SecWiki周刊(第123期)
2016/07/04-2016/07/10
安全资讯
[数据挖掘]  个人征信行业蓄势待发:首批八家个人征信大盘点
http://blog.memect.cn/?p=1110
[漏洞分析]  漏洞的稳定性及所谓的负责任披露
http://weibo.com/ttarticle/p/show?id=2309403995654442634928
[人物]  访威胁情报技术尝试者宫一鸣
http://www.aqniu.com/news-views/17506.html
[恶意分析]  Top 1000 Websites Blocking VPN & TOR Users
http://jerrygamblin.com/2016/07/06/top-1000-websites-blocking-vpn-tor-users/
[事件]  网络安全法(草案二次审议稿)全文
http://www.npc.gov.cn/npc/flcazqyj/2016-07/05/content_1993343.htm
[人物]  【新锐】李术夫,一颗禅心,三次创业
https://mp.weixin.qq.com/s?__biz=MzIzMTAzNzUxMQ==&mid=2652874345&idx=1&sn=36a8700183074969f92a2e8527a39d06
安全技术
[Web安全]  如何利用Struts2中的webconsole.html
https://t0data.gitbooks.io/mysecuritybook/content/chapter2.html
[Web安全]  如何使用开源组件解决web应用系统中的XSS漏洞
https://t0data.gitbooks.io/mysecuritybook/content/chapter1.html
[数据挖掘]  HData: 一个支持多数据源的ETL数据导入/导出工具
https://github.com/stuxuhai/HData
[Web安全]  腾讯实习挑战赛通关writeup(冠军通关策略)
https://mp.weixin.qq.com/s?__biz=MzI0NjQxODg0Ng==&mid=2247483920&idx=1&sn=a859296a41c9b735e88ebee7ea5562fe#rd
[漏洞分析]  ARM栈溢出攻击实践:从虚拟环境搭建到ROP利用
http://www.ms509.com/?p=345
[恶意分析]  逆向浅析各种病毒的注入方式之二-----exe注入与进程替换
http://drops.wooyun.org/tips/17351
[数据挖掘]  scrapy爬取知乎用户数据
https://github.com/ansenhuang/scrapy-zhihu-users
[Web安全]  mimikittenz: extracting juicy info from memory
https://github.com/putterpanda/mimikittenz
[Web安全]  对方不想说话并扔了个message.pptx
http://pan.baidu.com/s/1pLCfCWr
[数据挖掘]  Head First Stanford NLP (1)
http://hujiaweibujidao.github.io/blog/2016/03/30/Stanford-NLP/
[运维安全]  用大数据思维做运维监控
http://www.jianshu.com/p/f634d7fc0f05
[Web安全]  Build Your SSRF Exploit Framework
http://mp.weixin.qq.com/s?__biz=MzAwMzI0MTMwOQ==&mid=2650173687&idx=1&sn=81752cdb58fb8aa3608f6079116ad880
[数据挖掘]  Reusable Security: Cracking the MySpace List
http://reusablesec.blogspot.jp/2016/07/cracking-myspace-list-first-impressions.html
[编程技术]  2016用户体验行业调查报告
http://cdc.tencent.com/2016/07/06/2016%e7%94%a8%e6%88%b7%e4%bd%93%e9%aa%8c%e8%a1%8c%e4%b8%9a%e8%b0%83%e6%9f%a5%e6%8a%a5%e5%91%8a/
[运维安全]  自制蜜罐之前端部分
https://zhuanlan.zhihu.com/p/21534942
[漏洞分析]  浏览器漏洞入门
http://drops.wooyun.org/papers/17229
[杂志]  《安全档案(第一期)》:逆向工程与WEB安全
http://www.ixsec.org/wp-content/uploads/2016/07/ixsec.org_2016-07-07_06-53-27.pdf
[设备安全]  LL-Fuzzer: An automated NFC fuzzing framework for Android devices.
https://github.com/mit-ll/LL-Fuzzer
[移动安全]  TaintDroid深入剖析之启动篇
http://drops.wooyun.org/mobile/17417
[移动安全]  2016手机市场深度报告
http://cdc.tencent.com/2016/07/04/2016%e6%89%8b%e6%9c%ba%e5%b8%82%e5%9c%ba%e6%b7%b1%e5%ba%a6%e6%8a%a5%e5%91%8a/
[设备安全]  Awesome IoT. A collaborative list of great resources about IoT
https://github.com/phodal/awesome-iot
[设备安全]  ICS-CERT推荐YARA做工控恶意代码分析环境
http://mp.weixin.qq.com/s?__biz=MzI4ODA4MTcxMA==&mid=2649549565&idx=1&sn=eea530ba0c8429375d9b557de2b422c0
[Web安全]  域渗透——EFS文件解密
http://drops.wooyun.org/tips/17352
[恶意分析]  sems – Sandbox and Virtual Machine Detection Tool
http://www.sectechno.com/sems-anti-sandbox-anti-virtual-machine-detection-tool/
[Web安全]  AS_BugScan: 通过 Webshell 创建 BugScan 节点(需要目标支持 Python2.7)
https://github.com/Medicean/AS_BugScan
[运维安全]  1996-2016 Network Monitoring Tools
https://www.slac.stanford.edu/xorg/nmtf/nmtf-tools.html
[漏洞分析]  Lenovo ThinkPad System Management Mode arbitrary code execution 0day exploit
https://github.com/Cr4sh/ThinkPwn
[Web安全]  Sn1per: Automated Pentest Recon Scanner
https://github.com/1N3/Sn1per
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第123期)