SecWiki周刊(第36期)
2014/11/03-2014/11/09
安全资讯
[Web安全]  明鉴半自动化渗透测试工具新版本V1.0.0.1正式发布
http://www.youxia.org/mingjian-shentou-1-0-0-1.html
[Web安全]  小心你的会员卡:黑客超低价出售希尔顿酒店集团会员卡和积分
http://www.freebuf.com/news/50535.html
[移动安全]  浅析 iOS 指纹识别 Touch ID 的安全性
http://blog.netsh.org/posts/touch-id-security_1926.netsh.html
[Web安全]  我国自主研发的“网络身份证”技术成熟并展开试点
http://www.youxia.org/eid.html
[Web安全]  Github上敏感信息泄露 众多厂商躺枪
http://bobao.360.cn/news/detail/743.html
[恶意分析]  ShellShock vulnerability exploited in SMTP servers
http://www.scmagazine.com/smtp-servers-exploited-in-bash-bug-attack/article/380337/
安全技术
[Web安全]  Webscan360的防御与绕过
http://drops.wooyun.org/tips/3790
[漏洞分析]  Modsecurity原理分析--从防御方面谈WAF的机制
http://drops.wooyun.org/tips/3804
[其它]  第五季极客大挑战writeup
http://drops.wooyun.org/tips/3434
[Web安全]  wooyun monthy -8
http://pan.baidu.com/s/1gdAFu6J
[Web安全]  SSLStrip 终极版 —— location 瞒天过海
http://www.cnblogs.com/index-html/p/sslstrip-plus.html
[漏洞分析]  CVE-2014-0038内核漏洞原理与本地提权利用代码实现分析
http://drops.wooyun.org/papers/3795
[恶意分析]  Xposed恶意插件分析报告
http://bbs.pediy.com/showthread.php?p=1328412#post1328412
[设备安全]  论如何优雅地蹭饭:克隆篡改公司饭卡(M1卡)
http://www.freebuf.com/articles/wireless/50123.html
[书籍]  CTF Field Guide
https://trailofbits.github.io/ctf/
[其它]  ssctf writeup by anhkgg
http://anhkgg.gitcafe.com/ssctf-2014-11-1/
[设备安全]  嵌入式设备hacking笔记——网络摄像头hacking
http://bobao.360.cn/learning/detail/84.html
[漏洞分析]  漏洞挖掘分析:QCMS V2.0命令执行与暴绝对路径漏洞
http://www.freebuf.com/vuls/50506.html
[漏洞分析]  Rootpipe:可获取苹果Mac OS X Yosemite系统最高权限的严重漏洞
http://www.freebuf.com/vuls/50168.html
[设备安全]  汽车网络和控制单元安全威胁研究
http://blog.idf.cn/2014/11/adventures-in-automotive-networks-and-control-units/
[漏洞分析]  Wget FTP软链接攻击漏洞(CVE-2014-4877)
http://www.freebuf.com/vuls/49641.html
[Web安全]  ECSHOP Vul Tag_PHP_Code Execute Getshell
http://www.cnblogs.com/LittleHann/p/4077491.html
[恶意分析]  PHISHING MESSAGES WITH LINKS TO FAKE WEBMAIL LOGIN PAGES
http://www.malware-traffic-analysis.net/2014/11/08/index.html
[漏洞分析]  Power Of Linked List, Xcon slides & additional thoughts
http://www.k33nteam.org/blog.htm
[恶意分析]  教你解密Gh0st 1.0远控木马VIP版配置信息
http://drops.wooyun.org/tips/3589
[Web安全]  如何开始CTF比赛之旅
http://blog.idf.cn/2014/06/how-to-get-started-in-ctf/
[其它]  SSCTF Writeup
http://drops.wooyun.org/tips/3603
[Web安全]  Reflected File Download Attack 中文
http://drops.wooyun.org/papers/3771
[恶意分析]  安天反病毒引擎十四年关键字
http://www.antiy.com/Computer_anti-virus_engine_road_of_Antiy_labs-chart.html
[其它]  捆绑安装浏览器:技术剖析搜狗输入法中的猫腻
http://www.freebuf.com/tools/49546.html
[漏洞分析]  让高大上的Bash破壳漏洞不再难理解(上)
http://www.freebuf.com/articles/system/50065.html
