SecWiki周刊(第10期)
2014/05/05-2014/05/11
安全资讯
[Web安全]  一周海外安全事件回顾(20140428-0504)
http://www.freebuf.com/news/special/33727.html
[其它]  中国发布首部国家安全报告
http://www.ziwzx.com/htm/szyw/2014/0506/2592.html?bsh_bid=401238395
[Web安全]  一周海外安全事件回顾(20140421-0427)
http://www.freebuf.com/news/special/33285.html
安全技术
[漏洞分析]  ROPs are for the 99%: A revolutionary bypass technology
http://pastebin.ubuntu.com/7444950/
[漏洞分析]  Debug Struts2 S2-021的一点心得体会
http://drops.wooyun.org/papers/1778
[取证分析]  inception: FireWire physical memory manipulation and hacking tool
https://github.com/carmaa/inception
[运维安全]  使用Suricata進行IDS/IPS
http://maskray.me/blog/2013-07-26-ids-ips-with-suricata
[漏洞分析]  部分dve技术实现代码
http://weibo.com/p/1001603708954432635204
[编程技术]  django-xadmin:Bootstrap3.0框架的后台管理系统框架
http://sshwsfc.github.io/django-xadmin/#features
[Web安全]  编写变态的(非字母数字的)PHP后门
http://www.freebuf.com/articles/web/33824.html
[设备安全]  SniffMap: Maps of Five Eyes interception
http://sniffmap.telcomap.org/
[Web安全]  360hackgame writeup
http://drops.wooyun.org/tips/1666
[编程技术]  15款最好的 Twitter Bootstrap 开发工具
http://www.cnblogs.com/lhb25/p/15-best-bootstrap-tools-for-designers.html
[漏洞分析]  [CVE-2014-3005]Zabbix 1.8.x-2.2.x Local File Inclusion via XXE Attack | 风井
http://www.pnigos.com/?p=273
[Web安全]  [投稿]从CVE-2014-0166看高效率EXP的编写
http://www.91ri.org/8871.html
[运维安全]  SQL SERVER 2008安全配置
http://drops.wooyun.org/tips/1670
[设备安全]  工控系统的安全风险及对策
http://www.i170.com/user/falcon/Article_124070
[编程技术]  QCon北京2014大会
http://www.qconbeijing.com/videoslides.html
[漏洞分析]  CVE-2014-1776 的 fun() 函数
http://paste.ubuntu.com/7402258/
[漏洞分析]  安全漏洞概念及分类
http://pan.baidu.com/s/1kT9LT4r
[Web安全]  针对近期“博全球眼球的OAuth漏洞”的分析与防范建议
http://www.freebuf.com/vuls/33750.html
[Web安全]  Egor Homakov: Covert Redirect FAQ
http://homakov.blogspot.com/2014/05/covert-redirect-faq.html
[漏洞分析]  Python gdb Disassembly Extension 1.20
http://www.thegreycorner.com/2014/05/python-gdb-disassembly-extension-120.html
[数据挖掘]  分布式基础计划详情
http://study.163.com/plan/planIntroduction/272067.htm#/planDetail
[无线安全]  走进科学: 无线安全需要了解的芯片选型、扫描器使用知识
http://www.freebuf.com/articles/wireless/33524.html
[漏洞分析]  Windows平台下的堆溢出利用技术(二)(上篇)
http://drops.wooyun.org/papers/1714
[书籍]  LIONsolver: the Learning and Intelligent OptimizatioN solver
http://www.lionsolver.com/LIONbook/
[运维安全]  Prolexic_Q12014_Global_Attack_Report_US_041614
http://vdisk.weibo.com/s/C72IDYVyeiWsd/1399302056
[Web安全]  Spring MVC xml绑定pojo造成的XXE
http://drops.wooyun.org/papers/1911
[移动安全]  动态调试 Android so库函数的方法
http://riusksk.blogbus.com/logs/271566148.html
[运维安全]  New Paper: Advanced Endpoint and Server Protection
https://securosis.com/blog/new-paper-advanced-endpoint-and-server-protection
[编程技术]  架构师(4月刊)
http://www.infoq.com/cn/minibooks/architect-apr-10-2014
[其它]  《How to Read an Engineering Research Paper》笔记
http://liusihao.com/post/85169957748/how-to-read-an-engineering-research-paper
[Web安全]  MSSQL注射知识库 v 1.0
http://drops.wooyun.org/tips/1620
[恶意分析]  HII_The_Non-Advanced_Persistent_Threat
http://vdisk.weibo.com/s/C72IDYVyeiYWJ/1399389089
[编程技术]  关于效率、程序与生活的一些思考
http://jackiekuo.com/book/2014/04/19/thoughts-on-effectivity-program-and-life/
[编程技术]  我的算法学习之路
http://zh.lucida.me/blog/on-learning-algorithms/
[编程技术]  有关网络攻击的世界地图是怎么开发的
http://www.zhihu.com/question/23624209
[运维安全]  2014-annual-ddos-attacks-and-impact-report
http://vdisk.weibo.com/s/C72IDYVyeiWt0/1399301885
[漏洞分析]  http://www.exploit-db.com/download_pdf/33196/
Windows Heap Overflow Exploitation
[恶意分析]  Exploit Kit Roundup: Best of Obfuscation Techniques
http://blog.spiderlabs.com/2014/05/exploit-kit-roundup-best-of-obfuscation-techniques.html
[运维安全]  DNS详解
http://liusihao.com/post/85195629143/dns
[恶意分析]  Assembly Language Tutorial
https://wiki.skullsecurity.org/Assembly
[编程技术]  我读《大型网站技术架构》笔记
http://iamzhongyong.iteye.com/blog/2063481
[Web安全]  SQL Injection in Insert, Update and Delete Statements
http://www.exploit-db.com/download_pdf/33253
[漏洞分析]  逆向基础(二)
http://drops.wooyun.org/tips/1931
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第10期)