SecWiki周刊(第34期)
2014/10/20-2014/10/26
安全资讯
[Web安全]  一周海外安全事件回顾(10.06-10.19):互联网之王
http://www.freebuf.com/news/47895.html
[Web安全]  Tor出口节点在用户下载的二进制文件中注入恶意程序
http://www.solidot.org/story?sid=41609
安全技术
[编程技术]  猴子都能懂的GIT入门
http://backlogtool.com/git-guide/cn/
[Web安全]  Conference Agenda HITBSecConf2014
https://conference.hitb.org/hitbsecconf2014kul/agenda/
[Web安全]  信息安全行业从业指南2.0
http://hi.baidu.com/ayazero/item/fe26f2fc73da5b0984d278c9
[Web安全]  J2EEScan:J2EE Security Scanner Burp Suite Plugin
https://bitbucket.org/ilmila/j2eescan/
[无线安全]  OpenBTS-UMTS:3G UMTS Data Radio Access Network Node
https://github.com/RangeNetworks/OpenBTS-UMTS
[取证分析]  云端博弈——云安全入侵取证及思考
http://security.tencent.com/index.php/blog/msg/72
[Web安全]  Security Headers on the Top 1,000,000 Websites: October 2014 Report
https://www.veracode.com/blog/2014/10/security-headers-top-1000000-websites-october-2014-report
[数据挖掘]  Symposium on Operating Systems Design and Implementation
https://www.usenix.org/conference/osdi14/technical-sessions
[文档]  NoSuchCon 2014 schedule
http://www.nosuchcon.org/#schedule
[漏洞分析]  Windows内核提权漏洞CVE-2014-4113分析报告
http://drops.wooyun.org/papers/3324
[无线安全]  WooYun WIFI 成长史
http://drops.wooyun.org/tips/3248
[数据挖掘]  分布式机器学习的故事
http://cxwangyi.github.io/2014/01/20/distributed-machine-learning/
[恶意分析]  Shellcode Analysis Pipleine
http://7h3ram.github.io/2014/3/18/shellcode-pipeline/
[Web安全]  [CTF]AliCTF-Final-2014-Writeup
http://le4f.net/post/writeup/-ctf-alictf-final-2014-writeup
[漏洞分析]  Presentation: Extreme Privilege Escalation On Windows 8/UEFI Systems
https://www.mitre.org/publications/technical-papers/presentation-extreme-privilege-escalation-on-windows-8uefi-systems
[书籍]  Web安全核心书单
http://my.oschina.net/bluefly/blog/335409
[Web安全]  XCTF两道web题目的writeup
http://www.leavesongs.com/PENETRATION/Mini-XCTF-Writeup.html
[恶意分析]  Dropping Files Into Temp Folder Raises Security Concerns
http://blogs.mcafee.com/mcafee-labs/dropping-files-temp-folder-raises-security-concerns
[数据挖掘]  Hackweek几点感受
http://www.raychase.net/2631
[运维安全]  2014 H1绿盟科技反数据泄露报告
http://www.nsfocus.com/report/2014_H1_NSFOCUS_DATA_BREACH_REPORT.PDF
[无线安全]  初步玩-破解学校水卡
http://admin.gxhc520.cn/learn_notes/705
[运维安全]  “洋葱头”路由安全性分析与改进
http://zhaisj.blog.51cto.com/219066/1541883
[恶意分析]  IRMA:Incident Response Malware Analysis
http://irma.quarkslab.com/index.html
[移动安全]  移动安全应用漏洞分析报告
http://blog.sina.com.cn/s/blog_13613fbcb0102v3gk.html
[编程技术]  pycrumbs:Python资源大全
http://hao.jobbole.com/python-pycrumbs/
[Web安全]  wfuzz:The Web Bruteforcer
https://github.com/xmendez/wfuzz
[编程技术]  github 上 Fork 别人的项目后的常用的操作指南
http://www.php-oa.com/2014/10/22/github-operation.html
[Web安全]  ShapeShifter: The emperor’s new web security technology
http://blog.securitee.org/?p=309
[Web安全]  乌云第一届沙龙
http://zone.wooyun.org/content/15972
[漏洞分析]  Reverse engineering - Shellcodes techniques
http://www.slideshare.net/erangoldstein/reverse-engineering-shellcodes-techniques
[Web安全]  Discuz!7.2 faq.php文件SQL注入漏洞分析及利用实战
http://simeon.blog.51cto.com/18680/1440000
[运维安全]  Android证书信任问题与大表哥
http://drops.wooyun.org/tips/3296
[Web安全]  沉默中的狂怒 —— Cookie 大喷发
http://www.cnblogs.com/index-html/p/mitm-cookie-sniffer.html
[运维安全]  exitmap:fast and extensible Python-based scanner for Tor exit relays
https://github.com/NullHypothesis/exitmap
[漏洞分析]  Shellshock漏洞回顾与分析测试
http://drops.wooyun.org/papers/3268
[漏洞分析]  CVE-2014-0569漏洞分析
http://weibo.com/p/1001603769606924861349
[Web安全]  2014-internet-security-report-q3
http://vdisk.weibo.com/s/C72IDYVyetPLq/1414113806
[Web安全]  Why You Should Add Joern to Your Source Code Audit Toolkit
http://www.praetorian.com/blog/why-you-should-add-joern-to-your-source-code-audit-toolkit
[编程技术]  PHP+MySQL实现身份证信息查询API
http://cloudbbs.org/forum.php?mod=viewthread&tid=22440
[Web安全]  网站安全狗最新版绕过测试
http://phpsec.sinaapp.com/?p=270
[编程技术]  HTML 5 History API的”前生今世”
http://www.ido321.com/1069.html
[Web安全]  网站安全狗最新版绕过测试
http://phpsec.sinaapp.com/?p=270
[编程技术]  WEB开发基础 — web开发最佳实践手册
http://wf.uisdc.com/
[编程技术]  SSD在新浪数据库平台优化实践
http://vdisk.weibo.com/s/vfXX1rzjdzOA
安全专题
团队协作系统推荐
https://www.sec-wiki.com/topic/49
互联网安全岗位招聘网址
https://www.sec-wiki.com/topic/48
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第34期)