SecWiki周刊(第56期)
2015/03/23-2015/03/29
安全资讯
百度统计js被劫持用来DDOS Github
http://drops.wooyun.org/news/5398
http://drops.wooyun.org/news/5398
Full Open Source Car Hacking Kit For The Masses
http://www.forbes.com/sites/thomasbrewster/2015/03/25/hack-a-car-for-60-dollars/
http://www.forbes.com/sites/thomasbrewster/2015/03/25/hack-a-car-for-60-dollars/
Millions of computers left vulnerable to BIOS chip hack
http://www.welivesecurity.com/2015/03/23/millions-computers-left-vulnerable-bios-chip-hack/
http://www.welivesecurity.com/2015/03/23/millions-computers-left-vulnerable-bios-chip-hack/
Study reveals We are being tracked by Our Smartphones
https://www.hackread.com/study-reveals-we-are-being-tracked-by-our-smartphones-every-3-minutes/
https://www.hackread.com/study-reveals-we-are-being-tracked-by-our-smartphones-every-3-minutes/
Stealing Data From Computers Using Heat
http://www.wired.com/2015/03/stealing-data-computers-using-heat/
http://www.wired.com/2015/03/stealing-data-computers-using-heat/
Fei-Fei Li: How we're teaching computers to understand pictures
http://www.ted.com/talks/fei_fei_li_how_we_re_teaching_computers_to_understand_pictures
http://www.ted.com/talks/fei_fei_li_how_we_re_teaching_computers_to_understand_pictures
安全技术
列举些Android SDK的国内镜像和相关资源
http://www.xrpmoon.com/blog/archives/jripple1118.html
http://www.xrpmoon.com/blog/archives/jripple1118.html
websocket-injection:WebSocket 中转注入工具
https://github.com/RicterZ/websocket-injection
https://github.com/RicterZ/websocket-injection
GTC2015 deep learning session vedio
https://registration.gputechconf.com/form/session-listing&doSearch=true&additional_parameter_selector=none&queryInput=&topic_selector=Machine+Learning+%26+Deep+Learning&type_selector=none
https://registration.gputechconf.com/form/session-listing&doSearch=true&additional_parameter_selector=none&queryInput=&topic_selector=Machine+Learning+%26+Deep+Learning&type_selector=none
CVE-2014-4487 – IOHIDLibUserClient堆溢出漏洞
http://blog.pangu.io/cve-2014-4487/
http://blog.pangu.io/cve-2014-4487/
对JiaThis Flash XSS的挖掘与分析
http://www.leavesongs.com/PENETRATION/jiathis-fso-flash-xss-rootkit.html
http://www.leavesongs.com/PENETRATION/jiathis-fso-flash-xss-rootkit.html
BCTF 2015 CamlMaze命題報告及CTF題目鏡像準備方法
http://maskray.me/blog/2015-03-23-bctf-2015-camlmaze
http://maskray.me/blog/2015-03-23-bctf-2015-camlmaze
Python Programming Tutorials Video
http://pythonprogramming.net/dashboard/
http://pythonprogramming.net/dashboard/
Smart COM Fuzzing - Auditing IE Sandbox Bypass in COM Objects
https://sites.google.com/site/zerodayresearch/Smart_COM_Fuzzing_Auditing_IE_Sandbox_Bypass_in_COM_Objects_final.pdf
https://sites.google.com/site/zerodayresearch/Smart_COM_Fuzzing_Auditing_IE_Sandbox_Bypass_in_COM_Objects_final.pdf
Ad-Fraud Malware Hijacks Router DNS – Injects Ads Via Google Analytics
http://aralabs.com/blog/2015/03/25/ad-fraud-malware-hijacks-router-dns-injects-ads-via-google-analytics/
http://aralabs.com/blog/2015/03/25/ad-fraud-malware-hijacks-router-dns-injects-ads-via-google-analytics/
honggfuzz:A general-purpose fuzzer with simple, command-line interface
https://code.google.com/p/honggfuzz/
https://code.google.com/p/honggfuzz/
揭秘:钓鱼攻击工具包Angler Exploit Kit初探
http://www.freebuf.com/news/special/61942.html
http://www.freebuf.com/news/special/61942.html
【流量劫持】躲避 HSTS 的 HTTPS 劫持
http://www.cnblogs.com/index-html/p/https_hijack_hsts.html
http://www.cnblogs.com/index-html/p/https_hijack_hsts.html
IROS 2014 Aerial Open Source Robotics Workshop
http://pixhawk.org/iros2014/proceedings/
http://pixhawk.org/iros2014/proceedings/
MongoDB vs. Elasticsearch: The Quest of the Holy Performances
http://blog.quarkslab.com/mongodb-vs-elasticsearch-the-quest-of-the-holy-performances.html
