SecWiki周刊(第58期)
2015/04/06-2015/04/12
安全资讯
@binitamshah @Dinosn @SecNewsBot @opexxx
http://www.queryfeed.net/twitter?q=
http://www.queryfeed.net/twitter?q=
China's Great Cannon
https://citizenlab.org/2015/04/chinas-great-cannon/
https://citizenlab.org/2015/04/chinas-great-cannon/
Most Global 2000 Firms Vulnerable to Heartbleed Flaw
http://www.securityweek.com/lazy-remediation-leaves-most-global-2000-firms-vulnerable-heartbleed-flaw-report
http://www.securityweek.com/lazy-remediation-leaves-most-global-2000-firms-vulnerable-heartbleed-flaw-report
大数据分析——信息安全下一站
http://yepeng.blog.51cto.com/3101105/1630748
http://yepeng.blog.51cto.com/3101105/1630748
FreeBuf全球安全事件纵览(2015年第一季度)
http://www.freebuf.com/news/62564.html
http://www.freebuf.com/news/62564.html
The Snowden Digital Surveillance Archive
https://snowdenarchive.cjfe.org/greenstone/cgi-bin/library.cgi#
https://snowdenarchive.cjfe.org/greenstone/cgi-bin/library.cgi#
安全技术
CanSecWest 2015 Files
https://cansecwest.com/csw15archive.html
https://cansecwest.com/csw15archive.html
Introduction to Data Analysis using Machine Learning
https://www.youtube.com/watch?v=U4IYsLgNgoY&hd=1
https://www.youtube.com/watch?v=U4IYsLgNgoY&hd=1
那些年学过的PHP黑魔法
http://www.sco4x0.com/php-black-magic.aspx
http://www.sco4x0.com/php-black-magic.aspx
SyScan2015 Conference Slides
https://www.syscan.org/index.php/download
https://www.syscan.org/index.php/download
ngx_lua_waf针对性改写
http://www.leavesongs.com/OTHERLAN/diy-my-nginx-lua-waf.html
http://www.leavesongs.com/OTHERLAN/diy-my-nginx-lua-waf.html
浅谈PHP自动化代码审计技术
http://blog.csdn.net/u011721501/article/details/44982111
http://blog.csdn.net/u011721501/article/details/44982111
Anonabox Analysis
https://reclaim-your-privacy.com/wiki/Anonabox_Analysis
https://reclaim-your-privacy.com/wiki/Anonabox_Analysis
Analysis of KRIPTOVOR: Infostealer+Ransomware
https://www.fireeye.com/blog/threat-research/2015/04/analysis_of_kriptovo.html
https://www.fireeye.com/blog/threat-research/2015/04/analysis_of_kriptovo.html
Modern Binary Exploitation
http://security.cs.rpi.edu/courses/binexp-spring2015/
http://security.cs.rpi.edu/courses/binexp-spring2015/
Samba CVE-2015-0240 远程代码执行漏洞利用实践
http://blog.chaitin.com/samba_exploit_cve-2015-0240/
http://blog.chaitin.com/samba_exploit_cve-2015-0240/
珠联璧合:组合R语言和D3.js的力量
http://blog.jobbole.com/85682/
http://blog.jobbole.com/85682/
wargame narnia writeup
http://drops.wooyun.org/tips/5535
http://drops.wooyun.org/tips/5535
XSSYA-V-2.0 (XSS Vulnerability Confirmation )
https://github.com/yehia-mamdouh/XSSYA-V-2.0
https://github.com/yehia-mamdouh/XSSYA-V-2.0
Docker恶意软件分析系列Ⅳ:js反混淆分析
http://weibo.com/p/1001603829738807363122
http://weibo.com/p/1001603829738807363122
Using different public online malware analyser tools
http://www.vanimpe.eu/2015/04/05/using-different-online-malware-analyser-tools/
http://www.vanimpe.eu/2015/04/05/using-different-online-malware-analyser-tools/
python-xss-filter
https://github.com/phith0n/python-xss-filter
https://github.com/phith0n/python-xss-filter
用Apache Spark进行大数据处理——第一部分:入门介绍
http://www.infoq.com/cn/articles/apache-spark-introduction
http://www.infoq.com/cn/articles/apache-spark-introduction
QQ邮箱 for Android <= 4.0.4手势密码绕过
http://thecjw.0ginr.com/blog/archives/586
http://thecjw.0ginr.com/blog/archives/586
2014年互联网金融行业安全漏洞分析报告
http://yun.baidu.com/share/link?shareid=471989345&uk=4178437850&third=0
