashes-writeup/
Malicious Documents – PDF Analysis in 5 steps
http://countuponsecurity.com/2014/09/22/malicious-documents-pdf-analysis-in-5-steps/
http://countuponsecurity.com/2014/09/22/malicious-documents-pdf-analysis-in-5-steps/
web前端_PHP开发视频
http://www.imooc.com/course/list
http://www.imooc.com/course/list
基于云计算的微博敏感信息挖掘系统
https://github.com/alsotang/ciscn_docs
https://github.com/alsotang/ciscn_docs
FinFisher Malware Dropper Analysis
https://www.codeandsec.com/FinFisher-Malware-Dropper-Analysis
https://www.codeandsec.com/FinFisher-Malware-Dropper-Analysis
Trying to hack Redis via HTTP requests
http://drops.wooyun.org/papers/3062
http://drops.wooyun.org/papers/3062
FrozenUI:移动端web框架
http://frozenui.github.io/
http://frozenui.github.io/
Packetbeat:应用监控和包跟踪系统
http://packetbeat.com/
http://packetbeat.com/
Javascript Deobfuscation Tools Redux
http://www.kahusecurity.com/2014/javascript-deobfuscation-tools-redux/
http://www.kahusecurity.com/2014/javascript-deobfuscation-tools-redux/
Linux内核实现多路镜像流量聚合和复制
http://www.freebuf.com/tools/44308.html
http://www.freebuf.com/tools/44308.html
UICloud:User Interface Design Search Engine
http://ui-cloud.com/
http://ui-cloud.com/
nginx apache lighttpd 禁止某些目录执行php
https://baoz.net/nginx-apache-lighttpd-disable-php/
https://baoz.net/nginx-apache-lighttpd-disable-php/
绕过360安全卫士的部分代码
http://blog.csdn.net/chinafe/article/details/39477997
http://blog.csdn.net/chinafe/article/details/39477997
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第30期)