http://blog.quarkslab.com/mongodb-vs-elasticsearch-the-quest-of-the-holy-performances.html
easyPass:字典生成和整理工具
https://github.com/he1m4n6a/easyPass
https://github.com/he1m4n6a/easyPass
Firefox 31~34远程命令执行漏洞的分析
http://drops.wooyun.org/papers/5350
http://drops.wooyun.org/papers/5350
BCTF 2015 - weak_enc Crypto challenge
http://capturetheswag.blogspot.com.au/2015/03/bctf-2015-weakenc-crypto-challenge.html
http://capturetheswag.blogspot.com.au/2015/03/bctf-2015-weakenc-crypto-challenge.html
机器学习的一些通俗易懂的tutorial
http://cn.soulmachine.me/blog/20130327/
http://cn.soulmachine.me/blog/20130327/
Detection of JavaScript-based Malware
http://research.microsoft.com/en-us/projects/nozzle/
http://research.microsoft.com/en-us/projects/nozzle/
Deep Dive Into Stageless Meterpreter Payloads
https://community.rapid7.com/community/metasploit/blog/2015/03/25/stageless-meterpreter-payloads
https://community.rapid7.com/community/metasploit/blog/2015/03/25/stageless-meterpreter-payloads
Introducing Elastichoney - an Elasticsearch Honeypot
http://jordan-wright.github.io/blog/2015/03/23/introducing-elastichoney-an-elasticsearch-honeypot/
http://jordan-wright.github.io/blog/2015/03/23/introducing-elastichoney-an-elasticsearch-honeypot/
XCTF联赛—2015_BCTF_Writeup
http://www.sigma.ws/?p=210
http://www.sigma.ws/?p=210
Threat Spotlight: PoSeidon, A Deep Dive Into Point of Sale Malware
http://blogs.cisco.com/security/talos/poseidon
http://blogs.cisco.com/security/talos/poseidon
dns recon & research, find & lookup dns records
http://dnsdumpster.com/
http://dnsdumpster.com/
这些年做安全的一点心得
http://weibo.com/p/1001603823512262446951
http://weibo.com/p/1001603823512262446951
左右互博:站在攻击者的角度来做防护
http://www.freebuf.com/news/special/61508.html
http://www.freebuf.com/news/special/61508.html
Adventures in Browser Exploitation: Firefox 32.0 - 35.0.1 RCE
https://community.rapid7.com/community/metasploit/blog/2015/03/23/r7-2015-04-disclosure-mozilla-firefox-proxy-prototype-rce-cve-2014-8636
https://community.rapid7.com/community/metasploit/blog/2015/03/23/r7-2015-04-disclosure-mozilla-firefox-proxy-prototype-rce-cve-2014-8636
Cisco 2015 Annual Security Report
http://www.cisco.com/web/offers/pdfs/cisco-asr-2015.pdf
http://www.cisco.com/web/offers/pdfs/cisco-asr-2015.pdf
在未越狱的 iPhone 6上盗取支付宝和微信支付的帐号密码
http://drops.wooyun.org/papers/5309
http://drops.wooyun.org/papers/5309
Android 签名验证机制
http://riusksk.blogbus.com/logs/272154406.html
http://riusksk.blogbus.com/logs/272154406.html
Android平台的SQL注入漏洞浅析
http://security.tencent.com/index.php/blog/msg/79
http://security.tencent.com/index.php/blog/msg/79
IE安全系列:IE的自我介绍 (I)
http://drops.wooyun.org/papers/5390
http://drops.wooyun.org/papers/5390
Bypassing Control Flow Guard on Windows 8
https://blog.coresecurity.com/2015/03/25/exploiting-cve-2015-0311-part-ii-bypassing-control-flow-guard-on-windows-8-1-update-3/
https://blog.coresecurity.com/2015/03/25/exploiting-cve-2015-0311-part-ii-bypassing-control-flow-guard-on-windows-8-1-update-3/
八种最常见Docker开发模式
http://cloud.51cto.com/art/201503/469496.htm
http://cloud.51cto.com/art/201503/469496.htm
Unmasked: An Analysis of 10 Million Passwords
http://wpengine.com/unmasked/
http://wpengine.com/unmasked/
未来 Docker 的安全
http://weibo.com/p/1001603824370337349167
http://weibo.com/p/1001603824370337349167
PowerSpy: Location Tracking using Mobile Device Power Analysis
http://loccs.sjtu.edu.cn/gossip/blog/2015/03/23/2015-03-23/
http://loccs.sjtu.edu.cn/gossip/blog/2015/03/23/2015-03-23/
Cryptographic Backdooring
https://131002.net/syscan.pdf
https://131002.net/syscan.pdf
安全专题
国内NLP相关公司产品
https://www.sec-wiki.com/topic/61
https://www.sec-wiki.com/topic/61
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第56期)
