SecWiki周刊(第53期)
2015/03/02-2015/03/08
安全资讯
[移动安全]  Xiaomi Mi 4 Pre-loaded with Malware and Custom Android ROM
http://thehackernews.com/2015/03/Xiaomi-Mi-4-malware.html
[其它]  网络空间安全企业500强
http://www.aqniu.com/security-reports/6735.html
[运维安全]  机读安全威胁情报实例之 Mandiant APT1
http://www.sec-un.org/mandiant-security-threat-intelligence-instance-apt1.html
[视频]  Ars kicks off March with Hacker Movie Madness
http://arstechnica.com/the-multiverse/2015/03/ars-kicks-off-march-with-hacker-movie-madness/
[恶意分析]  机读安全威胁情报实例之 FireEye POISON IVY
http://www.sec-un.org/fireeye-machine-readable-security-threat-intelligence-instance-poison-ivy.html
[会议]  SECore:SECurity Organizer & Reporter Exchange
https://secore.info/
[其它]  Signal 2.0: Private messaging comes to the iPhone
https://whispersystems.org/blog/the-new-signal/
安全技术
[编程技术]  与马道长聊 Docker
http://teahour.fm/2015/02/13/docker-introduction.html
[Web安全]  ​360安全应急响应中心重大改版(2015年3月)
http://weibo.com/p/1001603817394094115262
[漏洞分析]  Angler Exploit Kit Using k33nteam’s Internet Explorer Use After Free
https://www.fireeye.com/blog/threat-research/2015/02/angler_exploit_kitu.html
[Web安全]  在Flash中利用PCRE正则式漏洞CVE-2015-0318的方法
http://drops.wooyun.org/papers/5030
[数据挖掘]  Peacock:大规模主题模型及其在腾讯业务中的应用
http://www.flickering.cn/nlp/2015/03/peacock%ef%bc%9a%e5%a4%a7%e8%a7%84%e6%a8%a1%e4%b8%bb%e9%a2%98%e6%a8%a1%e5%9e%8b%e5%8f%8a%e5%85%b6%e5%9c%a8%e8%85%be%e8%ae%af%e4%b8%9a%e5%8a%a1%e4%b8%ad%e7%9a%84%e5%ba%94%e7%94%a8/
[运维安全]  我从Superfish事件中学到的
http://drops.wooyun.org/papers/5080
[Web安全]  新型任意文件读取漏洞的研究
http://drops.wooyun.org/papers/5040
[取证分析]  Boston Key Party 2015 – Wellington
http://wiremask.eu/boston-key-party-2015-wellington/
[恶意分析]  修改硬盘固件的木马_V1.3
http://www.antiy.com/response/EQUATION_ANTIY_REPORT.html
[数据挖掘]  [我们是这样理解语言的-2]统计语言模型
http://www.flickering.cn/nlp/2015/02/%E6%88%91%E4%BB%AC%E6%98%AF%E8%BF%99%E6%A0%B7%E7%90%86%E8%A7%A3%E8%AF%AD%E8%A8%80%E7%9A%84-2%E7%BB%9F%E8%AE%A1%E8%AF%AD%E8%A8%80%E6%A8%A1%E5%9E%8B/
[恶意分析]  Fireeye Mandiant 2014 安全报告 Part1
http://drops.wooyun.org/papers/5042
[恶意分析]  利用第三方软件 0day 漏洞加载和执行的木马分析
http://drops.wooyun.org/tips/5086
[Web安全]  Kolejny XSS w www.google.com (Custom Search Engine)
http://sekurak.pl/kolejny-xss-w-www-google-com-custom-search-engine/
[恶意分析]  Utilizing NLP To Detect APT in DNS
https://labs.opendns.com/2015/03/05/nlp-apt-dns/
[Web安全]  Modern Defense Against CSRF Attacks
https://resonantcore.net/blog/2015/02/modern-defense-against-csrf-attacks
[运维安全]  绿盟科技发布2014年DDoS威胁报告
http://www.aqniu.com/?wpdmact=process&did=NjYuaG90bGluaw==
[漏洞分析]  安全漏洞本质扯谈之安全技能之外
http://weibo.com/p/1001643816243969798634
[漏洞分析]  ElasticSearch 远程代码执行漏洞分析(CVE-2015-1427)
http://drops.wooyun.org/papers/5142
[漏洞分析]  Attack of the week: FREAK (or 'factoring the NSA for fun and profit')
http://blog.cryptographyengineering.com/2015/03/attack-of-week-freak-or-factoring-nsa.html
[杂志]  黑客防线2015年第2期杂志
http://www.hacker.com.cn/show-7-2744-1.html
[运维安全]  Pulsar:Internet Scale Real-time Analytics Using Streaming SQL
http://gopulsar.io/
[Web安全]  延长 XSS 生命期
http://drops.wooyun.org/web/5049
[Web安全]  dirs3arch:HTTP(S) directory/file brute forcer
https://github.com/maurosoria/dirs3arch
[恶意分析]  Exploiting CVE-2015-0311: A Use-After-Free in Adobe Flash Player
http://blog.coresecurity.com/2015/03/04/exploiting-cve-2015-0311-a-use-after-free-in-adobe-flash-player/
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第53期)