SecWiki周刊(第22期)
2014/07/28-2014/08/03
安全资讯
[Web安全]  Amazon云已经在不知不觉间成为“犯罪即服务”
http://security.zdnet.com.cn/security_zone/2014/0721/3027820.shtml
安全技术
[移动安全]  Bypass iOS Version Check and Certification validation
https://www.netspi.com/blog/entryid/236/bypass-ios-version-check-and-certification-validation
[漏洞分析]  JAVA逆向&反混淆-追查Burpsuite的破解原理
http://drops.wooyun.org/tips/2689
[取证分析]  Xplico:network forensics tool
http://resources.infosecinstitute.com/xplico/
[Web安全]  cookie-injecting-tools
https://github.com/lfzark/cookie-injecting-tools/
[移动安全]  Android短信蠕虫XXshenqi分析
http://www.91ri.org/10305.html
[编程技术]  PcShare源代码编译过程
http://debugwar.com/archives/325/pcshare_source_compile
[Web安全]  webgame中常见安全问题、防御方式与挽救措施
http://drops.wooyun.org/papers/2677
[Web安全]  漏洞科普:对于XSS和CSRF你究竟了解多少
http://www.freebuf.com/articles/web/39234.html
[Web安全]  Phishing:public access query for phishing URL
http://support.clean-mx.com/clean-mx/phishing.php
[Web安全]  取代cookie的网站追踪技术:”帆布指纹识别”初探
http://security.tencent.com/index.php/blog/msg/59
[恶意分析]  Suricata's file extraction on Debian GNU/Linux
http://citypw.blogspot.hk/2014/03/suricatas-file-extraction-on-debian.html
[数据挖掘]  Shifu:机器学习框架
http://shifu.ml/
[数据挖掘]  2012年龙星计划机器学习课程
http://pan.baidu.com/share/link?shareid=27613&uk=1513052211
[运维安全]  小米安全基础设施建设
http://noops.me/?p=1541
[漏洞分析]  Shellcode Detection and Emulation with Libemu
http://resources.infosecinstitute.com/shellcode-detection-emulation-libemu/
[编程技术]  Hypnus 2.0:远程控制系统
http://bbs.hypnusoft.com/thread-248-1-1.html
[运维安全]  对 *nix WEB服务器的一个隐藏威胁
http://drops.wooyun.org/tips/2646
[Web安全]  Matter of Combination - Stego75 - (Pwnium CTF)
http://0xawes0.me/writeups/2014/07/26/stego75-pwnium/
[运维安全]  小米运维自动化从无到有 WOT 2014
http://noops.me/?p=1536
[漏洞分析]  CVE-2014-3153 aka towelroot
https://github.com/timwr/CVE-2014-3153
[设备安全]  The NSA's Patents, in One Searchable Database
http://complex.foreignpolicy.com/posts/2014/07/30/the_nsas_patents_in_one_searchable_database_0
[数据挖掘]  R语言初级教程
http://study.163.com/course/introduction/490005.htm#/courseDetail
[恶意分析]  How to Hunt Down Phishing Kits
http://jordan-wright.github.io/blog/2014/07/30/how-to-hunt-down-phishing-kits/
[Web安全]  Upload a web.config File for Fun & Profit
https://soroush.secproject.com/blog/2014/07/upload-a-web-config-file-for-fun-profit/
[编程技术]  Mongo @ 百度云
http://idning.github.io/slides/mongodb-201407.html#slide1
[Web安全]  Flashbang:open-source Flash-security helper
https://github.com/cure53/Flashbang
[Web安全]  How did I bypass everything in modsecurity evasion challenge
https://soroush.secproject.com/blog/2014/04/how-did-i-bypass-everything-in-modsecurity-evasion-challenge/
[其它]  提高工作效率的十条好习惯
http://www.mifengtd.cn/articles/10-timeless-work-habits-to-boost-productivity.html
[数据挖掘]  存储前沿趋势开讲啦第一季:为大数据再造存储
http://v.qq.com/page/t/i/y/t0132dxykiy.html?__t=1&ptag=1.sina&_out=1
[漏洞分析]  How to got root access on FireEye OS
http://blog.silentsignal.eu/2014/07/28/how-to-got-root-access-on-fireeye-os/
[Web安全]  检测php网站是否已经被攻破的方法
http://drops.wooyun.org/web/2718
[漏洞分析]  3918dve_袁哥
http://hi.baidu.com/yuange1975/item/c667f900cf0e2fc02e4c6bed
[编程技术]  Cynthia:问题,缺陷,任务管理系统
http://www.oschina.net/p/cynthia
[移动安全]  Antox:Android client for Project Tox
https://github.com/Astonex/Antox
[Web安全]  如何建立有效的安全策略
http://www.xtiger.net/2014/07/31/%e5%a6%82%e4%bd%95%e5%bb%ba%e7%ab%8b%e6%9c%89%e6%95%88%e7%9a%84%e5%ae%89%e5%85%a8%e7%ad%96%e7%95%a5/
[恶意分析]  Cyber Intelligence abusing Internet Explorer to perform Targeted Attacks
http://marcoramilli.blogspot.hk/2014/07/cyber-intelligence-abusing-internet.html
[Web安全]  PhishTank:Join the fight against phishing
http://www.phishtank.com/
[Web安全]  Web前端攻防
http://drops.wooyun.org/tips/2686
[漏洞分析]  Intelligent Exploit Aggregation Network
http://www.intelligentexploit.com/browse-exploit.html
[移动安全]  Remote code execution on Android devices
http://labs.bromium.com/2014/07/31/remote-code-execution-on-android-devices/
-----微信ID:SecWiki-----
SecWiki,13年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第22期)