[其它]  SSCTF2014 QUAL WriteUp
http://www.secpulse.com/archives/1754.html
[恶意分析]  Powershell tricks#Bypass AV
http://x0day.me/index.php/archives/powershell-tricks-bypass-av.html
[其它]  How I REVERSE ENGINEERED GOOGLE DOCS To Play Back Any Document’s Keystrokes
http://features.jsomers.net/how-i-reverse-engineered-google-docs/
[运维安全]  浅谈信息安全早期预警理论模型–早期预警系统的整体模型
http://www.vrshield.org/?p=26
[Web安全]  2014 ISG信息安全技能竞赛writeup
http://bobao.360.cn/news/detail/734.html
[移动安全]  关于聚合数据窃取用户通讯录的完整分析
https://blog.swan.im/analysis-of-juhe-data-who-steal-user-contacts-book/
[漏洞分析]  Exploiting CVE-2014-4113 on Windows 8.1
http://www.exploit-db.com/download_pdf/35152
[恶意分析]  Mac OS X Live Forensics 107: Mac Malware
http://lockboxx.blogspot.hk/2014/11/mac-os-x-live-forensics-107-mac-malware.html
[其它]  从p0sixspwn源码看越狱流程、原理、目的
http://bbs.pediy.com/showthread.php?p=1327502#post1327502
[恶意分析]  反调试小技巧
http://www.91ri.org/11026.html
[漏洞分析]  KdExploitMe:A kernel driver to practice writing exploits against
https://github.com/clymb3r/KdExploitMe
[恶意分析]  SSCTF逆向部分Writeup
http://www.programlife.net/ssctf-reverse-writeup.html
[Web安全]  SQLiGODs 简单实例
http://www.91ri.org/11275.html
[其它]  午夜随笔话安全
http://weibo.com/p/1001603774136500543963
[移动安全]  Inside Spying FinSpy for Android
http://2014.hack.lu/archive/2014/inside_spying_v1.4.pdf
[编程技术]  利用中转输出表制作HijackDll
http://bbs.pediy.com/showthread.php?t=154269
[漏洞分析]  ISG 2014 Final Pepper Analysis
https://blog.leoc.io/blog/20141103/isg-final-pepper/
[漏洞分析]  关于RFD漏洞利用的一些思路
http://xteam.baidu.com/?p=67
[漏洞分析]  基于情报感知的信息安全:威胁情报标准
http://weibo.com/p/2304185610604c0102v7l2
[漏洞分析]  利用ROP绕过DEP(Defeating DEP with ROP)调试笔记
http://drops.wooyun.org/papers/3602
[移动安全]  NAGA & PIOWIND 2014 APP应用攻防竞赛第二阶段题目解析
http://bbs.pediy.com/showthread.php?p=1328679#post1328679
[移动安全]  APP安全分析之打车软件
http://www.freebuf.com/articles/terminal/50442.html
[数据挖掘]  反击:人肉OSX系统某木马作者
http://www.91ri.org/11266.html
[Web安全]  Heybe Toolkit:Penetration Testing Automation Toolkit
https://github.com/heybe
[移动安全]  What You Need to Know About WireLurker
http://www.zdziarski.com/blog/?p=4140
[Web安全]  Detecting and Exploiting the HTTP PUT Method
http://www.smeegesec.com/2014/10/detecting-and-exploiting-http-put-method.html
[漏洞分析]  Powershell tricks::Powershell Remoting
http://drops.wooyun.org/tips/3473
[Web安全]  ssctf-crack
http://bigtang.org/ssctf-crack/
[移动安全]  Android 5.0 原厂镜像正式公布
http://bbs.kafan.cn/thread-1784703-1-1.html
安全专题
开源Web批量扫描工具
https://www.sec-wiki.com/topic/53
BIOS bootkit相关资料
https://www.sec-wiki.com/topic/52
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第36期)