SecWiki周刊(第39期)
2014/11/24-2014/11/30
安全资讯
[移动安全]  走近科学:剑指Android和iOS系统的DoubleDirect中间人攻击
http://www.freebuf.com/news/special/52615.html
[Web安全]  IP.Board 3.4.5中SQL注入漏洞的利用与分析
http://www.freebuf.com/articles/web/53018.html
[移动安全]  深度:剖析三星Galaxy KNOX远程代码执行漏洞(含视频)
http://www.freebuf.com/news/52668.html
[Web安全]  偏门系统拾遗:Tru64 Unix系统搭建渗透指南
http://www.freebuf.com/articles/system/52782.html
[Web安全]  金玉其外败絮其中:百度杀毒“雪狼引擎”逆向分析
http://www.freebuf.com/articles/system/53021.html
安全技术
[运维安全]  ICMP重定向攻击
http://blog.zimperium.com/doubledirect-zimperium-discovers-full-duplex-icmp-redirect-attacks-in-the-wild/
[Web安全]  XDef2014 全国网络与信息安全防护峰会PPT
http://www.xdef.org.cn/2014/agenda.html
[漏洞分析]  CVE-2014-6332 Swf 攻击样本分析
http://bobao.360.cn/learning/detail/111.html
[其它]  Pfsense HA(高可用性群集)
http://drops.wooyun.org/%e8%bf%90%e7%bb%b4%e5%ae%89%e5%85%a8/4010
[Web安全]  WordPress 3.0-3.92 存储型XSS添加管理员&getshell脚本
http://bobao.360.cn/learning/detail/112.html
[Web安全]  土耳其黑客入侵本国电力系统,怒删贫困地区巨额债务账单(含视频)
http://www.freebuf.com/news/52685.html
[漏洞分析]  Winshock(MS14-066)最新分析与研究
http://www.securitysift.com/exploiting-ms14-066-cve-2014-6321-aka-winshock/
[运维安全]  Nmap源码分析(脚本引擎)
http://blog.csdn.net/aspirationflow/article/details/7956928
[Web安全]  提高NodeJS网站的安全性:Web服务器防黑客攻击技巧
http://ourjs.com/detail/%E6%8F%90%E9%AB%98nodejs%E7%BD%91%E7%AB%99%E7%9A%84%E5%AE%89%E5%85%A8%E6%80%A7-web%E6%9C%8D%E5%8A%A1%E5%99%A8%E9%98%B2%E9%BB%91%E5%AE%A2%E6%94%BB%E5%87%BB%E6%8A%80%E5%B7%A7
[Web安全]  黑客辞典:暗网(the Dark Web)
http://www.freebuf.com/news/special/52445.html
[漏洞分析]  The Fuzzing Project
https://fuzzing-project.org/
[设备安全]  网络空间工控设备的发现与入侵
http://evilcos.me/?p=473
[Web安全]  知其一不知其二之Jenkins Hacking
http://www.secpulse.com/archives/2166.html
[漏洞分析]  Metasploit渗透Ubuntu 12.04攻击测试演练
http://www.freebuf.com/articles/system/52692.html
[移动安全]  深度:剖析三星Galaxy KNOX远程代码执行漏洞(含视频)
http://www.freebuf.com/news/52668.html
[取证分析]  2014-11-23 - TRAFFIC ANALYSIS EXERCISE
http://www.malware-traffic-analysis.net/2014/11/23/index.html
[Web安全]  Web渗透练习技巧N则(一)
http://www.freebuf.com/articles/web/52413.html
[取证分析]  涂师傅android手机数据恢复
http://www.tushifu.com/andr.html
[其它]  youtube-dl:视频下载利器
https://rg3.github.io/youtube-dl/
[漏洞分析]  cve-2014-0569 漏洞利用分析
http://drops.wooyun.org/papers/4024
[移动安全]  “长老木马”三代揪出背后“大毒枭”
http://blogs.360.cn/360mobile/2014/11/24/analysis_of_fakedebuggerd_c_and_related_trojans/
[Web安全]  利用UC Server API绕过验证码爆破创始人密码获取UC Key
http://zone.wooyun.org/content/16851
[设备安全]  对西门子S7 PLC块(Blocks)的探索
http://plcscan.org/blog/2014/11/s7-plc-list-blocks-scan/
[漏洞分析]  MS14-068 Kerberos Domain Privilege Escalation
http://www.secpulse.com/archives/2277.html
[Web安全]  Web攻击日志分析的过去现在与未来
http://drops.wooyun.org/tips/4051
[Web安全]  Discuz! 6.x/7.x 全局变量防御绕过导致命令执行
http://www.secpulse.com/archives/2338.html
[漏洞分析]  Bypassing Microsoft’s Patch for the Sandworm Zero Day: Even ‘Editing’ Can Cause
http://blogs.mcafee.com/mcafee-labs/bypassing-microsofts-patch-for-the-sandworm-zero-day-even-editing-can-cause-harm?utm_medium=spredfast&utm_source=twitter&utm_campaign=Labs#sf5821141
[编程技术]  用 Python 和 OpenCV 检测图片上的条形码
http://blog.jobbole.com/80448/
[移动安全]  安卓上Web漏洞的自动化检测
http://www.fooying.com/automated-detection-of-web-vulnerability-in-android/
[漏洞分析]  Exploit-Exercises Fusion Level01
http://www.programlife.net/exploit-exercises-fusion-level01.html
[漏洞分析]  CVE-2014-1806 .NET Remoting Services漏洞浅析
http://drops.wooyun.org/papers/3993
[取证分析]  detekt:Memory triaging tool
https://github.com/botherder/detekt
[Web安全]  WordPress 3.0-3.9.2 XSS 漏洞详细分析
http://www.secpulse.com/archives/2365.html
[漏洞分析]  海康威视(Hikvision)安防监控录像机曝远程代码执行漏洞
http://www.freebuf.com/vuls/52939.html
[漏洞分析]  深入探讨ROP 载荷分析
http://drops.wooyun.org/papers/4077
[Web安全]  Using PowerShell for Client Side Attacks
http://www.labofapenetrationtester.com/2014/11/powershell-for-client-side-attacks.html
[漏洞分析]  Addressing CVE-2014-6332 SWF Exploit
http://researchcenter.paloaltonetworks.com/2014/11/addressing-cve-2014-6332-swf-exploit/
[恶意分析]  The mystery of Duqu Framework solved
http://securelist.com/blog/research/32354/the-mystery-of-duqu-framework-solved-7/
[Web安全]  掘金安全数据
http://djt.qq.com/ppt/459
[恶意分析]  Malicious Flash Files Gain the Upper Hand With New Obfuscation
http://blog.trendmicro.com/trendlabs-security-intelligence/malicious-flash-files-gain-the-upper-hand-with-new-obfuscation-techniques/
[运维安全]  局域网内针对自制证书网站的SSL中间人攻击
http://techblog.youdao.com/?p=1159
[移动安全]  Virus Bulletin : Obfuscation in Android malware
https://www.virusbtn.com/virusbulletin/archive/2014/07/vb201407-Android-obfuscation
[运维安全]  goaccess: real-time web log analyzer and interactive viewer
https://github.com/allinurl/goaccess
[恶意分析]  Android samples
http://androidsandbox.net/samples/
-----微信ID:SecWiki-----
SecWiki,13年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第39期)