SecWiki周刊(第39期)
2014/11/24-2014/11/30
安全资讯
走近科学:剑指Android和iOS系统的DoubleDirect中间人攻击
http://www.freebuf.com/news/special/52615.html
http://www.freebuf.com/news/special/52615.html
IP.Board 3.4.5中SQL注入漏洞的利用与分析
http://www.freebuf.com/articles/web/53018.html
http://www.freebuf.com/articles/web/53018.html
深度:剖析三星Galaxy KNOX远程代码执行漏洞(含视频)
http://www.freebuf.com/news/52668.html
http://www.freebuf.com/news/52668.html
金玉其外败絮其中:百度杀毒“雪狼引擎”逆向分析
http://www.freebuf.com/articles/system/53021.html
http://www.freebuf.com/articles/system/53021.html
偏门系统拾遗:Tru64 Unix系统搭建渗透指南
http://www.freebuf.com/articles/system/52782.html
http://www.freebuf.com/articles/system/52782.html
安全技术
XDef2014 全国网络与信息安全防护峰会PPT
http://www.xdef.org.cn/2014/agenda.html
http://www.xdef.org.cn/2014/agenda.html
Pfsense HA(高可用性群集)
http://drops.wooyun.org/%e8%bf%90%e7%bb%b4%e5%ae%89%e5%85%a8/4010
http://drops.wooyun.org/%e8%bf%90%e7%bb%b4%e5%ae%89%e5%85%a8/4010
CVE-2014-6332 Swf 攻击样本分析
http://bobao.360.cn/learning/detail/111.html
http://bobao.360.cn/learning/detail/111.html
WordPress 3.0-3.92 存储型XSS添加管理员&getshell脚本
http://bobao.360.cn/learning/detail/112.html
http://bobao.360.cn/learning/detail/112.html
土耳其黑客入侵本国电力系统,怒删贫困地区巨额债务账单(含视频)
http://www.freebuf.com/news/52685.html
http://www.freebuf.com/news/52685.html
Winshock(MS14-066)最新分析与研究
http://www.securitysift.com/exploiting-ms14-066-cve-2014-6321-aka-winshock/
http://www.securitysift.com/exploiting-ms14-066-cve-2014-6321-aka-winshock/
提高NodeJS网站的安全性:Web服务器防黑客攻击技巧
http://ourjs.com/detail/%E6%8F%90%E9%AB%98nodejs%E7%BD%91%E7%AB%99%E7%9A%84%E5%AE%89%E5%85%A8%E6%80%A7-web%E6%9C%8D%E5%8A%A1%E5%99%A8%E9%98%B2%E9%BB%91%E5%AE%A2%E6%94%BB%E5%87%BB%E6%8A%80%E5%B7%A7
http://ourjs.com/detail/%E6%8F%90%E9%AB%98nodejs%E7%BD%91%E7%AB%99%E7%9A%84%E5%AE%89%E5%85%A8%E6%80%A7-web%E6%9C%8D%E5%8A%A1%E5%99%A8%E9%98%B2%E9%BB%91%E5%AE%A2%E6%94%BB%E5%87%BB%E6%8A%80%E5%B7%A7
黑客辞典:暗网(the Dark Web)
http://www.freebuf.com/news/special/52445.html
http://www.freebuf.com/news/special/52445.html
知其一不知其二之Jenkins Hacking
http://www.secpulse.com/archives/2166.html
http://www.secpulse.com/archives/2166.html
The Fuzzing Project
https://fuzzing-project.org/
https://fuzzing-project.org/
Metasploit渗透Ubuntu 12.04攻击测试演练
http://www.freebuf.com/articles/system/52692.html
http://www.freebuf.com/articles/system/52692.html
网络空间工控设备的发现与入侵
http://evilcos.me/?p=473
http://evilcos.me/?p=473
Web渗透练习技巧N则(一)
http://www.freebuf.com/articles/web/52413.html
http://www.freebuf.com/articles/web/52413.html
youtube-dl:视频下载利器
https://rg3.github.io/youtube-dl/
https://rg3.github.io/youtube-dl/
深度:剖析三星Galaxy KNOX远程代码执行漏洞(含视频)
http://www.freebuf.com/news/52668.html
http://www.freebuf.com/news/52668.html
2014-11-23 - TRAFFIC ANALYSIS EXERCISE
http://www.malware-traffic-analysis.net/2014/11/23/index.html
http://www.malware-traffic-analysis.net/2014/11/23/index.html
cve-2014-0569 漏洞利用分析
http://drops.wooyun.org/papers/4024
http://drops.wooyun.org/papers/4024
涂师傅android手机数据恢复
http://www.tushifu.com/andr.html
http://www.tushifu.com/andr.html
利用UC Server API绕过验证码爆破创始人密码获取UC Key
http://zone.wooyun.org/content/16851
http://zone.wooyun.org/content/16851
“长老木马”三代揪出背后“大毒枭”
http://blogs.360.cn/360mobile/2014/11/24/analysis_of_fakedebuggerd_c_and_related_trojans/
http://blogs.360.cn/360mobile/2014/11/24/analysis_of_fakedebuggerd_c_and_related_trojans/
