SecWiki周刊(第125期)
2016/07/18-2016/07/24
安全资讯
[人物]  Kickass Torrents站长因购买正版音乐被定位
http://www.solidot.org/story?sid=49023
[运维安全]  2016年全球数据泄露成本调研
http://www.aqniu.com/industry/17871.html
[事件]  公安部发布侵犯个人信息网络犯罪案例
http://mp.weixin.qq.com/s?__biz=MzIyNjE0NTQ2OA==&mid=2651229147&idx=1&sn=272dc975d41cddc3db5797434e6647e4
[人物]  NewSky吴志雄:年过四十他选择在美国创业
https://mp.weixin.qq.com/s?__biz=MzIzMTAzNzUxMQ==&mid=2652874547&idx=1&sn=06f09402c3f2244d0201828bda19a047&scene=1&srcid=0722mfSqm
[事件]  WikiLeaks 公开30万封土耳其政府邮件
http://www.solidot.org/story?sid=49011
安全技术
[运维安全]  黑洞云清洗服务技术白皮书V1.0
http://blog.nsfocus.net/wp-content/uploads/2016/07/%E9%BB%91%E6%B4%9E%E4%BA%91%E6%B8%85%E6%B4%97%E6%9C%8D%E5%8A%A1%E6%8A%80%E6%9C%AF%E7%99%BD%E7%9A%AE%E4%B9%A6V1.0.pdf
[数据挖掘]  乌云知识库drops全站博文
http://pan.baidu.com/s/1o7WQT4m
[漏洞分析]  CVE-2015-3864 Metasploit Module
https://asciinema.org/a/8jlbdq006wsnkqewvcaf05wva
[其它]  干货-信息安全甲方乙方理解和职业群岗位脑图
https://www.hackfun.org/learnrecords/information-security-occupational-group-mind-map.html
[数据挖掘]  微信公众号爬虫
http://stackbox.org/2016-07-21-weixin-spider-notes/?hmsr=toutiao.io&utm_medium=toutiao.io&utm_source=toutiao.io
[Web安全]   Bug Bounty 獎金獵人甘苦談 - 那些年我回報過的漏洞
https://speakerdeck.com/p8361/bug-bounty-jiang-jin-lie-ren-gan-ku-tan-na-xie-nian-wo-hui-bao-guo-de-lou-dong
[编程技术]  CuteMarkEd – 朴素 Markdown 本地编辑器
http://cloose.github.io/CuteMarkEd/
[漏洞分析]  Diaphora, a Free and Open Source program diffing tool
https://github.com/joxeankoret/diaphora
[运维安全]  蜜罐技术概述及市场分析
http://www.freebuf.com/articles/database/109322.html
[Web安全]  Hackode Android penetration tester
http://www.kalitut.com/2015/11/hackode-android-penetration-tester.html
[编程技术]  Python网站的漏洞检查
http://mp.weixin.qq.com/s?__biz=MjM5NzU0MzU0Nw==&mid=2651371219&idx=1&sn=6403ae9e6e26208283bfc11539e793ec&scene=23&srcid=0724SeM1nPiyNItiOJKQqP3k#rd
[Web安全]  Redis Getshell自动化实践之cron
http://www.cdxy.me/vuln/redis-getshell-cron/
[Web安全]  SSRF Tips
http://0cx.cc/some_tips_with_sssrf.jspx
[数据挖掘]  ChineseWordSegmentation:无需语料库的中文分词
https://github.com/Moonshile/ChineseWordSegmentation
[运维安全]  Web服务器在外网能裸奔多久?
https://mp.weixin.qq.com/s?__biz=MjM5NzA1MTcyMA==&mid=2651161183&idx=3&sn=3552b18d23f8af71feee0fffe4305ce1
[Web安全]  WebShell: Web端WebShell管理器
https://github.com/guillotines/WebShell
[Web安全]  scanner: 网站漏洞扫描平台
https://github.com/yinzhixin/scanner
[恶意分析]  知名商业软件“喂养”病毒产业链:“Toxik”病毒追踪
http://www.freebuf.com/articles/system/109112.html
[漏洞分析]  Zulu: The Zulu fuzzer
https://github.com/nccgroup/Zulu
[Web安全]  advanced-methods-to-detect-advanced-cyber-attacks-series-introduction-and-previe
http://www.novetta.com/2014/10/advanced-methods-to-detect-advanced-cyber-attacks-series-introduction-and-preview/
[Web安全]  Redis Getshell自动化实践之SSH key
http://www.cdxy.me/vuln/redis-getshell-ssh-key/
[Web安全]  安全类网站集锦及一些常用库
https://www.figotan.org/2016/07/19/security-websites-list/
[漏洞分析]  Fuzzing with AFL is an Art
http://moyix.blogspot.jp/2016/07/fuzzing-with-afl-is-an-art.html
[漏洞分析]  Analysis of CVE-2016-4203 - Adobe Acrobat and Reader CoolType Handling
https://blog.fortinet.com/2016/07/20/analysis-of-cve-2016-4203-adobe-acrobat-and-reader-cooltype-handling-heap-overflow-vulnerability
[漏洞分析]  Introduction to Windows shellcode development – Part 3 – Security Café
https://securitycafe.ro/2016/02/15/introduction-to-windows-shellcode-development-part-3/
[运维安全]  redis的导入导出需要特别注意的地方
http://sery.blog.51cto.com/10037/1828014
[移动安全]  APKiD: Android Application Identifier for Packers, Protectors, Obfuscators
https://github.com/rednaga/APKiD
[漏洞分析]  Introduction to Windows shellcode development – Part 1 – Security Café
https://securitycafe.ro/2015/10/30/introduction-to-windows-shellcode-development-part1/
[Web安全]  Redis Getshell自动化实践之webshell
http://www.cdxy.me/vuln/redis-getshell%e8%87%aa%e5%8a%a8%e5%8c%96%e5%ae%9e%e8%b7%b5%e4%b9%8bwebshell/
[漏洞分析]  Introduction to Windows shellcode development – Part 2 – Security Café
https://securitycafe.ro/2015/12/14/introduction-to-windows-shellcode-development-part-2/
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第125期)