SecWiki周刊(第4期)
2014/03/24-2014/03/30
安全技术
Some exploits and exploit development stuff
https://github.com/infodox/exploits
https://github.com/infodox/exploits
如何利用BurpSuite破解webshell
http://www.5d87.com/article/%E9%9A%8F%E7%AC%94/189.html
http://www.5d87.com/article/%E9%9A%8F%E7%AC%94/189.html
Light4Freedom战队BCTF攻略(上)
http://www.freebuf.com/articles/web/29517.html
http://www.freebuf.com/articles/web/29517.html
Oldboot.B:与Bootkit技术结合的木马隐藏手段的运用
http://blogs.360.cn/blog/analysis_of_oldboot_b/
http://blogs.360.cn/blog/analysis_of_oldboot_b/
Linux日志清理工具wipe
http://www.coolhacker.org/?p=1572
http://www.coolhacker.org/?p=1572
APT Actors Leverage Interest in the Disappearance of Malaysian Flight MH 370
http://www.fireeye.com/blog/technical/malware-research/2014/03/spear-phishing-the-news-cycle-apt-actors-leverage-interest-in-the-disappearance-of-malaysian-flight-mh-370.html
http://www.fireeye.com/blog/technical/malware-research/2014/03/spear-phishing-the-news-cycle-apt-actors-leverage-interest-in-the-disappearance-of-malaysian-flight-mh-370.html
SkypeFreak Forensic Tool
http://packetstormsecurity.com/files/125816/SkypeFreak-Forensic-Tool.html
http://packetstormsecurity.com/files/125816/SkypeFreak-Forensic-Tool.html
AndroTotal: free service to scan suspicious APKs
http://andrototal.org/
http://andrototal.org/
New iOS malware use Cydia Substrate to steal advertisement promotion fee
http://www.claudxiao.net/2014/03/ios_malware_spad/
http://www.claudxiao.net/2014/03/ios_malware_spad/
WinRar File extension spoofing ( 0DAY )
http://an7isec.blogspot.co.il/2014/03/winrar-file-extension-spoofing-0day.html
http://an7isec.blogspot.co.il/2014/03/winrar-file-extension-spoofing-0day.html
回到基本面:CFI的软件防护视角
http://qing.blog.sina.com.cn/1891235985/70b9f89133004wr4.html
http://qing.blog.sina.com.cn/1891235985/70b9f89133004wr4.html
wechall mysql关卡题解
http://drops.wooyun.org/papers/1321
http://drops.wooyun.org/papers/1321
white-elephant:Hadoop log aggregator and dashboard
https://github.com/linkedin/white-elephant
https://github.com/linkedin/white-elephant
测试金字塔新解之移动无线应用测试
http://blog.jobbole.com/63690/
http://blog.jobbole.com/63690/
讲座:善用佳软,让您轻松高效学习
http://xbeta.info/lecture-201403.htm
http://xbeta.info/lecture-201403.htm
[Honeypot Alert] JCE Joomla Extension Attacks
http://blog.spiderlabs.com/2014/03/honeypot-alert-jce-joomla-extension-attacks.html
http://blog.spiderlabs.com/2014/03/honeypot-alert-jce-joomla-extension-attacks.html
CVE-2013-3897漏洞分析
http://www.freebuf.com/articles/system/29445.html
http://www.freebuf.com/articles/system/29445.html
Ping&DNS – 查询 Ping/DNS/Whois 等信息
http://www.appinn.com/ping-and-dns-for-android/
http://www.appinn.com/ping-and-dns-for-android/
多层代理下解决链路低延迟的技巧
http://drops.wooyun.org/tips/1286
http://drops.wooyun.org/tips/1286
Malware-Traffic-Analysis.net
http://malware-traffic-analysis.net/
http://malware-traffic-analysis.net/
NSFOCUS_ICS_Security_Report_20140311
http://vdisk.weibo.com/s/r1DAFAovsYVH
http://vdisk.weibo.com/s/r1DAFAovsYVH
Nginx安全配置研究
http://drops.wooyun.org/tips/1323
http://drops.wooyun.org/tips/1323
BlackHat Asia USB Physical Access
https://www.nccgroup.com/en/learning-and-research-centre/presentations/blackhat-asia-usb-physical-access/
https://www.nccgroup.com/en/learning-and-research-centre/presentations/blackhat-asia-usb-physical-access/
Decision Tree 及实现
http://blog.sae.sina.com.cn/archives/3206
http://blog.sae.sina.com.cn/archives/3206
XSS和字符集的那些事儿
http://drops.wooyun.org/papers/1327
http://drops.wooyun.org/papers/1327
NCC Security Presentations
https://www.nccgroup.com/en/learning-and-research-centre/presentations/
https://www.nccgroup.com/en/learning-and-research-centre/presentations/
linux键盘记录软件 logkeys
http://www.coolhacker.org/?p=1444
http://www.coolhacker.org/?p=1444
Computer Forensics Investigation – A Case Study
http://resources.infosecinstitute.com/computer-forensics-investigation-case-study/
http://resources.infosecinstitute.com/computer-forensics-investigation-case-study/
Linux PAM&&PAM后门
http://drops.wooyun.org/tips/1288
http://drops.wooyun.org/tips/1288
recommendation to stay protected and for detections
http://blogs.technet.com/b/srd/archive/2014/03/24/security-advisory-2953095-recommendation-to-stay-protected-and-for-detections.aspx
http://blogs.technet.com/b/srd/archive/2014/03/24/security-advisory-2953095-recommendation-to-stay-protected-and-for-detections.aspx
Windows Domain Credentials Phishing Tool
http://sourceforge.net/projects/wdcpt/
http://sourceforge.net/projects/wdcpt/
fireeye-zero-day-attacks-in-2013
http://vdisk.weibo.com/s/C72IDYVyJJhK_/1395930614
http://vdisk.weibo.com/s/C72IDYVyJJhK_/1395930614
Vulnerable Encoded URL
http://resources.infosecinstitute.com/vulnerable-encoded-url/
http://resources.infosecinstitute.com/vulnerable-encoded-url/
让你的网站支持手机二维码登录
http://www.ideawu.net/blog/archives/793.html
http://www.ideawu.net/blog/archives/793.html
Bogofilter:邮件过滤器
http://bogofilter.sourceforge.net/
http://bogofilter.sourceforge.net/
谈谈个人常用的软件(新增加三款)
http://jianshu.io/p/01acf2aa5b24
http://jianshu.io/p/01acf2aa5b24
Reverse Engineering Resources
http://samdmarshall.com/re.html
http://samdmarshall.com/re.html
Go Bootcamp
http://www.golangbootcamp.com/book
http://www.golangbootcamp.com/book
Hostname bruteforcing on the cheap
http://www.room362.com/blog/2014/01/29/hostname-bruteforcing-on-the-cheap/
http://www.room362.com/blog/2014/01/29/hostname-bruteforcing-on-the-cheap/
Cisco 2014 Annual Security Report
http://www.valleytalk.org/wp-content/uploads/2014/03/Cisco_2014_ASR.pdf
http://www.valleytalk.org/wp-content/uploads/2014/03/Cisco_2014_ASR.pdf
Security Conference Calendar
https://www.duosecurity.com/resources/calendar
https://www.duosecurity.com/resources/calendar
-----微信ID:SecWiki-----
SecWiki,13年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第4期)
