SecWiki周刊(第6期)
2014/04/07-2014/04/13
安全技术
XDS: Cross-Device Scripting Attacks on Smartphones through HTML5-based Apps
http://www.cis.syr.edu/~wedu/attack/
http://www.cis.syr.edu/~wedu/attack/
MS14-010 CVE-2014-0293 IE UXSS
http://www.securityfocus.com/archive/1/531600
http://www.securityfocus.com/archive/1/531600
ssltest4multi.py
http://pan.baidu.com/s/1c0vghfM
http://pan.baidu.com/s/1c0vghfM
Obfuscalp:suspicious/malicious code planted inside PHP
https://github.com/Orbixx/Obfuscalp
https://github.com/Orbixx/Obfuscalp
Log4Grid:分布式应用日志管理
https://github.com/IKende/Log4Grid
https://github.com/IKende/Log4Grid
"Hack Away at the Unessential" with ExpLib2 in Metasploit
https://securitystreet.jive-mobile.com/#jive-document?content=%2Fapi%2Fcore%2Fv2%2Fposts%2F6597
https://securitystreet.jive-mobile.com/#jive-document?content=%2Fapi%2Fcore%2Fv2%2Fposts%2F6597
Kioptrix: vulnerable machine for beginner
http://vulnhub.com/
http://vulnhub.com/
某互联网公司安全测试面试题
http://weibo.com/p/1001603696479058425112
http://weibo.com/p/1001603696479058425112
Configuring an SSL MITM Test Lab for Android
http://www.tripwire.com/state-of-security/security-data-protection/howto-configuring-ssl-mitm-test-lab-android/#.U0Ypu7t1a8s.twitter
http://www.tripwire.com/state-of-security/security-data-protection/howto-configuring-ssl-mitm-test-lab-android/#.U0Ypu7t1a8s.twitter
PyHTTPShell:Python HTTP Shell
http://exploit.co.il/hacking/python-http-shell/
http://exploit.co.il/hacking/python-http-shell/
WhiteHat Security Observations and Advice about the Heartbleed OpenSSL Exploit
https://blog.whitehatsec.com/whitehat-security-observations-and-advice-about-the-heartbleed-openssl-exploit/
https://blog.whitehatsec.com/whitehat-security-observations-and-advice-about-the-heartbleed-openssl-exploit/
jQuery 内容滑块 jQuery lightSlider
https://github.com/sachinchoolur/lightslider
https://github.com/sachinchoolur/lightslider
Technical Analysis of CVE-2014-1761 RTF Vulnerability
http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Technical-Analysis-of-CVE-2014-1761-RTF-Vulnerability/ba-p/6440048#.U0NKGrhlIbw
http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Technical-Analysis-of-CVE-2014-1761-RTF-Vulnerability/ba-p/6440048#.U0NKGrhlIbw
Internet Heartbleed Health Report
https://zmap.io/heartbleed/
https://zmap.io/heartbleed/
Webshell 远程提权
http://www.91ri.org/8618.html
http://www.91ri.org/8618.html
CVE-2014-1761 0day exploit 已經大量出現在台灣的APT攻擊
http://blog.xecure-lab.com/2014/04/cve-2014-1761-0day-exploit-apt.html
http://blog.xecure-lab.com/2014/04/cve-2014-1761-0day-exploit-apt.html
WebKit XSSAuditor source
https://github.com/WebKit/webkit/blob/master/Source/WebCore/html/parser/XSSAuditor.cpp
https://github.com/WebKit/webkit/blob/master/Source/WebCore/html/parser/XSSAuditor.cpp
dnsproxy:A simple DNS proxy server
https://github.com/vietor/dnsproxy
https://github.com/vietor/dnsproxy
SyScan2014 Conference Slides
http://www.syscan.org/index.php/download
http://www.syscan.org/index.php/download
Malwarelyse.me (An MfS-Enterprise Project)
http://www.malwarelyse.me/
http://www.malwarelyse.me/
Embedded in Academia : Heartbleed and Static Analysis
http://blog.regehr.org/archives/1125
http://blog.regehr.org/archives/1125
Cookies with HttpOnly Flag: Problem in Some Browsers
http://resources.infosecinstitute.com/cookies-httponly-flag-problem-browsers/
http://resources.infosecinstitute.com/cookies-httponly-flag-problem-browsers/
一次通过漏洞挖掘成功渗透某网站的过程
http://www.freebuf.com/articles/web/31053.html
http://www.freebuf.com/articles/web/31053.html
Fuzzing Application AndroidManifest
https://gist.github.com/k3170makan/10001255
https://gist.github.com/k3170makan/10001255
firewall-sosdg:Firewall/SOSDG & SRFirewall
https://code.google.com/p/firewall-sosdg/
https://code.google.com/p/firewall-sosdg/
IIS4\IIS5 CGI环境块伪造0day
http://hi.baidu.com/yuange1975/item/b2cc7141c22108e91e19bc2e
http://hi.baidu.com/yuange1975/item/b2cc7141c22108e91e19bc2e
8×8 Script Leads to Infinity Drive-By
http://www.kahusecurity.com/2014/8x8-script-leads-to-infinity-drive-by/
http://www.kahusecurity.com/2014/8x8-script-leads-to-infinity-drive-by/
收集的资料从来不看怎么办
http://blog.hiddenwangcc.com/archives/1778
http://blog.hiddenwangcc.com/archives/1778
关于OpenSSL“心脏出血”漏洞的分析
http://drops.wooyun.org/papers/1381
http://drops.wooyun.org/papers/1381
sslsniff:A tool for automated MITM attacks on SSL connections
https://github.com/moxie0/sslsniff
https://github.com/moxie0/sslsniff
OPENSSL TLS 支持smtp, pop3, imap, ftp, or xmpp
https://raw.githubusercontent.com/decal/ssltest-stls/master/ssltest-stls.py
https://raw.githubusercontent.com/decal/ssltest-stls/master/ssltest-stls.py
Android Bug Superior to Master Key
http://www.saurik.com/id/18
http://www.saurik.com/id/18
编程不易的《码农周刊》(第26期)
http://weekly.manong.io/issues/26?ref=wiki
http://weekly.manong.io/issues/26?ref=wiki
Analyzing the "Power Worm" PowerShell-based Malware
http://www.exploit-monday.com/2014/04/powerworm-analysis.html
http://www.exploit-monday.com/2014/04/powerworm-analysis.html
Hardening Android for Security and Privacy
https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy
https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy
微信公众平台完整开发教程
http://segmentfault.com/a/1190000000446237
http://segmentfault.com/a/1190000000446237
passivedns:A network sniffer that logs all DNS server replies
https://github.com/gamelinux/passivedns
https://github.com/gamelinux/passivedns
SecWiki周刊(第5期)
http://www.sec-wiki.com/weekly/5
http://www.sec-wiki.com/weekly/5
安全专题
互联网Web安全职位面试题目汇总
https://www.sec-wiki.com/topic/44
https://www.sec-wiki.com/topic/44
-----微信ID:SecWiki-----
SecWiki,13年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第6期)
