SecWiki周刊(第11期)
2014/05/12-2014/05/18
安全资讯
[Web安全]  Growing dynamic in politically-motivated hacktivism
http://www.net-security.org/secworld.php?id=16819
[Web安全]  一周海外安全事件回顾(20140505-0511)
http://www.freebuf.com/news/special/34128.html
安全技术
[Web安全]  阿里巴巴集团web安全标准Ver1.4
http://pan.baidu.com/share/link?uk=990921528&shareid=537616954&third=0&adapt=pc&fr=ftw
[Web安全]  代码审计之逻辑上传漏洞挖掘
http://drops.wooyun.org/papers/1957
[无线安全]  BT5 + wireshark玩wifi捕获和中间人攻击
http://www.freebuf.com/articles/wireless/33948.html
[无线安全]  基于Wi-Fi的室内定位在美团总部的实践和应用(上)
http://tech.meituan.com/mt-wifi-locate-practice-part1.html
[Web安全]  华为内部的Web安全原则
http://www.ha97.com/5520.html
[漏洞分析]  用 CVE-2013-2551 实现改写 SafeMode 标志
http://mallocat.com/subverting-without-eip/
[数据挖掘]  安装和使用 Elasticsearch
http://www.vpsee.com/2014/05/install-and-play-with-elasticsearch/
[Web安全]  渗透技巧之SSH篇
http://drops.wooyun.org/tips/1951
[恶意分析]  RIG Exploit Pack
http://www.kahusecurity.com/2014/rig-exploit-pack/
[漏洞分析]  逆向基础(三)
http://drops.wooyun.org/tips/1963
[编程技术]  多皮肤及自定义皮肤悬浮QQ在线客服jQuery插件
http://qihudong.chinagdcj.cn/resourcesDetail/atctab_4346_atccategoryid_115_articleid_1338
[漏洞分析]  CVE-2014-0196: Linux kernel <= v3.15-rc4: raw mode PTY local echo race
http://bugzillafiles.novell.org/attachment.cgi?id=589445
[Web安全]  OAuth 安全指南
http://drops.wooyun.org/papers/1989
[移动安全]  Android逆向助手
http://pan.baidu.com/share/link?uk=607204623&shareid=3315398632
[漏洞分析]  远程安全漏洞利用的检测
http://pan.baidu.com/s/1pJDbN4J
[Web安全]  Executing code via SMB / DCOM without PSEXEC
http://www.room362.com/blog/2014/04/19/executing-code-via-smb-without-psexec/
[移动安全]  Genymotion —强大好用高性能的 Android 模拟器
http://segmentfault.com/a/1190000000500253
[编程技术]  7 天打造前端性能监控系统 FEX 做最专业的前端
http://fex.baidu.com/blog/2014/05/build-performance-monitor-in-7-days/
[编程技术]  为首次部署MongoDB做好准备:备份和安全
http://www.infoq.com/cn/articles/mongodb-deployment-backup-security?utm_campaign=infoq_content&utm_source=infoq&utm_medium=feed&utm_term=global
[运维安全]  ntopng:High-Speed Web-based Traffic Analysis and Flow Collection
http://www.ntop.org/products/ntop/
[Web安全]  Learn Web Penetration Testing: The Right Way
http://pentesterlab.com/
[运维安全]  ntopng:High-Speed Web-based Traffic Analysis and Flow Collection
http://www.ntop.org/products/ntop/
[Web安全]  XSS Filter Evasion Cheat Sheet 中文版
http://drops.wooyun.org/tips/1955
[其它]  想提升工作效率,就別再做这七件事
http://blog.jobbole.com/67805/
[Web安全]  Insecure default in Elasticsearch enables remote code execution
http://bouk.co/blog/elasticsearch-rce/
[Web安全]  NoPlaceToHide-Documents-Uncompressed
http://hbpub.vo.llnwd.net/o16/video/olmk/holt/greenwald/NoPlaceToHide-Documents-Uncompressed.pdf
[Web安全]  MYSQL高级爆错注入原理
http://www.91ri.org/9000.html
[Web安全]  Nmap Cheat Sheet
http://pentestlab.wordpress.com/2012/08/17/nmap-cheat-sheet/
[Web安全]  Proxy探测脚本与HTTP基本认证暴力破解脚本
http://danqingdani.blog.163.com/blog/static/1860941952014412104711626
[漏洞分析]  Exploit Exercises:a variety of virtual machines
http://exploit-exercises.com/
[编程技术]  理解OAuth 2.0
http://www.ruanyifeng.com/blog/2014/05/oauth_2_0.html
[Web安全]  Proxy探测脚本与HTTP基本认证暴力破解脚本
http://danqingdani.blog.163.com/blog/static/1860941952014412104711626
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第11期)