SecWiki周刊(第57期)
2015/03/30-2015/04/05
安全资讯
揭露全自动化黑产
http://www.1937cn.net/?p=867
http://www.1937cn.net/?p=867
Google产品全面撤销CNNIC根证书
http://www.solidot.org/story?sid=43556
http://www.solidot.org/story?sid=43556
Cybersecurity Ventures 2015年Q1网络安全市场报告
http://www.sec-un.org/cybersecurity-ventures-2015-network-security-market-q1-report.html
http://www.sec-un.org/cybersecurity-ventures-2015-network-security-market-q1-report.html
安全技术
用Kafka,Storm以及ElasticSearch搭建搜索引擎
https://nfil.es/w/eIEi9B/
https://nfil.es/w/eIEi9B/
Black Hat Asia 2015 Slide
https://www.blackhat.com/asia-15/archives.html
https://www.blackhat.com/asia-15/archives.html
Mspider 网页链接爬虫
https://github.com/manning23/MSpider
https://github.com/manning23/MSpider
Android Security 2014 Year in Review Google Report
https://static.googleusercontent.com/media/source.android.com/en/us/devices/tech/security/reports/Google_Android_Security_2014_Report_Final.pdf
https://static.googleusercontent.com/media/source.android.com/en/us/devices/tech/security/reports/Google_Android_Security_2014_Report_Final.pdf
weakfilescan:动态多线程敏感信息泄露检测工具
https://github.com/ring04h/weakfilescan
https://github.com/ring04h/weakfilescan
SSL/TLS Suffers 'Bar Mitzvah Attack'漏洞检测方法及修复建议
https://sobug.com/article/detail/17
https://sobug.com/article/detail/17
怎样快糙猛的开始搞Kaggle比赛
http://phunters.lofter.com/post/86d56_66dd375
http://phunters.lofter.com/post/86d56_66dd375
某电商网站流量劫持案例分析与思考
http://security.tencent.com/index.php/blog/msg/81
http://security.tencent.com/index.php/blog/msg/81
China's Man-on-the-Side Attack on GitHub
http://www.netresec.com/?page=Blog&month=2015-03&post=China%27s-Man-on-the-Side-Attack-on-GitHub
http://www.netresec.com/?page=Blog&month=2015-03&post=China%27s-Man-on-the-Side-Attack-on-GitHub
Machine Learning Math Essentials
http://courses.washington.edu/css490/2012.Winter/lecture_slides/02_math_essentials.pdf
http://courses.washington.edu/css490/2012.Winter/lecture_slides/02_math_essentials.pdf
SQLMAP-Web-GUI Online
https://github.com/Hood3dRob1n/SQLMAP-Web-GUI
https://github.com/Hood3dRob1n/SQLMAP-Web-GUI
Cyberspace Administration of China DDoS Attack Forensics
https://drive.google.com/file/d/0ByrxblDXR_yqeUNZYU5WcjFCbXM/view?pli=1
https://drive.google.com/file/d/0ByrxblDXR_yqeUNZYU5WcjFCbXM/view?pli=1
smalisca:Static Code Analysis for Smali files
https://github.com/dorneanu/smalisca
https://github.com/dorneanu/smalisca
如何配置远程连接的drozer
http://appscan.360.cn/blog/?p=120
http://appscan.360.cn/blog/?p=120
Spark Meetup @Hangzhou 3rd
http://pan.baidu.com/s/1o6sUpzO
http://pan.baidu.com/s/1o6sUpzO
服务器被黑之后的心路历程
http://monklof.com/post/10/
http://monklof.com/post/10/
烽火(Fiberhome)HG-110 设备目录穿越漏洞考察
http://blog.knownsec.com/2015/04/fiberhome-hg-110-device-directory-traversal-investigate/
http://blog.knownsec.com/2015/04/fiberhome-hg-110-device-directory-traversal-investigate/
How To Use Tripwire to Detect Server Intrusions on an Ubuntu VPS
https://www.digitalocean.com/community/tutorials/how-to-use-tripwire-to-detect-server-intrusions-on-an-ubuntu-vps
https://www.digitalocean.com/community/tutorials/how-to-use-tripwire-to-detect-server-intrusions-on-an-ubuntu-vps
The poor, misunderstood innerText
