SecWiki周刊(第9期)
2014/04/28-2014/05/04
安全资讯
[Web安全]  Cyber intelligence services reveal sensitive data firms are leaking online
http://www.net-security.org/secworld.php?id=16757
[Web安全]  一周海外安全事件回顾(20140421-0427)
http://www.freebuf.com/news/special/33285.html
[漏洞分析]  Skype leaves Sensitive User Data Unencrypted Locally On Computers
http://thehackernews.com/2014/04/skype-leaves-sensitive-user-data.html
[Web安全]  AOL Security Update
http://blog.aol.com/2014/04/28/aol-security-update/
[移动安全]  Android users targeted by over 99 percent of mobile malware
http://www.v3.co.uk/v3-uk/news/2342442/android-users-targeted-by-over-99-percent-of-mobile-malware
[Web安全]  One of World’s Largest Websites Hacked: Turns Visitors into “DDoS Zombies”
http://www.incapsula.com/blog/world-largest-site-xss-ddos-zombies.html
[漏洞分析]  New zero-day vulnerability identified in all versions of IE
http://www.cnet.com/news/new-zero-day-vulnerability-identified-in-all-versions-of-ie/
[Web安全]  “大数据”时代考问网络安全
http://news.sina.com.cn/c/2014-04-26/164330017134.shtml
[移动安全]  Apple iOS 7 Updates Silently Remove Encryption for Email Attachments
http://thehackernews.com/2014/05/ios-apple-iphone-data-protection-email-attachment.html
[Web安全]  Using Facebook Notes to DDoS any website
http://chr13.com/2014/04/20/using-facebook-notes-to-ddos-any-website/
安全技术
[逆向分析]  逆向基础(一) | WooYun知识库
http://drops.wooyun.org/tips/1517
[渗透测试]  Decrypting IIS Passwords to Break Out of the DMZ: Part 2
https://www.netspi.com/blog/entryid/226/decrypting-iis-passwords-to-break-out-of-the-dmz-part-2
[渗透测试]  Decrypting IIS Passwords to Break Out of the DMZ: Part 1
https://www.netspi.com/blog/entryid/215/decrypting-iis-passwords-to-break-out-of-the-dmz-part-1
[渗透测试]  keyscan.py: looking for prime factors
https://github.com/HackerFantastic/Public/blob/master/misc/keyscan.py
[其它]  #QCon北京# 云计算构架案例
http://vdisk.weibo.com/s/A0GI9rXOBuKT
[文档]  BYPASSING ADVANCED THREAT DETECTION SYSTEMS
https://3vildata.com/?p=1070
[书籍]  Reverse Engineering for Beginners book
http://yurichev.com/RE-book.html
[漏洞分析]  Out Of Control: Overcoming Control-Flow Integrity
http://www.cs.vu.nl/~herbertb/papers/outofcontrol_sp14.pdf
[Web安全]  Laravel cookie伪造,解密,和远程命令执行
http://drops.wooyun.org/papers/1515
[数据挖掘]  Spark at Twitter - Seattle Spark Meetup
http://www.slideshare.net/krishflix/seattle-spark-meetup-spark-at-twitter
[漏洞分析]  用Google语音识别API破解reCaptcha验证码
http://drops.wooyun.org/papers/1524
[Web安全]  Burp Suite使用介绍(一)
http://drops.wooyun.org/tools/1548
[移动安全]  Introduction to Android Malware Analysis
http://www.exploit-db.com/download_pdf/33093/
[漏洞分析]  CVE-2013-0640 AdobeReader任意代码执行漏洞分析
http://www.freebuf.com/vuls/33448.html
[编程技术]  A Year of MongoDB
https://speakerdeck.com/mitsuhiko/a-year-of-mongodb
[恶意分析]  The FireEye Advanced Threat Report 2013: European Edition
