SecWiki周刊(第63期)
2015/05/11-2015/05/17
安全资讯
工业界 vs. 学术界:一个年轻员工的视角
http://weibo.com/p/1001603841989056573774
http://weibo.com/p/1001603841989056573774
OWASP AppSec Research (AppSecEU) 2015
http://2015.appsec.eu/keynotes/#keynote10
http://2015.appsec.eu/keynotes/#keynote10
The Wolves of Vuln Street
https://hackerone.com/news/the-wolves-of-vuln-street
https://hackerone.com/news/the-wolves-of-vuln-street
What's new with Exploit-Database?
https://www.offensive-security.com/offsec/whats-new-with-exploit-database/
https://www.offensive-security.com/offsec/whats-new-with-exploit-database/
Who’s Scanning Your Network
http://krebsonsecurity.com/2015/05/whos-scanning-your-network-a-everyone/
http://krebsonsecurity.com/2015/05/whos-scanning-your-network-a-everyone/
全球安全事件纵览(2015年4月):暗流涌动
http://www.freebuf.com/news/66684.html
http://www.freebuf.com/news/66684.html
第三届-360信息安全大赛
http://bobao.360.cn/activity/detail/155.html
http://bobao.360.cn/activity/detail/155.html
硅谷最火最有名的高科技创业公司和技术都有哪些?
http://mp.weixin.qq.com/s?__biz=MzA4MjQwNTExMA==&mid=205386787&idx=1&sn=04788f1dc8352ca32948460bd6e3fe31
http://mp.weixin.qq.com/s?__biz=MzA4MjQwNTExMA==&mid=205386787&idx=1&sn=04788f1dc8352ca32948460bd6e3fe31
Apple Security Talks & Craft Beer
http://www.jailbreaksecuritysummit.com/
http://www.jailbreaksecuritysummit.com/
安全技术
手撕包菜磁力搜索引擎的开源说明
http://xiaoxia.org/2015/05/15/shousibaocai-opensource/
http://xiaoxia.org/2015/05/15/shousibaocai-opensource/
libinjection:SQL / SQLI tokenizer parser analyzer
https://github.com/client9/libinjection
https://github.com/client9/libinjection
Docker日志自动化: ElasticSearch、Logstash、Kibana以及Logspout
http://dockone.io/article/373
http://dockone.io/article/373
信息安全与密码学方向应该掌握的52个知识点
http://www.vonwei.com/post/52knowledgeForCryptographyPHD.html
http://www.vonwei.com/post/52knowledgeForCryptographyPHD.html
Web 安全介绍与基础入门知识
http://www.jikexueyuan.com/course/885.html
http://www.jikexueyuan.com/course/885.html
CCIE网络工程师成长之路
http://www.ccietea.com/
http://www.ccietea.com/
Docker安全运维的checklist
https://benchmarks.cisecurity.org/tools2/docker/CIS_Docker_1.6_Benchmark_v1.0.0.pdf
https://benchmarks.cisecurity.org/tools2/docker/CIS_Docker_1.6_Benchmark_v1.0.0.pdf
Google技术开发指南:给大学生自学的建议
http://blog.jobbole.com/80621/
http://blog.jobbole.com/80621/
Hard Disk Firmware Hacking (Part 5)
http://www.malwaretech.com/2015/05/hard-disk-firmware-hacking-part-5.html
http://www.malwaretech.com/2015/05/hard-disk-firmware-hacking-part-5.html
Verizon 2015 Data Breach Investigations Report
http://news.verizonenterprise.com/2015/04/2015-data-breach-report-info/
http://news.verizonenterprise.com/2015/04/2015-data-breach-report-info/
安卓动态调试七种武器之长生剑Smali Instrumentation
http://drops.wooyun.org/papers/6045
http://drops.wooyun.org/papers/6045
Hardware-accelerated disk encryption in Android 5.1
http://nelenkov.blogspot.com/2015/05/hardware-accelerated-disk-encryption-in.html
http://nelenkov.blogspot.com/2015/05/hardware-accelerated-disk-encryption-in.html
2015 International Symposium on Software Testing and Analysis
http://issta2015.cs.uoregon.edu/papers.php
http://issta2015.cs.uoregon.edu/papers.php
Angler exploit kit using tricks to avoid referrer chain
http://blog.0x3a.com/post/118366451134/angler-exploit-kit-using-tricks-to-avoid-referrer
http://blog.0x3a.com/post/118366451134/angler-exploit-kit-using-tricks-to-avoid-referrer
A story of forgotten Disclosure and DOM XSS
https://blog.anantshri.info/forgotten_disclosure_dom_xss_prettyphoto
https://blog.anantshri.info/forgotten_disclosure_dom_xss_prettyphoto
wafw00f: identify and fingerprint Web Application Firewall products
https://github.com/sandrogauci/wafw00f
https://github.com/sandrogauci/wafw00f
NumPy Cookbook
http://pdf.th7.cn/down/files/1411/NumPy%20Cookbook.pdf
http://pdf.th7.cn/down/files/1411/NumPy%20Cookbook.pdf
歌曲推荐系统实践:Pandas、SciPy和D3.js
http://www.infoq.com/cn/news/2015/05/pandas-scipy-d3-js
http://www.infoq.com/cn/news/2015/05/pandas-scipy-d3-js
The PenTesters Framework (PTF)
https://github.com/trustedsec/ptf
https://github.com/trustedsec/ptf
