SecWiki周刊(第58期)
2015/04/06-2015/04/12
安全资讯
[其它]  @binitamshah @Dinosn @SecNewsBot @opexxx
http://www.queryfeed.net/twitter?q=
[取证分析]  China's Great Cannon
https://citizenlab.org/2015/04/chinas-great-cannon/
[其它]  大数据分析——信息安全下一站
http://yepeng.blog.51cto.com/3101105/1630748
[运维安全]  FreeBuf全球安全事件纵览(2015年第一季度)
http://www.freebuf.com/news/62564.html
[取证分析]  The Snowden Digital Surveillance Archive
https://snowdenarchive.cjfe.org/greenstone/cgi-bin/library.cgi#
安全技术
[会议]  CanSecWest 2015 Files
https://cansecwest.com/csw15archive.html
[数据挖掘]  Introduction to Data Analysis using Machine Learning
https://www.youtube.com/watch?v=U4IYsLgNgoY&hd=1
[Web安全]  那些年学过的PHP黑魔法
http://www.sco4x0.com/php-black-magic.aspx
[数据挖掘]  理工渣眼中的HMM及安全应用
http://danqingdani.blog.163.com/blog/static/1860941952015219102722250
[论文]  SyScan2015 Conference Slides
https://www.syscan.org/index.php/download
[运维安全]  ngx_lua_waf针对性改写
http://www.leavesongs.com/OTHERLAN/diy-my-nginx-lua-waf.html
[Web安全]  浅谈PHP自动化代码审计技术
http://blog.csdn.net/u011721501/article/details/44982111
[恶意分析]  Analysis of KRIPTOVOR: Infostealer+Ransomware
https://www.fireeye.com/blog/threat-research/2015/04/analysis_of_kriptovo.html
[漏洞分析]  Modern Binary Exploitation
http://security.cs.rpi.edu/courses/binexp-spring2015/
[漏洞分析]  Samba CVE-2015-0240 远程代码执行漏洞利用实践
http://blog.chaitin.com/samba_exploit_cve-2015-0240/
[数据挖掘]  珠联璧合:组合R语言和D3.js的力量
http://blog.jobbole.com/85682/
[漏洞分析]  wargame narnia writeup
http://drops.wooyun.org/tips/5535
[Web安全]  XSSYA-V-2.0 (XSS Vulnerability Confirmation )
https://github.com/yehia-mamdouh/XSSYA-V-2.0
[恶意分析]  Using different public online malware analyser tools
http://www.vanimpe.eu/2015/04/05/using-different-online-malware-analyser-tools/
[恶意分析]  Docker恶意软件分析系列Ⅳ:js反混淆分析
http://weibo.com/p/1001603829738807363122
[Web安全]  python-xss-filter
https://github.com/phith0n/python-xss-filter
[数据挖掘]  用Apache Spark进行大数据处理——第一部分:入门介绍
http://www.infoq.com/cn/articles/apache-spark-introduction
[移动安全]  QQ邮箱 for Android <= 4.0.4手势密码绕过
http://thecjw.0ginr.com/blog/archives/586
[Web安全]  跨站世界中有趣的复制与粘贴
http://linux.im/2015/04/08/Copy-and-Paste-in-XSS.html
[漏洞分析]  2014年互联网金融行业安全漏洞分析报告
http://yun.baidu.com/share/link?shareid=471989345&uk=4178437850&third=0
[书籍]  The Mobile Application Hacker's Handbook
http://vdisk.weibo.com/s/vGaOF84E9uXU
[Web安全]  Vulnerability: Persistent XSS in WP-Super-Cache
http://blog.sucuri.net/2015/04/security-advisory-persistent-xss-in-wp-super-cache.html
[移动安全]  Dexter is a static android application analysis tool
https://dexter.bluebox.com/
[其它]  LinkedIn B轮融资计划书详解
http://events.36kr.com/linkedin/
[编程技术]  Real-Time Search In Twitter
http://codingcat.me/blog/2015/03/27/real-time-search-in-twitter/
[视频]  SEED Security Video Project
http://www.cis.syr.edu/~wedu/seed/labs.html
[数据挖掘]  Sample applications built using Amazon Machine Learning
https://github.com/awslabs/machine-learning-samples
[Web安全]  IE安全系列:IE的自我介绍 (II)
http://drops.wooyun.org/papers/5519
[编程技术]  实战:上亿数据如何秒查
http://www.cnblogs.com/hangwei/p/4399238.html
[Web安全]  Bypassing Same Origin Policy (SOP), Part 2
http://resources.infosecinstitute.com/bypassing-same-origin-policy-sop-part-2/
[Web安全]  Facebook’s Parse – DOM XSS
http://www.paulosyibelo.com/2015/04/facebooks-parse-dom-xss.html
[Web安全]  PowerShell script and Java code to decrypt WebLogic passwords
https://github.com/NetSPI/WebLogicPasswordDecryptor
[漏洞分析]  Exploit.SWF CVE-2015-0336 Code
http://pastebin.com/HnpPj4ug
[取证分析]  Solving the Honeynet Forensic Challenge
https://labs.opendns.com/2015/04/07/honeynet-weird-python/
[恶意分析]  Next Generation Dynamic Analysis with PANDA
https://www.proteansec.com/linux/next-generation-dynamic-analysis-with-panda/
[Web安全]  How I bypassed Facebook CSRF Protection
http://pouyadarabi.blogspot.com.es/2015/04/bypass-facebook-csrf.html
[漏洞分析]  CVE-2011-2461原理分析及案例
http://drops.wooyun.org/papers/5514?v=1
[漏洞分析]  Hidden backdoor API to root privileges in Apple OS X
https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x/
[移动安全]  提权广告件PermAd分析报告
http://blog.avlyun.com/2015/04/2228/adware-permad/
[编程技术]  Share and Discover the best programming tutorials and courses online
http://hackr.io/
[设备安全]  D-Link Firmware Download
ftp://ftp2.dlink.com/
[设备安全]  Hacking the D-Link DIR-890L
http://www.devttys0.com/2015/04/hacking-the-d-link-dir-890l/
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第58期)