SecWiki周刊(第63期)
2015/05/11-2015/05/17
安全资讯
[论文]  工业界 vs. 学术界:一个年轻员工的视角
http://weibo.com/p/1001603841989056573774
[会议]  OWASP AppSec Research (AppSecEU) 2015
http://2015.appsec.eu/keynotes/#keynote10
[运维安全]  2015年SANS网络威胁情报峰会
http://www.sec-un.org/2015-sans-cyber-threat-intelligence-summit-2.html
[漏洞分析]  The Wolves of Vuln Street
https://hackerone.com/news/the-wolves-of-vuln-street
[漏洞分析]  What's new with Exploit-Database?
https://www.offensive-security.com/offsec/whats-new-with-exploit-database/
[其它]  全球安全事件纵览(2015年4月):暗流涌动
http://www.freebuf.com/news/66684.html
[比赛]  第三届-360信息安全大赛
http://bobao.360.cn/activity/detail/155.html
[其它]  硅谷最火最有名的高科技创业公司和技术都有哪些?
http://mp.weixin.qq.com/s?__biz=MzA4MjQwNTExMA==&mid=205386787&idx=1&sn=04788f1dc8352ca32948460bd6e3fe31
[会议]  Apple Security Talks & Craft Beer
http://www.jailbreaksecuritysummit.com/
[文档]  2015年1-4月中国移动互联网行业发展分析报告
http://mp.weixin.qq.com/s?__biz=MzA4Nzc3MzA4OA==&mid=207253300&idx=1&sn=c3549aa82d3250261c60cf6b27c2429c
安全技术
[编程技术]  手撕包菜磁力搜索引擎的开源说明
http://xiaoxia.org/2015/05/15/shousibaocai-opensource/
[Web安全]  libinjection:SQL / SQLI tokenizer parser analyzer
https://github.com/client9/libinjection
[运维安全]  Docker日志自动化: ElasticSearch、Logstash、Kibana以及Logspout
http://dockone.io/article/373
[其它]  信息安全与密码学方向应该掌握的52个知识点
http://www.vonwei.com/post/52knowledgeForCryptographyPHD.html
[Web安全]  Web 安全介绍与基础入门知识
http://www.jikexueyuan.com/course/885.html
[运维安全]  CCIE网络工程师成长之路
http://www.ccietea.com/
[设备安全]  Hard Disk Firmware Hacking (Part 5)
http://www.malwaretech.com/2015/05/hard-disk-firmware-hacking-part-5.html
[编程技术]  Google技术开发指南:给大学生自学的建议
http://blog.jobbole.com/80621/
[恶意分析]  Verizon 2015 Data Breach Investigations Report
http://news.verizonenterprise.com/2015/04/2015-data-breach-report-info/
[移动安全]  Hardware-accelerated disk encryption in Android 5.1
http://nelenkov.blogspot.com/2015/05/hardware-accelerated-disk-encryption-in.html
[移动安全]  安卓动态调试七种武器之长生剑Smali Instrumentation
http://drops.wooyun.org/papers/6045
[论文]  2015 International Symposium on Software Testing and Analysis
http://issta2015.cs.uoregon.edu/papers.php
[Web安全]  A story of forgotten Disclosure and DOM XSS
https://blog.anantshri.info/forgotten_disclosure_dom_xss_prettyphoto
[Web安全]  Angler exploit kit using tricks to avoid referrer chain
http://blog.0x3a.com/post/118366451134/angler-exploit-kit-using-tricks-to-avoid-referrer
[Web安全]  wafw00f: identify and fingerprint Web Application Firewall products
https://github.com/sandrogauci/wafw00f
[数据挖掘]  歌曲推荐系统实践:Pandas、SciPy和D3.js
http://www.infoq.com/cn/news/2015/05/pandas-scipy-d3-js
[恶意分析]  60 Days of Watching Hackers Attack Elasticsearch
https://jordan-wright.github.io/blog/2015/05/11/60-days-of-watching-hackers-attack-elasticsearch/
[Web安全]  The PenTesters Framework (PTF)
https://github.com/trustedsec/ptf
[漏洞分析]  An Inside Look at the Changing Threat Landscape of 2015
http://www.emc.com/collateral/white-paper/rsa-white-paper-cybercrime-trends-2015.pdf?linkId=13970776
[Web安全]  Wordpress 评论功能XSS始末
http://drops.wooyun.org/papers/6024
[移动安全]  Android APK Decompiler Online
http://www.decompileandroid.com/
[恶意分析]  SecRepo:Samples of Security Related Data
http://www.secrepo.com/
[Web安全]  ms15-051修正版
http://z-cg.com/post/ms15_051_fixed.html
[恶意分析]  针对以色列和巴勒斯坦的apt式攻击
http://drops.wooyun.org/papers/5868
[运维安全]  DedeCMS顽固木马后门专杀工具V2.0实现方式研究
http://www.cnblogs.com/LittleHann/p/4497977.html
[运维安全]  企业安全应急响应中心建设理论与实践
http://security.tencent.com/index.php/blog/msg/84
[Web安全]  Week of PowerShell shells - Day 3 - HTTPS Shells
http://www.labofapenetrationtester.com/2015/05/week-of-powershell-shells-day-3.html
[数据挖掘]  数据挖掘十大算法总结--核心思想,算法优缺点,应用领域
http://blog.csdn.net/iemyxie/article/details/40736773?utm_source=tuicool
[恶意分析]  Retargetable Decompiler Online
https://retdec.com/decompilation/
[漏洞分析]  Pwntools:CTF framework used by Gallopsled in every CTF
http://pwntools.com/
[恶意分析]  Resource for malware analysis
http://www.r00tsec.com/2015/05/resource-for-malware-analysis.html
[恶意分析]  TiGa's Video Tutorial Series on IDA Pro
http://www.woodmann.com/TiGa/idaseries.html
[运维安全]  A How to Guide on Modern Monitoring and Alerting
http://devops.com/2014/09/02/guide-modern-monitoring-alerting/
[Web安全]  WS-Attacker:modular framework for web services penetration testing
https://github.com/RUB-NDS/WS-Attacker
[运维安全]  高效运维最佳实践
http://www.infoq.com/cn/articles/effective-ops-part-04
[Web安全]  Week of PowerShell Shells - Day 4 - WMI Shell
http://www.labofapenetrationtester.com/2015/05/week-of-powershell-shells-day-4.html
[漏洞分析]  谈谈15年5月修复的三个0day
http://blogs.360.cn/blog/fixed_three_0days_in_may/#jtss-tsina
[Web安全]  Week of PowerShell Shells - Day 5 - DNS, ICMP Shells and Wrap up
http://www.labofapenetrationtester.com/2015/05/week-of-powershell-shells-day-5.html
[运维安全]  大型网站的 HTTPS 实践
http://op.baidu.com/2015/04/https-s01a01/
[恶意分析]  Animus Threat Data Repository
https://github.com/animus-project/threat_data
[Web安全]  Use burp's JS static code analysis on code from your local system
https://github.com/tomsteele/burpstaticscan
[Web安全]  NoSQL injection in Mongo PHP
http://data.story.lu/2011/03/nosql-injection-in-mongo-php/
[编程技术]  A curated list of awesome awesomeness
https://github.com/bayandin/awesome-awesomeness
[杂志]  《安全参考》HACKCTO-201505-29
http://pan.baidu.com/s/1pJsUiDl
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第63期)