SecWiki周刊(第117期)
2016/05/23-2016/05/29
安全资讯
[其它]  麒麟开源堡垒机双因素认证功能(动态口令、CA证书)发布
http://www.oschina.net/news/73706/qilin-baoleiji-dual-certification
[运维安全]  赛门铁克向Blue Coat签发了一个中级证书
http://www.solidot.org/story?sid=48370
安全技术
[论文]  IEEE Symposium on Security and Privacy 2016
http://www.ieee-security.org/TC/SP2016/program-papers.html
[恶意分析]  Practical Malware Analysis 恶意代码分析实战中的工具集
https://bluesoul.me/practical-malware-analysis-starter-kit/
[运维安全]  OSSIM视频教程
http://www.tudou.com/home/ossim/
[Web安全]  入CTF坑必不可少的地方
http://zone.wooyun.org/content/27257
[运维安全]  麒麟开源堡垒主机在等保上的合规性分析
http://www.oschina.net/news/73391/qilin_baoleiji-analyse
[移动安全]  Android App开放网络端口的安全风险-CNCERT2016
http://www.ms509.com/wp-content/uploads/2016/05/Android-App%E5%BC%80%E6%94%BE%E7%BD%91%E7%BB%9C%E7%AB%AF%E5%8F%A3%E7%9A%84%E5%AE%89%E5%85%A8%E9%A3%8E%E9%99%A9-CNCERT2016.pdf
[Web安全]  WebRtcXSS: 利用XSS入侵内网
https://github.com/BlackHole1/WebRtcXSS
[文档]  2016中国网络安全年会培训资料#密码:6y4y
http://pan.baidu.com/share/link?shareid=743000893&uk=1546786268#path=%252F
[运维安全]  企业安全加固,持续完善ing
https://github.com/luyg24/IT_security
[文档]  hitb sec conf 2016 ams
https://conference.hitb.org/hitbsecconf2016ams/materials/
[数据挖掘]  用Python的matplotlib来画全球的股票走势图(开源)
http://mp.weixin.qq.com/s?__biz=MzA4MjYwODg0OQ==&mid=2651817742&idx=1&sn=0a63d75dd6ba66285504040cde9eea61
[Web安全]  toolforspider:网络空间指纹扫描工具
https://github.com/nanshihui/toolforspider
[编程技术]  awesome-python-cn: Python资源大全中文版
https://github.com/jobbole/awesome-python-cn
[设备安全]  谛听ditecting-专注工控安全搜索
http://www.ditecting.com/
[运维安全]  linux下tomcat安全配置
http://drops.wooyun.org/%e8%bf%90%e7%bb%b4%e5%ae%89%e5%85%a8/15888
[数据挖掘]  data_hacking: Click Security Data Hacking Project
https://github.com/ClickSecurity/data_hacking
[编程技术]  爬虫突破封禁的6种常见方法
http://weibo.com/ttarticle/p/show?id=2309403979725117724876
[漏洞分析]  Angular JS模板注入漏洞分析
http://blog.csdn.net/u011721501/article/details/51506364
[取证分析]  CapTipper – Explore Malicious HTTP Traffic
http://www.darknet.org.uk/2016/05/captipper-explore-malicious-http-traffic/
[恶意分析]  Use Bots of Telegram as a C2 server
http://drops.wooyun.org/tips/16142
[数据挖掘]  How to Create a Network Graph Visualization of Reddit Subreddits
http://minimaxir.com/2016/05/reddit-graph/
[Web安全]  Fecm: 前端XSS防火墙及后台报警系统
https://github.com/BlackHole1/Fecm
[数据挖掘]  主流大数据采集平台的架构图解
http://www.ha97.com/5702.html
[运维安全]  细说 CA 和证书
http://www.barretlee.com/blog/2016/04/24/detail-about-ca-and-certs/
[文档]  JSRC 2016 杭州站#密码:esnv
http://pan.baidu.com/share/link?shareid=2073589828&uk=4060232048
[Web安全]  hack_tools_for_me: 渗透小工具合集
https://github.com/rootphantomer/hack_tools_for_me
[编程技术]  自由工作者该如何建立个人品牌
http://yizaoyiwan.com/discussions/848
[Web安全]  渗透测试工具实战技巧合集
http://www.freebuf.com/sectool/105524.html
[Web安全]  Discovering Subdomains
https://blog.bugcrowd.com/discovering-subdomains
[其它]  2016年Q2《网络安全创新500强》榜单解读
http://www.freebuf.com/news/105229.html
[运维安全]  MySQL和PostgreSQL数据库安全配置
http://drops.wooyun.org/%E8%BF%90%E7%BB%B4%E5%AE%89%E5%85%A8/16067
[恶意分析]  Malware exploit database
https://security-base.com:8000/
[运维安全]  Funny Honey – tracking hackers in cyberspace part1
https://dfir-blog.com/2016/05/17/funny-honey-tracking-hackers-in-cyberspace-part1/
[Web安全]  Building Advanced XSS Vectors
http://www.slideshare.net/BruteLogic/building-advanced-xss-vectors
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第117期)