SecWiki周刊(第5期)
2014/03/31-2014/04/06
安全资讯
[新闻]  传统安全产业的再思考
http://hi.baidu.com/fs_fx/item/fa8f65fd5649ad0d84d278c5
[新闻]  More than 24M home routers enabling DNS amplification DDoS attacks
http://www.scmagazine.com/more-than-24m-home-routers-enabling-dns-amplification-ddos-attacks/article/341265/
安全技术
[恶意分析]  DECAF( Dynamic Executable Code Analysis Framework) 动态二进制分析平台
http://blog.sina.com.cn/s/blog_7847a1bf0101wrqi.html
[Web安全]  Struts2 S2-020在Tomcat 8下的命令执行分析
http://www.freebuf.com/articles/web/31039.html
[Web安全]  深入理解JavaScript Hijacking原理
http://www.cnblogs.com/hyddd/archive/2009/07/02/1515768.htm
[运维安全]  falcon-eye:linux monitor tool
https://github.com/UlricQin/falcon-eye
[恶意分析]  SysAnalyzer:automated malcode run time analysis application
http://www.aldeid.com/wiki/SysAnalyzer
[Web安全]  Smbexec:rapid post exploitation tool
http://www.sectechno.com/2014/03/30/smbexec-rapid-post-exploitation-tool/
[运维安全]  lnav:The Log File Navigator
http://lnav.org/
[Web安全]  NINJA PingU:open-source high performance network scanner
http://owasp.github.io/NINJA-PingU/index.html
[Web安全]  Web Application Firewalls Are Worth the Investment for Enterprises
http://www.gartner.com/technology/reprints.do?id=1-1RTLH9W&ct=140313&st=sb
[新闻]  传统安全产业的再思考
http://hi.baidu.com/fs_fx/item/fa8f65fd5649ad0d84d278c5
[书籍]  现代体系结构上的 UNIX 系统──内核程序员的 SMP 和 Caching 技术
http://vdisk.weibo.com/s/qFP9Ntxv48OA
[其它]  网络上的欺骗
http://segmentfault.com/a/1190000000455352
[论文]  International Conference on Learning Representations 2014
http://openreview.net/venue/iclr2014
[Web安全]  SQLMAP 实例COOKBOOK
http://drops.wooyun.org/tips/1343
[Web安全]  Polypasshash:A Password hashing scheme
http://polypasshash.github.io/PolyPassHash/
[编程技术]  nude:Nudity detection with Python
https://github.com/hhatto/nude.py
[运维安全]  Watchman:微博平台的链路追踪及服务质量保障系统
http://www.infoq.com/cn/articles/weibo-watchman
[新闻]  More than 24M home routers enabling DNS amplification DDoS attacks
http://www.scmagazine.com/more-than-24m-home-routers-enabling-dns-amplification-ddos-attacks/article/341265/
[漏洞分析]  Struts2 S2-020在Tomcat 8下的命令执行分析
http://sec.baidu.com/index.php?research/detail/id/18
[编程技术]  DPDK:Data Plane Development Kit
http://dpdk.org/
[会议]  第二届京东JSRC电商安全沙龙纪实PPT
http://static.3001.net/upload/20140402/13964200397156.rar
[Web安全]  一种基于Web Workers和CORS技术实现的Web僵尸网络
http://hi.baidu.com/html5sec/item/bd0a12e5a3b4af0a570f1d4e
[Web安全]  DNS泛解析与内容投毒,XSS漏洞以及证书验证的那些事
http://drops.wooyun.org/tips/1354
[编程技术]  一个科技媒体团队用什么样的团队工具
http://jianshu.io/p/3631a398cd9b#
[编程技术]  phantomjs使用说明
http://zhouhua.github.io/2014/03/19/phantomjs/
[书籍]  Reverse Engineering for Beginners
http://yurichev.com/writings/RE_for_beginners-en.pdf
[Web安全]  H5SC:HTML5 Security Cheatsheet
https://github.com/cure53/H5SC
[运维安全]  支持多策略的安全数据库系统研究
http://vdisk.weibo.com/s/zaKA9PTdkdefS/1396588548
[Web安全]  Wildcard DNS, Content Poisoning, XSS and Certificate Pinning
http://w00tsec.blogspot.jp/2014/03/wilcard-dns-content-poisoning-xss-and.html
[恶意分析]  Financial cyber threats in 2013. Part 1: phishing
http://www.securelist.com/en/analysis/204792330/Financial_cyber_threats_in_2013_Part_1_phishing
[运维安全]  ngxtop:Real-time metrics for nginx server
https://github.com/lebinh/ngxtop
[设备安全]  Transceiver for 27 MHz wireless keyboards from Logitech
https://www.cgran.org/wiki/Logitech27MHzTransceiver
[编程技术]  D2进校园成都站圆满结束
http://ued.taobao.org/blog/2014/04/d2campus-at-chengdu/
[编程技术]  iMilo 实时引擎:Solr vs Elasticsearch
http://www.imilo.cn/findblog/36
[设备安全]  How to Own a Router – Fritz!Box AVM Vulnerability Analysis
http://www.insinuator.net/2014/03/how-to-own-a-router-fritzbox-avm-vulnerability-analysis/
[论文]   A Formula for Academic Papers: Introduction
http://slowsearching.blogspot.sg/2014/04/a-formula-for-academic-papers.html
[Web安全]  DNS泛解析与内容投毒,XSS漏洞以及证书验证的那些事
http://drops.wooyun.org/tips/1354
[编程技术]  How to write secure Yii applications
http://www.yiiframework.com/wiki/275/how-to-write-secure-yii-applications/#hh18
[Web安全]  通过dns进行文件下载
http://drops.wooyun.org/tools/1344
[无线安全]  Exploring the Effectiveness of Wireless Based Attacks
https://docs.google.com/document/d/16rpRCOCOFQYmKd4FsrtYDI035JsIt5r9ZuivjfBg3zM/edit
[编程技术]  30个有关Python的小技巧
http://blog.jobbole.com/63320/
[Web安全]  500行PHP代码搞定富文本安全过滤
http://www.welefen.com/only-500-line-php-code-for-filter-rich-content.html
[漏洞分析]  Using the Immunity Debugger API to Automate Analysis
http://vrt-blog.snort.org/2014/04/using-immunity-debugger-api-to-automate.html
[Web安全]  HTML5 Using CORS
http://www.html5rocks.com/en/tutorials/cors/
[移动安全]  Open technology Found CryptoCat iOS
http://vdisk.weibo.com/s/G_jLEbJWrgRb/1396496915
[编程技术]  前端工作流程
http://willkan.github.io/blog/html/Workflow/
[Web安全]  TrustedSec Tools and Exploits
https://www.trustedsec.com/downloads/tools-download/
安全专题
Android安全相关书籍汇总
https://www.sec-wiki.com/topic/43
互联网公司的安全架构
https://www.sec-wiki.com/topic/42
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第5期)