60 Days of Watching Hackers Attack Elasticsearch
https://jordan-wright.github.io/blog/2015/05/11/60-days-of-watching-hackers-attack-elasticsearch/
https://jordan-wright.github.io/blog/2015/05/11/60-days-of-watching-hackers-attack-elasticsearch/
Wordpress 评论功能XSS始末
http://drops.wooyun.org/papers/6024
http://drops.wooyun.org/papers/6024
An Inside Look at the Changing Threat Landscape of 2015
http://www.emc.com/collateral/white-paper/rsa-white-paper-cybercrime-trends-2015.pdf?linkId=13970776
http://www.emc.com/collateral/white-paper/rsa-white-paper-cybercrime-trends-2015.pdf?linkId=13970776
Android APK Decompiler Online
http://www.decompileandroid.com/
http://www.decompileandroid.com/
SecRepo:Samples of Security Related Data
http://www.secrepo.com/
http://www.secrepo.com/
DedeCMS顽固木马后门专杀工具V2.0实现方式研究
http://www.cnblogs.com/LittleHann/p/4497977.html
http://www.cnblogs.com/LittleHann/p/4497977.html
企业安全应急响应中心建设理论与实践
http://security.tencent.com/index.php/blog/msg/84
http://security.tencent.com/index.php/blog/msg/84
ms15-051修正版
http://z-cg.com/post/ms15_051_fixed.html
http://z-cg.com/post/ms15_051_fixed.html
数据挖掘十大算法总结--核心思想,算法优缺点,应用领域
http://blog.csdn.net/iemyxie/article/details/40736773?utm_source=tuicool
http://blog.csdn.net/iemyxie/article/details/40736773?utm_source=tuicool
针对以色列和巴勒斯坦的apt式攻击
http://drops.wooyun.org/papers/5868
http://drops.wooyun.org/papers/5868
Week of PowerShell shells - Day 3 - HTTPS Shells
http://www.labofapenetrationtester.com/2015/05/week-of-powershell-shells-day-3.html
http://www.labofapenetrationtester.com/2015/05/week-of-powershell-shells-day-3.html
Retargetable Decompiler Online
https://retdec.com/decompilation/
https://retdec.com/decompilation/
Pwntools:CTF framework used by Gallopsled in every CTF
http://pwntools.com/
http://pwntools.com/
Resource for malware analysis
http://www.r00tsec.com/2015/05/resource-for-malware-analysis.html
http://www.r00tsec.com/2015/05/resource-for-malware-analysis.html
TiGa's Video Tutorial Series on IDA Pro
http://www.woodmann.com/TiGa/idaseries.html
http://www.woodmann.com/TiGa/idaseries.html
A How to Guide on Modern Monitoring and Alerting
http://devops.com/2014/09/02/guide-modern-monitoring-alerting/
http://devops.com/2014/09/02/guide-modern-monitoring-alerting/
Detecting Network Traffic from Metasploit’s Meterpreter
http://blog.didierstevens.com/2015/05/11/detecting-network-traffic-from-metasploits-meterpreter-reverse-http-module/
http://blog.didierstevens.com/2015/05/11/detecting-network-traffic-from-metasploits-meterpreter-reverse-http-module/
WS-Attacker:modular framework for web services penetration testing
https://github.com/RUB-NDS/WS-Attacker
https://github.com/RUB-NDS/WS-Attacker
Week of PowerShell Shells - Day 4 - WMI Shell
http://www.labofapenetrationtester.com/2015/05/week-of-powershell-shells-day-4.html
http://www.labofapenetrationtester.com/2015/05/week-of-powershell-shells-day-4.html
谈谈15年5月修复的三个0day
http://blogs.360.cn/blog/fixed_three_0days_in_may/#jtss-tsina
http://blogs.360.cn/blog/fixed_three_0days_in_may/#jtss-tsina
Week of PowerShell Shells - Day 5 - DNS, ICMP Shells and Wrap up
http://www.labofapenetrationtester.com/2015/05/week-of-powershell-shells-day-5.html
http://www.labofapenetrationtester.com/2015/05/week-of-powershell-shells-day-5.html
大型网站的 HTTPS 实践
http://op.baidu.com/2015/04/https-s01a01/
http://op.baidu.com/2015/04/https-s01a01/
Animus Threat Data Repository
https://github.com/animus-project/threat_data
https://github.com/animus-project/threat_data
Use burp's JS static code analysis on code from your local system
https://github.com/tomsteele/burpstaticscan
https://github.com/tomsteele/burpstaticscan
NoSQL injection in Mongo PHP
http://data.story.lu/2011/03/nosql-injection-in-mongo-php/
http://data.story.lu/2011/03/nosql-injection-in-mongo-php/
A curated list of awesome awesomeness
https://github.com/bayandin/awesome-awesomeness
https://github.com/bayandin/awesome-awesomeness
《安全参考》HACKCTO-201505-29
http://pan.baidu.com/s/1pJsUiDl
http://pan.baidu.com/s/1pJsUiDl
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第63期)