http://yun.baidu.com/share/link?shareid=471989345&uk=4178437850&third=0
The Mobile Application Hacker's Handbook
http://vdisk.weibo.com/s/vGaOF84E9uXU
http://vdisk.weibo.com/s/vGaOF84E9uXU
Vulnerability: Persistent XSS in WP-Super-Cache
http://blog.sucuri.net/2015/04/security-advisory-persistent-xss-in-wp-super-cache.html
http://blog.sucuri.net/2015/04/security-advisory-persistent-xss-in-wp-super-cache.html
Dexter is a static android application analysis tool
https://dexter.bluebox.com/
https://dexter.bluebox.com/
LinkedIn B轮融资计划书详解
http://events.36kr.com/linkedin/
http://events.36kr.com/linkedin/
Real-Time Search In Twitter
http://codingcat.me/blog/2015/03/27/real-time-search-in-twitter/
http://codingcat.me/blog/2015/03/27/real-time-search-in-twitter/
SEED Security Video Project
http://www.cis.syr.edu/~wedu/seed/labs.html
http://www.cis.syr.edu/~wedu/seed/labs.html
Sample applications built using Amazon Machine Learning
https://github.com/awslabs/machine-learning-samples
https://github.com/awslabs/machine-learning-samples
IE安全系列:IE的自我介绍 (II)
http://drops.wooyun.org/papers/5519
http://drops.wooyun.org/papers/5519
Bypassing Same Origin Policy (SOP), Part 2
http://resources.infosecinstitute.com/bypassing-same-origin-policy-sop-part-2/
http://resources.infosecinstitute.com/bypassing-same-origin-policy-sop-part-2/
Facebook’s Parse – DOM XSS
http://www.paulosyibelo.com/2015/04/facebooks-parse-dom-xss.html
http://www.paulosyibelo.com/2015/04/facebooks-parse-dom-xss.html
PowerShell script and Java code to decrypt WebLogic passwords
https://github.com/NetSPI/WebLogicPasswordDecryptor
https://github.com/NetSPI/WebLogicPasswordDecryptor
Exploit.SWF CVE-2015-0336 Code
http://pastebin.com/HnpPj4ug
http://pastebin.com/HnpPj4ug
Understanding glibc malloc
https://sploitfun.wordpress.com/2015/02/10/understanding-glibc-malloc/
https://sploitfun.wordpress.com/2015/02/10/understanding-glibc-malloc/
Solving the Honeynet Forensic Challenge
https://labs.opendns.com/2015/04/07/honeynet-weird-python/
https://labs.opendns.com/2015/04/07/honeynet-weird-python/
Next Generation Dynamic Analysis with PANDA
https://www.proteansec.com/linux/next-generation-dynamic-analysis-with-panda/
https://www.proteansec.com/linux/next-generation-dynamic-analysis-with-panda/
How I bypassed Facebook CSRF Protection
http://pouyadarabi.blogspot.com.es/2015/04/bypass-facebook-csrf.html
http://pouyadarabi.blogspot.com.es/2015/04/bypass-facebook-csrf.html
CVE-2011-2461原理分析及案例
http://drops.wooyun.org/papers/5514?v=1
http://drops.wooyun.org/papers/5514?v=1
Hidden backdoor API to root privileges in Apple OS X
https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x/
https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x/
提权广告件PermAd分析报告
http://blog.avlyun.com/2015/04/2228/adware-permad/
http://blog.avlyun.com/2015/04/2228/adware-permad/
Share and Discover the best programming tutorials and courses online
http://hackr.io/
http://hackr.io/
D-Link Firmware Download
ftp://ftp2.dlink.com/
ftp://ftp2.dlink.com/
Understanding WMI Malware
http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp__understanding-wmi-malware.pdf
http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp__understanding-wmi-malware.pdf
Hacking the D-Link DIR-890L
http://www.devttys0.com/2015/04/hacking-the-d-link-dir-890l/
http://www.devttys0.com/2015/04/hacking-the-d-link-dir-890l/
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第58期)
