SecWiki周刊(第40期)
2014/12/01-2014/12/07
安全资讯
SSDP:DDoS攻击的“新宠”
http://www.searchsecurity.com.cn/showcontent_86458.htm
http://www.searchsecurity.com.cn/showcontent_86458.htm
走近科学:那些年,媒体笔下被夸大的黑客
http://www.freebuf.com/news/special/53108.html
http://www.freebuf.com/news/special/53108.html
一洞观全球:看各国网络战防御能力
http://blog.knownsec.com/2014/12/look_up_the_gloable_world_defence_ability_with_one_bug/
http://blog.knownsec.com/2014/12/look_up_the_gloable_world_defence_ability_with_one_bug/
Bruce Schneier_信息安全事件响应领域的发展现状
http://vdisk.weibo.com/s/Ei9aTv-oZyZN
http://vdisk.weibo.com/s/Ei9aTv-oZyZN
事件追踪:索尼影视员工数据进一步泄露
http://www.freebuf.com/news/53605.html
http://www.freebuf.com/news/53605.html
索尼聘请火眼公司调查大规模网络攻击事件
http://sc.qq.com/fx/t?r=Hbtgef
http://sc.qq.com/fx/t?r=Hbtgef
黑客组织专门对华尔街公司发动钓鱼攻击
http://www.solidot.org/story?sid=42118
http://www.solidot.org/story?sid=42118
从业之路_yuange1975
http://blog.sina.com.cn/s/blog_85e506df0100w7dn.html
http://blog.sina.com.cn/s/blog_85e506df0100w7dn.html
索尼入侵事件新发现:强大的恶意程序BKDR_WIPALL
http://www.freebuf.com/news/53583.html
http://www.freebuf.com/news/53583.html
伊朗黑客组织手术刀(Operation Cleaver)剑指全球工控系统
http://www.secpulse.com/archives/2831.html
http://www.secpulse.com/archives/2831.html
中国顶级黑客团队Keen Team加入Google全球黑客天团计划
https://www.t00ls.net/news-28683.html
https://www.t00ls.net/news-28683.html
一周海外安全事件回顾:混乱的中东网络战
http://www.freebuf.com/news/53295.html
http://www.freebuf.com/news/53295.html
索尼入侵事件与朝鲜有关?揭秘朝鲜黑客部队
http://www.freebuf.com/news/53333.html
http://www.freebuf.com/news/53333.html
安全技术
射手网复活攻略:用百度快照和phantomjs让射手网起死回生
http://www.freebuf.com/news/special/53197.html
http://www.freebuf.com/news/special/53197.html
802.11协议帧格式、Wi-Fi连接交互过程、无线破解入门研究
http://www.cnblogs.com/littlehann/p/3700357.html
http://www.cnblogs.com/littlehann/p/3700357.html
使用Burp Suite爆破Web应用密码
http://lewisec.sinaapp.com/2014/12/03/burpsuite-web/
http://lewisec.sinaapp.com/2014/12/03/burpsuite-web/
Bazinga Team:阿里巴巴大数据竞赛
http://vdisk.weibo.com/s/vc5taB3Byfky/1408942526
http://vdisk.weibo.com/s/vc5taB3Byfky/1408942526
wordpress 存储型XSS 全自动化攻击工具
http://www.secpulse.com/archives/2822.html
http://www.secpulse.com/archives/2822.html
A look at the pcap file format
http://www.kroosec.com/2012/10/a-look-at-pcap-file-format.html
http://www.kroosec.com/2012/10/a-look-at-pcap-file-format.html
Offset2lib: bypassing full ASLR on 64bit Linux
http://cybersecurity.upv.es/attacks/offset2lib/offset2lib.html
http://cybersecurity.upv.es/attacks/offset2lib/offset2lib.html
【Web漏洞响应】WordPress罕曝高危XSS
http://nsfocus.blog.163.com/blog/static/194602157201411232741227/
http://nsfocus.blog.163.com/blog/static/194602157201411232741227/
cve_2013_3918 exp分析
http://bbs.pediy.com/showthread.php?p=1334580#post1334580
http://bbs.pediy.com/showthread.php?p=1334580#post1334580
通过nltk的机器学习方法实现论坛垃圾帖的过滤
http://blog.sina.com.cn/s/blog_630c58cb0100vkw3.html
http://blog.sina.com.cn/s/blog_630c58cb0100vkw3.html
TextRank4ZH:从中文文本中自动提取关键词和摘要
https://github.com/someus/TextRank4ZH
https://github.com/someus/TextRank4ZH
hackfest2014 slide
https://files.sans.org/summit/hackfest2014/
https://files.sans.org/summit/hackfest2014/
9447-ctf-2014 write-ups
https://github.com/ctfs/write-ups/tree/master/9447-ctf-2014
https://github.com/ctfs/write-ups/tree/master/9447-ctf-2014
Stock Price Prediction With Big Data and Machine Learning
http://eugenezhulenev.com/blog/2014/11/14/stock-price-prediction-with-big-data-and-machine-learning/
http://eugenezhulenev.com/blog/2014/11/14/stock-price-prediction-with-big-data-and-machine-learning/
Internet Explorer EPM沙盒跳出漏洞的分析(CVE-2014-6350)
http://drops.wooyun.org/papers/4162
http://drops.wooyun.org/papers/4162
CVE-2014-6321 schannel堆溢出漏洞分析
http://drops.wooyun.org/papers/4194
http://drops.wooyun.org/papers/4194
EasyCTF Tutorials
http://learn.easyctf.com/
http://learn.easyctf.com/
Escaping the Internet Explorer Sandbox
http://blog.trendmicro.com/trendlabs-security-intelligence/escaping-the-internet-explorer-sandbox-analyzing-cve-2014-6349/
