SecWiki周刊(第19期)
2014/07/07-2014/07/13
安全技术
RECON 2014 slides are being uploaded
http://recon.cx/2014/slides/
http://recon.cx/2014/slides/
Burp Suite使用介绍(四)
http://drops.wooyun.org/tips/2504
http://drops.wooyun.org/tips/2504
Android开发之旅:书籍、教程、工具和各种干货!
http://blog.jobbole.com/73026/
http://blog.jobbole.com/73026/
Fuzzing Android & iOS-李小军&侯浩俊
http://pan.baidu.com/s/1m0mZG
http://pan.baidu.com/s/1m0mZG
(世界杯算法比赛)第一轮点评——8强篇
http://rdc.taobao.org/?p=2244
http://rdc.taobao.org/?p=2244
Advanced sqlmap
http://resources.infosecinstitute.com/advanced-sqlmap/
http://resources.infosecinstitute.com/advanced-sqlmap/
网络安全弹性防护体系-袁明坤
http://pan.baidu.com/s/1kThyh7L
http://pan.baidu.com/s/1kThyh7L
Metasploit后渗透技巧[2]
http://www.91ri.org/9560.html
http://www.91ri.org/9560.html
BrutPOS: RDP Bruteforcing Botnet Targeting POS Systems
http://www.fireeye.com/blog/technical/botnet-activities-research/2014/07/brutpos-rdp-bruteforcing-botnet-targeting-pos-systems.html
http://www.fireeye.com/blog/technical/botnet-activities-research/2014/07/brutpos-rdp-bruteforcing-botnet-targeting-pos-systems.html
十年防泄密的那些事儿-吴鲁加
http://pan.baidu.com/s/1dDqxMXr
http://pan.baidu.com/s/1dDqxMXr
SCRIPTLESS TIMING ATTACKS ON WEB BROWSER PRIVACY
http://www.nds.rub.de/research/publications/scriptless-timing/
http://www.nds.rub.de/research/publications/scriptless-timing/
关于ZANIT和dsploit两款安卓安全工具的对比
http://drops.wooyun.org/mobile/2503
http://drops.wooyun.org/mobile/2503
Data Loss Prevention (DLP) Strategy Guide
http://resources.infosecinstitute.com/data-loss-prevention-dlp-strategy-guide/
http://resources.infosecinstitute.com/data-loss-prevention-dlp-strategy-guide/
解析bootloader安全-程君
http://pan.baidu.com/s/1kTsn5fL
http://pan.baidu.com/s/1kTsn5fL
Text Processing in Python (a book)
http://python.memect.com/?p=2773
http://python.memect.com/?p=2773
crowdstrike-intelligence-report-putter-panda.original
http://cdn0.vox-cdn.com/assets/4589853/crowdstrike-intelligence-report-putter-panda.original.pdf
http://cdn0.vox-cdn.com/assets/4589853/crowdstrike-intelligence-report-putter-panda.original.pdf
Cloud Dataflow :云计算时代的新计算模式
http://www.infoq.com/cn/news/2014/07/cloud-dataflow
http://www.infoq.com/cn/news/2014/07/cloud-dataflow
sonijohn:extract usernames and hashes from Sonicwall
https://github.com/commonexploits/sonijohn
https://github.com/commonexploits/sonijohn
Duo Security 研究人员对PayPal双重验证的绕过
http://drops.wooyun.org/papers/2502
http://drops.wooyun.org/papers/2502
另类识别接入公网的控制器都是干嘛的
http://plcscan.org/blog/2014/07/discovery-plcs-function-1/
http://plcscan.org/blog/2014/07/discovery-plcs-function-1/
WhichBrowser:User agent sniffing gone too far
https://github.com/NielsLeenheer/WhichBrowser
https://github.com/NielsLeenheer/WhichBrowser
elasticsearch 漏洞利用工具套装
http://www.freebuf.com/tools/38025.html
http://www.freebuf.com/tools/38025.html
Metasploit后渗透技巧[1]
http://www.91ri.org/9548.html
http://www.91ri.org/9548.html
XXE注入攻击与防御
http://www.91ri.org/9539.html
http://www.91ri.org/9539.html
纯手工玩转 Nginx 日志
http://blog.eood.cn/nginx_logs
http://blog.eood.cn/nginx_logs
ngrok:Introspected tunnels to localhost
https://ngrok.com/
https://ngrok.com/
走向内网的邪恶之路-周景平
http://pan.baidu.com/s/1hqKJRLU
http://pan.baidu.com/s/1hqKJRLU
Pwnium CTF writeup
http://drops.wooyun.org/tips/2543
http://drops.wooyun.org/tips/2543
Python Resources at Memect
http://python.memect.com/
http://python.memect.com/
漫谈移动银行-马传雷
http://pan.baidu.com/s/1dDd6Bap
http://pan.baidu.com/s/1dDd6Bap
Moodle 2.6.x Multiple XXE and SSRF Vulnerabilities
http://www.pnigos.com/?p=291
http://www.pnigos.com/?p=291
浏览器安全策略说之内容安全策略CSP
http://www.91ri.org/9575.html
http://www.91ri.org/9575.html
Breaking: GameOver Zeus Mutates, Launches Attacks
http://blog.malcovery.com/blog/breaking-gameover-zeus-returns
http://blog.malcovery.com/blog/breaking-gameover-zeus-returns
Google Android Hardening Checklist
https://wikis.utexas.edu/display/ISO/Google+Android+Hardening+Checklist
https://wikis.utexas.edu/display/ISO/Google+Android+Hardening+Checklist
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第19期)