Discuz! 6.x/7.x 全局变量防御绕过导致命令执行
http://www.secpulse.com/archives/2338.html
http://www.secpulse.com/archives/2338.html
对西门子S7 PLC块(Blocks)的探索
http://plcscan.org/blog/2014/11/s7-plc-list-blocks-scan/
http://plcscan.org/blog/2014/11/s7-plc-list-blocks-scan/
Web攻击日志分析的过去现在与未来
http://drops.wooyun.org/tips/4051
http://drops.wooyun.org/tips/4051
MS14-068 Kerberos Domain Privilege Escalation
http://www.secpulse.com/archives/2277.html
http://www.secpulse.com/archives/2277.html
Bypassing Microsoft’s Patch for the Sandworm Zero Day: Even ‘Editing’ Can Cause
http://blogs.mcafee.com/mcafee-labs/bypassing-microsofts-patch-for-the-sandworm-zero-day-even-editing-can-cause-harm?utm_medium=spredfast&utm_source=twitter&utm_campaign=Labs#sf5821141
http://blogs.mcafee.com/mcafee-labs/bypassing-microsofts-patch-for-the-sandworm-zero-day-even-editing-can-cause-harm?utm_medium=spredfast&utm_source=twitter&utm_campaign=Labs#sf5821141
WordPress 3.0-3.9.2 XSS 漏洞详细分析
http://www.secpulse.com/archives/2365.html
http://www.secpulse.com/archives/2365.html
Exploit-Exercises Fusion Level01
http://www.programlife.net/exploit-exercises-fusion-level01.html
http://www.programlife.net/exploit-exercises-fusion-level01.html
海康威视(Hikvision)安防监控录像机曝远程代码执行漏洞
http://www.freebuf.com/vuls/52939.html
http://www.freebuf.com/vuls/52939.html
深入探讨ROP 载荷分析
http://drops.wooyun.org/papers/4077
http://drops.wooyun.org/papers/4077
detekt:Memory triaging tool
https://github.com/botherder/detekt
https://github.com/botherder/detekt
CVE-2014-1806 .NET Remoting Services漏洞浅析
http://drops.wooyun.org/papers/3993
http://drops.wooyun.org/papers/3993
Using PowerShell for Client Side Attacks
http://www.labofapenetrationtester.com/2014/11/powershell-for-client-side-attacks.html
http://www.labofapenetrationtester.com/2014/11/powershell-for-client-side-attacks.html
用 Python 和 OpenCV 检测图片上的条形码
http://blog.jobbole.com/80448/
http://blog.jobbole.com/80448/
Addressing CVE-2014-6332 SWF Exploit
http://researchcenter.paloaltonetworks.com/2014/11/addressing-cve-2014-6332-swf-exploit/
http://researchcenter.paloaltonetworks.com/2014/11/addressing-cve-2014-6332-swf-exploit/
The mystery of Duqu Framework solved
http://securelist.com/blog/research/32354/the-mystery-of-duqu-framework-solved-7/
http://securelist.com/blog/research/32354/the-mystery-of-duqu-framework-solved-7/
Malicious Flash Files Gain the Upper Hand With New Obfuscation
http://blog.trendmicro.com/trendlabs-security-intelligence/malicious-flash-files-gain-the-upper-hand-with-new-obfuscation-techniques/
http://blog.trendmicro.com/trendlabs-security-intelligence/malicious-flash-files-gain-the-upper-hand-with-new-obfuscation-techniques/
局域网内针对自制证书网站的SSL中间人攻击
http://techblog.youdao.com/?p=1159
http://techblog.youdao.com/?p=1159
Virus Bulletin : Obfuscation in Android malware
https://www.virusbtn.com/virusbulletin/archive/2014/07/vb201407-Android-obfuscation
https://www.virusbtn.com/virusbulletin/archive/2014/07/vb201407-Android-obfuscation
goaccess: real-time web log analyzer and interactive viewer
https://github.com/allinurl/goaccess
https://github.com/allinurl/goaccess
Android samples
http://androidsandbox.net/samples/
http://androidsandbox.net/samples/
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第39期)
