SecWiki周刊（第63期)

SecWiki周刊（第63期）

2015/05/11-2015/05/17

安全资讯

[论文] 工业界 vs. 学术界:一个年轻员工的视角
http://weibo.com/p/1001603841989056573774

[会议] OWASP AppSec Research (AppSecEU) 2015
http://2015.appsec.eu/keynotes/#keynote10

[运维安全] 2015年SANS网络威胁情报峰会
http://www.sec-un.org/2015-sans-cyber-threat-intelligence-summit-2.html

[漏洞分析] The Wolves of Vuln Street
https://hackerone.com/news/the-wolves-of-vuln-street

[漏洞分析] What's new with Exploit-Database?
https://www.offensive-security.com/offsec/whats-new-with-exploit-database/

[运维安全] Who’s Scanning Your Network
http://krebsonsecurity.com/2015/05/whos-scanning-your-network-a-everyone/

[其它] 全球安全事件纵览（2015年4月）：暗流涌动
http://www.freebuf.com/news/66684.html

[比赛] 第三届-360信息安全大赛
http://bobao.360.cn/activity/detail/155.html

[其它] 硅谷最火最有名的高科技创业公司和技术都有哪些？
http://mp.weixin.qq.com/s?__biz=MzA4MjQwNTExMA==&mid=205386787&idx=1&sn=04788f1dc8352ca32948460bd6e3fe31

[会议] Apple Security Talks & Craft Beer
http://www.jailbreaksecuritysummit.com/

[文档] 2015年1-4月中国移动互联网行业发展分析报告
http://mp.weixin.qq.com/s?__biz=MzA4Nzc3MzA4OA==&mid=207253300&idx=1&sn=c3549aa82d3250261c60cf6b27c2429c

安全技术

[编程技术] 手撕包菜磁力搜索引擎的开源说明
http://xiaoxia.org/2015/05/15/shousibaocai-opensource/

[Web安全] libinjection:SQL / SQLI tokenizer parser analyzer
https://github.com/client9/libinjection

[运维安全] Docker日志自动化: ElasticSearch、Logstash、Kibana以及Logspout
http://dockone.io/article/373

[其它] 信息安全与密码学方向应该掌握的52个知识点
http://www.vonwei.com/post/52knowledgeForCryptographyPHD.html

[Web安全] Web 安全介绍与基础入门知识
http://www.jikexueyuan.com/course/885.html

[运维安全] CCIE网络工程师成长之路
http://www.ccietea.com/

[运维安全] Docker安全运维的checklist
https://benchmarks.cisecurity.org/tools2/docker/CIS_Docker_1.6_Benchmark_v1.0.0.pdf

[设备安全] Hard Disk Firmware Hacking (Part 5)
http://www.malwaretech.com/2015/05/hard-disk-firmware-hacking-part-5.html

[编程技术] Google技术开发指南：给大学生自学的建议
http://blog.jobbole.com/80621/

[恶意分析] Verizon 2015 Data Breach Investigations Report
http://news.verizonenterprise.com/2015/04/2015-data-breach-report-info/

[移动安全] 安卓动态调试七种武器之长生剑Smali Instrumentation
http://drops.wooyun.org/papers/6045

[移动安全] Hardware-accelerated disk encryption in Android 5.1
http://nelenkov.blogspot.com/2015/05/hardware-accelerated-disk-encryption-in.html

[论文] 2015 International Symposium on Software Testing and Analysis
http://issta2015.cs.uoregon.edu/papers.php

[Web安全] A story of forgotten Disclosure and DOM XSS
https://blog.anantshri.info/forgotten_disclosure_dom_xss_prettyphoto

[Web安全] Angler exploit kit using tricks to avoid referrer chain
http://blog.0x3a.com/post/118366451134/angler-exploit-kit-using-tricks-to-avoid-referrer

[Web安全] wafw00f: identify and fingerprint Web Application Firewall products
https://github.com/sandrogauci/wafw00f

[书籍] NumPy Cookbook
http://pdf.th7.cn/down/files/1411/NumPy%20Cookbook.pdf

[数据挖掘] 歌曲推荐系统实践：Pandas、SciPy和D3.js
http://www.infoq.com/cn/news/2015/05/pandas-scipy-d3-js

