SecWiki周刊(第11期)
2014/05/12-2014/05/18
安全资讯
Growing dynamic in politically-motivated hacktivism
http://www.net-security.org/secworld.php?id=16819
http://www.net-security.org/secworld.php?id=16819
一周海外安全事件回顾(20140505-0511)
http://www.freebuf.com/news/special/34128.html
http://www.freebuf.com/news/special/34128.html
安全技术
阿里巴巴集团web安全标准Ver1.4
http://pan.baidu.com/share/link?uk=990921528&shareid=537616954&third=0&adapt=pc&fr=ftw
http://pan.baidu.com/share/link?uk=990921528&shareid=537616954&third=0&adapt=pc&fr=ftw
代码审计之逻辑上传漏洞挖掘
http://drops.wooyun.org/papers/1957
http://drops.wooyun.org/papers/1957
BT5 + wireshark玩wifi捕获和中间人攻击
http://www.freebuf.com/articles/wireless/33948.html
http://www.freebuf.com/articles/wireless/33948.html
基于Wi-Fi的室内定位在美团总部的实践和应用(上)
http://tech.meituan.com/mt-wifi-locate-practice-part1.html
http://tech.meituan.com/mt-wifi-locate-practice-part1.html
华为内部的Web安全原则
http://www.ha97.com/5520.html
http://www.ha97.com/5520.html
用 CVE-2013-2551 实现改写 SafeMode 标志
http://mallocat.com/subverting-without-eip/
http://mallocat.com/subverting-without-eip/
安装和使用 Elasticsearch
http://www.vpsee.com/2014/05/install-and-play-with-elasticsearch/
http://www.vpsee.com/2014/05/install-and-play-with-elasticsearch/
渗透技巧之SSH篇
http://drops.wooyun.org/tips/1951
http://drops.wooyun.org/tips/1951
RIG Exploit Pack
http://www.kahusecurity.com/2014/rig-exploit-pack/
http://www.kahusecurity.com/2014/rig-exploit-pack/
多皮肤及自定义皮肤悬浮QQ在线客服jQuery插件
http://qihudong.chinagdcj.cn/resourcesDetail/atctab_4346_atccategoryid_115_articleid_1338
http://qihudong.chinagdcj.cn/resourcesDetail/atctab_4346_atccategoryid_115_articleid_1338
CVE-2014-0196: Linux kernel <= v3.15-rc4: raw mode PTY local echo race
http://bugzillafiles.novell.org/attachment.cgi?id=589445
http://bugzillafiles.novell.org/attachment.cgi?id=589445
OAuth 安全指南
http://drops.wooyun.org/papers/1989
http://drops.wooyun.org/papers/1989
远程安全漏洞利用的检测
http://pan.baidu.com/s/1pJDbN4J
http://pan.baidu.com/s/1pJDbN4J
Genymotion —强大好用高性能的 Android 模拟器
http://segmentfault.com/a/1190000000500253
http://segmentfault.com/a/1190000000500253
Executing code via SMB / DCOM without PSEXEC
http://www.room362.com/blog/2014/04/19/executing-code-via-smb-without-psexec/
http://www.room362.com/blog/2014/04/19/executing-code-via-smb-without-psexec/
为首次部署MongoDB做好准备:备份和安全
http://www.infoq.com/cn/articles/mongodb-deployment-backup-security?utm_campaign=infoq_content&utm_source=infoq&utm_medium=feed&utm_term=global
http://www.infoq.com/cn/articles/mongodb-deployment-backup-security?utm_campaign=infoq_content&utm_source=infoq&utm_medium=feed&utm_term=global
7 天打造前端性能监控系统 FEX 做最专业的前端
http://fex.baidu.com/blog/2014/05/build-performance-monitor-in-7-days/
http://fex.baidu.com/blog/2014/05/build-performance-monitor-in-7-days/
Learn Web Penetration Testing: The Right Way
http://pentesterlab.com/
http://pentesterlab.com/
ntopng:High-Speed Web-based Traffic Analysis and Flow Collection
http://www.ntop.org/products/ntop/
http://www.ntop.org/products/ntop/
XSS Filter Evasion Cheat Sheet 中文版
http://drops.wooyun.org/tips/1955
http://drops.wooyun.org/tips/1955
ntopng:High-Speed Web-based Traffic Analysis and Flow Collection
http://www.ntop.org/products/ntop/
http://www.ntop.org/products/ntop/
Insecure default in Elasticsearch enables remote code execution
http://bouk.co/blog/elasticsearch-rce/
http://bouk.co/blog/elasticsearch-rce/
想提升工作效率,就別再做这七件事
http://blog.jobbole.com/67805/
http://blog.jobbole.com/67805/
NoPlaceToHide-Documents-Uncompressed
http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf
http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf
MYSQL高级爆错注入原理
http://www.91ri.org/9000.html
http://www.91ri.org/9000.html
Nmap Cheat Sheet
http://pentestlab.wordpress.com/2012/08/17/nmap-cheat-sheet/
http://pentestlab.wordpress.com/2012/08/17/nmap-cheat-sheet/
Proxy探测脚本与HTTP基本认证暴力破解脚本
http://danqingdani.blog.163.com/blog/static/1860941952014412104711626
http://danqingdani.blog.163.com/blog/static/1860941952014412104711626
Exploit Exercises:a variety of virtual machines
http://exploit-exercises.com/
http://exploit-exercises.com/
Proxy探测脚本与HTTP基本认证暴力破解脚本
http://danqingdani.blog.163.com/blog/static/1860941952014412104711626
http://danqingdani.blog.163.com/blog/static/1860941952014412104711626
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第11期)