http://perfectionkills.com/the-poor-misunderstood-innerText/
http://perfectionkills.com/the-poor-misunderstood-innerText/
pdf-parser And YARA
http://blog.didierstevens.com/2015/03/31/pdf-parser-and-yara/
http://blog.didierstevens.com/2015/03/31/pdf-parser-and-yara/
PANDA record & replay logs online for malware
http://panda.gtisc.gatech.edu/malrec/
http://panda.gtisc.gatech.edu/malrec/
Integrating Outdated Flash is a Bad Idea
http://justhaifei1.blogspot.com/
http://justhaifei1.blogspot.com/
Tutorials on topics in machine learning
http://homepages.inf.ed.ac.uk/rbf/IAPR/researchers/MLPAGES/mltut.htm
http://homepages.inf.ed.ac.uk/rbf/IAPR/researchers/MLPAGES/mltut.htm
Alibaba CTF 2015 - XSS400 WriteUP
http://linux.im/2015/03/29/alictf-2015-xss400.html
http://linux.im/2015/03/29/alictf-2015-xss400.html
IOHIDSecurePromptClient::injectStringGated Heap Overflow
http://blog.pangu.io/iohidsecurepromptclientinjectstringgated-heap-overflow/
http://blog.pangu.io/iohidsecurepromptclientinjectstringgated-heap-overflow/
Multi-Architecture GDB Enhanced Features for Exploiters
https://github.com/hugsy/gef
https://github.com/hugsy/gef
黑客防线2015年第3期杂志
http://www.hacker.com.cn/show-7-2746-1.html
http://www.hacker.com.cn/show-7-2746-1.html
How to own any windows network with group policy hijacking attacks
https://labs.mwrinfosecurity.com/blog/2015/04/02/how-to-own-any-windows-network-with-group-policy-hijacking-attacks/
https://labs.mwrinfosecurity.com/blog/2015/04/02/how-to-own-any-windows-network-with-group-policy-hijacking-attacks/
apd-reports:Second-Level Domains (SLDs)
https://github.com/jpascualbeato/apd-reports/
https://github.com/jpascualbeato/apd-reports/
Reverse Shell Cheat Sheet
https://highon.coffee/blog/reverse-shell-cheat-sheet/
https://highon.coffee/blog/reverse-shell-cheat-sheet/
A New Word Document Exploit Kit
https://www.fireeye.com/blog/threat-research/2015/04/a_new_word_document.html
https://www.fireeye.com/blog/threat-research/2015/04/a_new_word_document.html
bandit:Python AST-based static analyzer from OpenStack Security Group
https://github.com/stackforge/bandit
https://github.com/stackforge/bandit
ALi CTF 2015 write up
http://drops.wooyun.org/papers/5493
http://drops.wooyun.org/papers/5493
Bypassing Linux kernel module version check
http://www.cloud-sec.org/Bypassing_Linux_kernel_module_version_check.pdf
http://www.cloud-sec.org/Bypassing_Linux_kernel_module_version_check.pdf
验证码安全问题汇总
http://drops.wooyun.org/web/5459
http://drops.wooyun.org/web/5459
Using the docker command to root the host
http://reventlov.com/advisories/using-the-docker-command-to-root-the-host
http://reventlov.com/advisories/using-the-docker-command-to-root-the-host
Sexrets_of_LoadLibrary_CSW2015
http://vdisk.weibo.com/s/vG9M7U_S4QP
http://vdisk.weibo.com/s/vG9M7U_S4QP
100 Days of Malware
http://moyix.blogspot.com/2015/03/100-days-of-malware.html
http://moyix.blogspot.com/2015/03/100-days-of-malware.html
New Malware Attacks On The Threat Horizon
https://labs.opendns.com/2015/04/01/new-malware-attacks-on-the-threat-horizon/
https://labs.opendns.com/2015/04/01/new-malware-attacks-on-the-threat-horizon/
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第57期)