[恶意分析] 60 Days of Watching Hackers Attack Elasticsearch
https://jordan-wright.github.io/blog/2015/05/11/60-days-of-watching-hackers-attack-elasticsearch/

[Web安全] The PenTesters Framework (PTF)
https://github.com/trustedsec/ptf

[Web安全] Wordpress 评论功能XSS始末
http://drops.wooyun.org/papers/6024

[漏洞分析] An Inside Look at the Changing Threat Landscape of 2015
http://www.emc.com/collateral/white-paper/rsa-white-paper-cybercrime-trends-2015.pdf?linkId=13970776

[移动安全] Android APK Decompiler Online
http://www.decompileandroid.com/

[Web安全] ms15-051修正版
http://z-cg.com/post/ms15_051_fixed.html

[恶意分析] SecRepo:Samples of Security Related Data
http://www.secrepo.com/

[恶意分析] 针对以色列和巴勒斯坦的apt式攻击
http://drops.wooyun.org/papers/5868

[运维安全] 企业安全应急响应中心建设理论与实践
http://security.tencent.com/index.php/blog/msg/84

[运维安全] DedeCMS顽固木马后门专杀工具V2.0实现方式研究
http://www.cnblogs.com/LittleHann/p/4497977.html

[Web安全] Week of PowerShell shells - Day 3 - HTTPS Shells
http://www.labofapenetrationtester.com/2015/05/week-of-powershell-shells-day-3.html

[数据挖掘] 数据挖掘十大算法总结--核心思想，算法优缺点，应用领域
http://blog.csdn.net/iemyxie/article/details/40736773?utm_source=tuicool

[恶意分析] Retargetable Decompiler Online
https://retdec.com/decompilation/

[漏洞分析] Pwntools:CTF framework used by Gallopsled in every CTF
http://pwntools.com/

[恶意分析] Resource for malware analysis
http://www.r00tsec.com/2015/05/resource-for-malware-analysis.html

[恶意分析] TiGa's Video Tutorial Series on IDA Pro
http://www.woodmann.com/TiGa/idaseries.html

[运维安全] A How to Guide on Modern Monitoring and Alerting
http://devops.com/2014/09/02/guide-modern-monitoring-alerting/

[恶意分析] The Naikon APT
https://securelist.com/analysis/publications/69953/the-naikon-apt/

[取证分析] Detecting Network Traffic from Metasploit’s Meterpreter
http://blog.didierstevens.com/2015/05/11/detecting-network-traffic-from-metasploits-meterpreter-reverse-http-module/

[Web安全] WS-Attacker:modular framework for web services penetration testing
https://github.com/RUB-NDS/WS-Attacker

[运维安全] 高效运维最佳实践
http://www.infoq.com/cn/articles/effective-ops-part-04

[Web安全] Week of PowerShell Shells - Day 4 - WMI Shell
http://www.labofapenetrationtester.com/2015/05/week-of-powershell-shells-day-4.html

[漏洞分析] 谈谈15年5月修复的三个0day
http://blogs.360.cn/blog/fixed_three_0days_in_may/#jtss-tsina

[Web安全] Week of PowerShell Shells - Day 5 - DNS, ICMP Shells and Wrap up
http://www.labofapenetrationtester.com/2015/05/week-of-powershell-shells-day-5.html

[运维安全] 大型网站的 HTTPS 实践
http://op.baidu.com/2015/04/https-s01a01/

[恶意分析] Animus Threat Data Repository
https://github.com/animus-project/threat_data

[Web安全] Use burp's JS static code analysis on code from your local system
https://github.com/tomsteele/burpstaticscan

[Web安全] NoSQL injection in Mongo PHP
http://data.story.lu/2011/03/nosql-injection-in-mongo-php/

[编程技术] A curated list of awesome awesomeness
https://github.com/bayandin/awesome-awesomeness

[杂志] 《安全参考》HACKCTO-201505-29
http://pan.baidu.com/s/1pJsUiDl

-----微信ID：SecWiki-----
SecWiki，12年来一直专注安全技术资讯分析！
SecWiki：https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第63期)

SecWiki周刊（第63期）

最新公告

友情链接

SecWiki公众号

安全学术圈