SecWiki周刊(第50期)
2015/02/09-2015/02/15
安全资讯
[移动安全]  五大机构携手成立移动金融安全研究联合实验室
http://money.163.com/15/0212/10/AI8DCLNO00253B0H.html
[恶意分析]  Biter bitten as hacker leaks source code for popular exploit kit
http://www.theregister.co.uk/2015/02/13/rig_exploit_kit_source_code_leak/
[Web安全]  Today I Am Releasing Ten Million Passwords
https://xato.net/passwords/ten-million-passwords/
[恶意分析]  Facebook launches social network for sharing security threat info
http://www.cnet.com/news/facebook-launches-social-network-for-sharing-security-threat-info/
[Web安全]  2014年互联网安全厂商年终报告汇总(国外版)上
http://www.freebuf.com/news/special/58645.html
安全技术
[设备安全]  Firmware Forensics: Diffs, Timelines, ELFs and Backdoors
http://w00tsec.blogspot.tw/2015/02/firmware-forensics-diffs-timelines-elfs.html
[书籍]  汽车安全:汽车黑客手册(电子书下载)
http://www.freebuf.com/articles/others-articles/58625.html
[数据挖掘]  FuzzTesting
http://wiki.wireshark.org/FuzzTesting
[Web安全]  隐写术总结
http://drops.wooyun.org/tips/4862
[漏洞分析]  MS14-066 In Depth Analysis | MalwareTech
http://www.malwaretech.com/2014/11/ms14-066-in-depth-analysis.html
[漏洞分析]  RingZer0 2015 CTF Shellcoding
https://ctf-team.vulnhub.com/ringzer0-2015-ctf-shellcoding/
[漏洞分析]  lcamtuf's blog: Bi-level TIFFs and the tale of the unexpectedly early patch
http://lcamtuf.blogspot.tw/2015/02/bi-level-tiffs-and-tale-of-unexpectedly.html
[数据挖掘]  american fuzzy lop (1.40b)
http://lcamtuf.coredump.cx/afl/
[移动安全]  IDA ADB Helper:辅助Android调试的插件
http://techbliss.org/threads/adb-qt-super-version.626/
[编程技术]  浅析Docker架构、原理及实例配置演示
https://community.emc.com/docs/DOC-42054
[恶意分析]  A New Zero-Day of Adobe Flash CVE-2015-0313 Exploited in the Wild
https://www.trustwave.com/Resources/SpiderLabs-Blog/A-New-Zero-Day-of-Adobe-Flash-CVE-2015-0313-Exploited-in-the-Wild/
[Web安全]  SSJS Web Shell Injection:netsec
http://www.reddit.com/r/netsec/comments/2v8l1z/ssjs_web_shell_injection/
[Web安全]  Cure53 XSSMas Challenge '14 Writeup
http://masatokinugawa.l0.cm/2015/02/cure53-xssmas-challenge-14-writeup.html
[漏洞分析]  Microsoft Internet Explorer 9-11 Windows 7-8.1 Vulnerability (patched in 2014)
http://www.vnsecurity.net/research/2015/02/12/msie-vuln-analysis.html
[取证分析]  Kippo-Graph 1.5 released!
http://bruteforce.gr/kippo-graph-1-5-released.html
[编程技术]  A Self-Compiling Android Data Obfuscation Tool
http://arxiv.org/pdf/1502.01625v1.pdf
[恶意分析]  Gh0st RAT: Complete Malware Analysis – Part 1
http://resources.infosecinstitute.com/gh0st-rat-complete-malware-analysis-part-1/
[恶意分析]  Installing and Using Cuckoo Malware Analysis Sandbox
http://www.proteansec.com/linux/installing-using-cuckoo-malware-analysis-sandbox/
[恶意分析]  Linux.BackDoor.XNote.1 indicators
http://www.deependresearch.org/2015/02/linuxbackdoorxnote1-indicators.html
[漏洞分析]  腾讯电脑管家TAV引擎逆向分析
http://drops.wooyun.org/tips/4931
[恶意分析]  CVE-2015-0311 (Flash up to 16.0.0.287) integrating Exploit Kits
http://malware.dontneedcoffee.com/2015/01/cve-2015-0311-flash-up-to-1600287.html
[工具]  Bindead - a static analysis tool for binaries.
https://bitbucket.org/mihaila/bindead/wiki/Home
[Web安全]  分布式端口扫描利刃: 使用DNmap创建Nmap集群
http://www.secpulse.com/archives/4713.html
[移动安全]  2014年Android恶意代码发展报告
http://blog.avlyun.com/2015/02/2137/malware-report/
[漏洞分析]  一个信息泄露漏洞的成长: CVE-2015-0310分析与利用
http://vdisk.weibo.com/share/batch/z8Mc-3059u1zr,z8Mc-3059u1zU
[编程技术]  Buffer Overflow EIP Offset String Generator
http://projects.jason-rush.com/buffer-overflow-eip-offset-string-generator
[运维安全]  互联网企业级监控系统实践
http://noops.me/?p=1798
[运维安全]  WebKnight - Open Source Web Application Firewall (WAF) for IIS
https://www.aqtronix.com/?PageID=99
[漏洞分析]  CVE2015-0057漏洞样本构造探索
http://drops.wooyun.org/papers/4939
[移动安全]  Android Service Security
http://drops.wooyun.org/tips/4907
[编程技术]   Create regular expressions using chained methods.
https://github.com/thebinarysearchtree/regexpbuilderjs
[漏洞分析]  Pentesting iOS Applications
http://www.slideshare.net/jasonhaddix/pentesting-ios-applications
[工具]  Dirs3arch v0.3.0 - HTTP(S) Directory/File Brute Forcer
http://www.kitploit.com/2015/02/dirs3arch-v030-https-directoryfile.html
[编程技术]  BabelCrypt:Universal Encryption Layer for Mobile Messaging Applications
https://www.mulliner.org/collin/academic/publications/babelcrypt_fc15_slides.pdf
[工具]  stunnel SSL Encryption Wrapper
http://n0where.net/stunnel/
[漏洞分析]  Bypassing Windows’ 10 Protections using a Single Bit
http://breakingmalware.com/vulnerabilities/one-bit-rule-bypassing-windows-10-protections-using-single-bit/
[Web安全]  PHP中的内存破坏漏洞利用(CVE-2014-8142和CVE-2015-0231)
http://drops.wooyun.org/papers/4864
[Web安全]  mysql syntax bypass some WAF
http://zone.wooyun.org/content/18601
[Web安全]  pretty awesome XSS auditor bypass
http://www.thespanner.co.uk/2015/02/10/xss-auditor-bypass/
安全专题
数据挖掘中得常见Python库
https://www.sec-wiki.com/topic/58
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第50期)