SecWiki周刊(第21期)
2014/07/21-2014/07/27
安全资讯
[移动安全]  Forensic scientist identifies suspicious back doors' running on every iOS device
http://www.zdnet.com/forensic-scientist-identifies-suspicious-back-doors-running-on-every-ios-device-7000031795/
[Web安全]  Gartner公布2014年十大信息安全技术
http://www.valleytalk.org/2014/07/22/gartner%e5%85%ac%e5%b8%832014%e5%b9%b4%e5%8d%81%e5%a4%a7%e4%bf%a1%e6%81%af%e5%ae%89%e5%85%a8%e6%8a%80%e6%9c%af/
安全技术
[Web安全]  《安全参考》HACKCTO-201407-19
http://pan.baidu.com/s/1c0eoN8c
[数据挖掘]  Toward Scalable Systems for Big Data Analytics: A Technology Tutorial
http://ieeexplore.ieee.org/xpl/articleDetails.jsp?reload=true&arnumber=6842585
[数据挖掘]  Python 网页爬虫数据挖掘兵器谱
http://www.52nlp.cn/python-%e7%bd%91%e9%a1%b5%e7%88%ac%e8%99%ab-%e6%96%87%e6%9c%ac%e5%a4%84%e7%90%86-%e7%a7%91%e5%ad%a6%e8%ae%a1%e7%ae%97-%e6%9c%ba%e5%99%a8%e5%ad%a6%e4%b9%a0-%e6%95%b0%e6%8d%ae%e6%8c%96%e6%8e%98
[Web安全]  DOM Clobbering
http://www.thespanner.co.uk/2013/05/16/dom-clobbering/
[漏洞分析]  简单修改了cve-2011-3402的内核提权ShellCode
http://debugwar.com/archives/313/change_shellcode_cve-2011-3402
[移动安全]  Attacks on Android Clipboard
http://www.cis.syr.edu/~wedu/Research/paper/clipboard_attack_dimva2014.pdf
[数据挖掘]  Machine Learning Surveys
http://www.mlsurveys.com/
[Web安全]  2014年澳大利亚信息安全挑战 CySCA CTF 官方write up Crypto篇
http://drops.wooyun.org/tips/2618
[取证分析]  wireshark 实用技巧
https://community.emc.com/message/827199#827199
[Web安全]  SyScan360 2014 Program
http://www.syscan360.org/en/schedule.html
[Web安全]  playweb:基于分布式网络安全扫描系统实现
http://yaseng.me/yaseng-graduation-thesis-playweb.html
[Web安全]  内网渗透之-域渗透基础
http://www.91ri.org/10154.html
[运维安全]  GNU/Linux安全基线与加固
https://raw.githubusercontent.com/citypw/DNFWAH/master/4/d4_0x02_DNFWAH_gnu-linux_security_baseline_hardening.txt
[运维安全]  配置ModSecurity防火墙与OWASP规则
http://drops.wooyun.org/tips/2614
[Web安全]  TSRC挑战赛: PHP防御绕过挑战实录
http://security.tencent.com/index.php/blog/msg/58
[Web安全]  TSRC挑战赛: PHP场景中getshell防御思路分享
http://security.tencent.com/index.php/blog/msg/57
[其它]  Academic Universe:A Platform for Exploring Linked Academic Objects
http://soscholar.com/universe/
[Web安全]  无声杯 xss 挑战赛 writeup
http://drops.wooyun.org/tips/2671
[恶意分析]  McAfee Advanced Threat Defense Test
http://www.mcafee.com/us/resources/reports/rp-advanced-threat-defense-test.pdf
[漏洞分析]  CVE-2014-3153 Exploit
http://www.clevcode.org/cve-2014-3153-exploit/
[漏洞分析]  Advanced Exploitation of VirtualBox 3D Acceleration VM Escape Vulnerability
http://www.vupen.com/blog/20140725.Advanced_Exploitation_VirtualBox_VM_Escape.php
[恶意分析]  后现代艺术:解构主义APT
http://0x.557.im/swan/201407/23_73.html
[恶意分析]  chopshop:Protocol Analysis/Decoder Framework
https://github.com/MITRECND/chopshop
[移动安全]  iOS后门笔记
http://blog.est.im/post/92537193330
[Web安全]  Wordpress XML-RPC Brute Force Scanning
http://blog.spiderlabs.com/2014/07/honeypot-alert-wordpress-xml-rpc-brute-force-scanning.html
[编程技术]  借助开源项目,学习软件开发
https://github.com/zhuangbiaowei/learn-with-open-source
[Web安全]  Python教程网络安全篇
http://drops.wooyun.org/tips/2568
[恶意分析]  2014H1绿盟科技DDoS威胁报告
http://www.nsfocus.com/report/H1_2014_DDoS_THEATS_REPORT.pdf
[Web安全]  Hacking Clients with WPAD (Web Proxy Auto-Discovery) Protocol
http://resources.infosecinstitute.com/hacking-clients-wpad-web-proxy-auto-discovery-protocol/
[Web安全]  Attacking MongoDB
http://2012.zeronights.org/includes/docs/Firstov%20-%20Attacking%20MongoDB.pdf
[漏洞分析]  Threat Research, Analysis, and Mitigation
http://www.fireeye.com/blog/
[恶意分析]  Samples from the conflict in Syria
http://syrianmalware.com/
[运维安全]  我是如何”黑掉”91Ri的
http://www.91ri.org/10085.html
[漏洞分析]  x64_dbg:An open-source x64/x32 debugger for windows
http://x64dbg.com/#start
[编程技术]  RPC 库 grpc
https://bitbucket.org/seewind/grpc
[Web安全]  如何建立高效的安全测试
http://www.freebuf.com/video/38608.html
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第21期)