http://blog.trendmicro.com/trendlabs-security-intelligence/escaping-the-internet-explorer-sandbox-analyzing-cve-2014-6349/
DEF CON 22 Video and Slides Torrent
https://www.defcon.org/html/torrent/DEF%20CON%2022%20video%20and%20slides.torrent
https://www.defcon.org/html/torrent/DEF%20CON%2022%20video%20and%20slides.torrent
Hurl.it — Make HTTP Requests
http://hurl.bosondata.net/
http://hurl.bosondata.net/
SDN落地的实践与思考:带着问题找方案,别管定义啦
http://www.infoq.com/cn/articles/sdn-practice-and-thinking-problem-plan#0-tsina-1-5746-397232819ff9a47a7b7e80a40613cfe1
http://www.infoq.com/cn/articles/sdn-practice-and-thinking-problem-plan#0-tsina-1-5746-397232819ff9a47a7b7e80a40613cfe1
大数据科学论坛PPT下载(11月30日-12月1日)
http://blog.sciencenet.cn/blog-3075-848329.html
http://blog.sciencenet.cn/blog-3075-848329.html
CVE-2014-1824 – A New Windows Fuzzing Target
http://blog.beyondtrust.com/cve-2014-1824-searching-for-windows-attack-surface
http://blog.beyondtrust.com/cve-2014-1824-searching-for-windows-attack-surface
应对CC攻击的自动防御系统——原理与实现
http://drops.wooyun.org/%e8%bf%90%e7%bb%b4%e5%ae%89%e5%85%a8/4151
http://drops.wooyun.org/%e8%bf%90%e7%bb%b4%e5%ae%89%e5%85%a8/4151
MS14-063 A Potential XP Exploit
http://blogs.cisco.com/security/talos/ms14-063-a-potential-xp-exploit
http://blogs.cisco.com/security/talos/ms14-063-a-potential-xp-exploit
许鑫:谈工控网络的脆弱性和安全防护技术
http://bobao.360.cn/course/detail/105.html
http://bobao.360.cn/course/detail/105.html
Getting Started with Bootflat Framework
http://bootflat.github.io/getting-started.html
http://bootflat.github.io/getting-started.html
WiGLE: Wireless Network Mapping
https://wigle.net/
https://wigle.net/
SpoofedMe Social Login Attack Discovered
http://securityintelligence.com/spoofedme-social-login-attack-discovered-by-ibm-x-force-researchers#.VIDxP6QlfjI
http://securityintelligence.com/spoofedme-social-login-attack-discovered-by-ibm-x-force-researchers#.VIDxP6QlfjI
利用GRC进行安全研究和审计 – 将无线电信号转换为数据包
http://drops.wooyun.org/wireless/4118
http://drops.wooyun.org/wireless/4118
test VMs of Windows Download
https://www.modern.ie/en-us/virtualization-tools
https://www.modern.ie/en-us/virtualization-tools
Top cybersecurity predictions of 2015
http://www.zdnet.com/top-cybersecurity-predictions-of-2015-7000036102/
http://www.zdnet.com/top-cybersecurity-predictions-of-2015-7000036102/
Capture the Flag: Security Tools and Sites
http://faculty.cs.nku.edu/~waldenj/ctf/tools.html
http://faculty.cs.nku.edu/~waldenj/ctf/tools.html
高屋建瓴之WebMail攻与防
http://www.secpulse.com/archives/2664.html
http://www.secpulse.com/archives/2664.html
YC创业课中文社区
http://startupclass.club/
http://startupclass.club/
9447 CTF 2014 – Web 100 – tumorous – Wiremask
http://wiremask.eu/9447-ctf-2014-web-100-tumorous/
http://wiremask.eu/9447-ctf-2014-web-100-tumorous/
用Python进行自然语言处理(中文)
http://vdisk.weibo.com/s/dxRHG7y0jQiPH
http://vdisk.weibo.com/s/dxRHG7y0jQiPH
Project Zero: Internet Explorer EPM Sandbox Escape CVE-2014-6350
http://googleprojectzero.blogspot.co.uk/2014/12/internet-explorer-epm-sandbox-escape.html
http://googleprojectzero.blogspot.co.uk/2014/12/internet-explorer-epm-sandbox-escape.html
Hacking Facebook.com/thanks Posting on behalf of your friends!
http://www.anandprakash.pw/2014/11/hacking-facebookcomthanks-posting-on.html
http://www.anandprakash.pw/2014/11/hacking-facebookcomthanks-posting-on.html
Attack on the Core
http://www.slideshare.net/PeterHlavaty/attack-on-the-core
http://www.slideshare.net/PeterHlavaty/attack-on-the-core
Methods for Binary Symbolic Execution (Anthony Romano's dissertation)
http://web.stanford.edu/~ajromano/dis.pdf
http://web.stanford.edu/~ajromano/dis.pdf
Installing Metasploit Framework on OS X Yosemite
http://hackerforhire.com.au/
http://hackerforhire.com.au/
OQL(对象查询语言)在产品实现中造成的RCE(Object Injection)
http://drops.wooyun.org/papers/4115
http://drops.wooyun.org/papers/4115
-----微信ID:SecWiki-----
SecWiki,13年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第40期)
