SecWiki周刊(第3期)
2014/03/17-2014/03/23
安全资讯
[新闻]  网络安全威胁周报——第201411期
http://drops.wooyun.org/news/1195
安全技术
[漏洞分析]  dve数据虚拟执行技术对抗dep+aslr+emet+cfi
http://hi.baidu.com/yuange1975/item/863a25e4501f542c5a7cfb7b
[编程技术]  PySonar:精确、友好的 Python 静态分析器
https://github.com/yinwang0/pysonar2
[Web安全]  第三方账号登陆的过程及由此引发的血案
http://drops.wooyun.org/papers/1210
[运维安全]  dnspod_inter_ddns:Dnspod International DDNS
https://github.com/jenson-shi/dnspod_inter_ddns
[恶意分析]  XORSearch: Finding Embedded Executables
http://blog.didierstevens.com/2014/03/20/xorsearch-finding-embedded-executables/
[新闻]  网络安全威胁周报——第201411期
http://drops.wooyun.org/news/1195
[移动安全]  EvilGuard:Anroid平台新的攻击方式
http://blogs.360.cn/360mobile/2014/03/18/analysis_of_evil_guard/
[恶意分析]  Threatglass:Web-Based Malware Analysis Tool
http://www.threatglass.com/
[漏洞分析]  STRUTS2框架的getClassLoader漏洞利用
http://www.inbreak.net/archives/526
[Web安全]  Tor隐身大法 —— 用Tor来帮助我们进行渗透测试
http://drops.wooyun.org/tips/1226
[恶意分析]  趋势科技《中国移动网络犯罪地下市场》
http://www.trendmicro.com.cn/pdf/pdf-20140317.pdf
[编程技术]  Crypto 101:一门密码学入门课程
https://www.crypto101.io/
[其它]  针对SSL的中间人攻击演示和防范
http://www.youxia.org/mitm-ssl-attack.html
[书籍]  SQL大师(Joe Celko)经典力作 – 《SQL权威指南(第4版)》
http://sec007.cc/1573.html
[恶意分析]  malware tracker: PDF Current Threats
http://www.malwaretracker.com/pdfthreat.php
[其它]  Doit.im,掌控每一天系列公开课
http://bulo.hujiang.com/u/19449463/
[恶意分析]  From Windows to Droids: An Insight in to Multi-vector Attack Mechanisms in RATs
http://www.fireeye.com/blog/technical/2014/03/from-windows-to-droids-an-insight-in-to-multi-vector-attack-mechanisms-in-rats.html
[恶意分析]  从Windows 到安卓:多重攻击机制的远控的分析
http://drops.wooyun.org/papers/1270
[Web安全]  Google DNS劫持背后的技术分析
http://drops.wooyun.org/papers/1207
[漏洞分析]  shodan_pharmer
https://github.com/DanMcInerney/shodan_pharmer
[移动安全]  北京鼎开预装刷机数据统计apk(rom固化版)分析
http://drops.wooyun.org/tips/1169
[漏洞分析]  软件漏洞分析技巧分享
http://drops.wooyun.org/tips/1261
[恶意分析]  Google Docs Users Targeted by Sophisticated Phishing Scam
http://www.symantec.com/connect/blogs/google-docs-users-targeted-sophisticated-phishing-scam
[漏洞分析]  Exploit-Exercises Protostar Writeup Part I
http://www.programlife.net/exploit-exercises-protostar-writeup-1.html
[Web安全]  PHP后门新玩法:一款猥琐的PHP后门分析
http://drops.wooyun.org/papers/1215
[移动安全]  jadx:Dex to Java decompiler
https://github.com/skylot/jadx
[Web安全]  ColdFusion Admin Compromise Analysis (CVE-2010-2861)
http://blog.spiderlabs.com/2014/03/coldfusion-admin-compromise-analysis-cve-2010-2861.html
[运维安全]  开源日志系统比较
http://blog.sae.sina.com.cn/archives/3183
[Web安全]  Security: What Our Customers Actually Do
http://devconf.cz/filebrowser/download/393
[Web安全]  sees:Social Enginnering Email Sender
https://github.com/galkan/sees
[Web安全]  MITMer:Automated man-in-the-middle attack tool
https://github.com/husam212/MITMer
[杂志]  云计算每周精选
http://www.cstor.cn/weeklynews.asp?id=1872
[其它]  SDN and Security: Network versus Applications
https://devcentral.f5.com/articles/sdn-and-security-network-versus-applications
[其它]  35 Best Computer Security Professors of 2013
http://backgroundchecks.org/35-best-computer-security-professors-of-2013.html
[工具]  DNmap:distributed nmap framwork
http://sourceforge.net/projects/dnmap/
[其它]  a simple DNS sniffer based on dnssnarf.py
https://gist.github.com/corifeo/4722054
[编程技术]  Scrapy 中文文档
http://scrapy-chs.readthedocs.org/zh_CN/latest/
[其它]  BCTF Writeup
http://drops.wooyun.org/papers/1071
[编程技术]  蔡学镛架构设计方法
http://vdisk.weibo.com/s/q8FZMJOAyf-4/1395502463
安全专题
常见的安全代码扫描工具
https://www.sec-wiki.com/topic/41
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第3期)