http://www.fireeye.com/blog/corporate/2014/04/the-fireeye-advanced-threat-report-2013-european-edition.html
[Web安全]  Burp Suite使用介绍(二)
http://drops.wooyun.org/tools/1629
[恶意分析]  Identifying Malware Traffic with Bro and (CIF)
http://blog.opensecurityresearch.com/2014/03/identifying-malware-traffic-with-bro.html
[数据挖掘]  Spark Contributor陈超:深入浅出Spark
http://share.csdn.net/slides/3070
[编程技术]  Celery: Python Distributed Task Queue
http://www.celeryproject.org/
[恶意分析]  cve-2014-1776_sample
http://pan.baidu.com/s/1mg7bQg4
[无线安全]  Characterizing Privacy Leakage of Public WiFi Networks for Users on Travel
http://spirit.cs.ucdavis.edu/pubs/conf/Ningning_INFOCOM13.pdf
[漏洞分析]  堆溢出学习笔记
http://drops.wooyun.org/tips/1621
[编程技术]  #QCon北京# 知名网站案例分析
http://vdisk.weibo.com/s/A0GI9rXOBsqH
[其它]  Tips for Public Speaking
http://speaking.io/
[恶意分析]  Lnk files in Email Malware Distribution
http://blog.spiderlabs.com/2014/05/lnk-files-in-email-malware-distribution.html
[漏洞分析]  New Flash Player 0-day (CVE-2014-0515) used in watering-hole attacks
http://www.securelist.com/en/blog/8212/New_Flash_Player_0_day_CVE_2014_0515_used_in_watering_hole_attacks
[Web安全]  UI redress attack on live.com (affected all pages)
http://seclists.org/fulldisclosure/2014/Apr/268?utm_source=twitterfeed&utm_medium=twitter
[漏洞分析]  xrop:Tool to generate ROP gadgets
https://github.com/acama/xrop
[漏洞分析]  Bypass Win8.1 UAC源码 + 文档
http://bbs.pediy.com/showthread.php?p=1279309#post1279309
[移动安全]  APKinspector: analyze the Android applications
https://github.com/honeynet/apkinspector/
[移动安全]  Revisiting Mac OS X Kernel Rootkits
http://phrack.org/papers/revisiting-mac-os-x-kernel-rootkits.html
[Web安全]  PHP Callback Functions: Another Way to Hide Backdoors
http://blog.sucuri.net/2014/04/php-callback-functions-another-way-to-hide-backdoors.html
[Web安全]  Hurricane Electric BGP Toolkit
http://bgp.he.net/
[运维安全]  zabbix企业应用之服务器硬件信息监控
http://dl528888.blog.51cto.com/2382721/1403893
[Web安全]  某众多高校邮件系统的0day挖掘思路及XSS新防御方案
http://www.91ri.org/8698.html
[漏洞分析]  可能被绕过的防御有什么用
http://weibo.com/p/1001603704271748108576
[论文]  Best Paper Awards in Computer Science (since 1996)
http://jeffhuang.com/best_paper_awards.html#institutions
[工具]  oclHashcat: advanced password recovery
https://hashcat.net/oclhashcat/
[运维安全]  Defending Against Network-based Distributed Denial of Service Attacks
https://securosis.com/blog/defending-against-NDDoS-attacks-new-paper
[Web安全]  [投稿]对某国的一次APT攻击过程
http://www.91ri.org/8752.html
[恶意分析]  CVE-2014-1776 SWF
http://pastebin.com/qEtmrtCz
[运维安全]  WaFFLE: Fingerprinting filter rules of WAFs
https://www.usenix.org/system/files/conference/woot12/woot12-final2.pdf
[编程技术]  LINE Storage: Storing billions of rows in Sharded-Redis and HBase per Month
http://tech.naver.jp/blog/?p=1420
[编程技术]  #QCon北京# 构建高效能团队
http://vdisk.weibo.com/s/A0GI9rXOBuKH
[漏洞分析]  CVE-2014-1761_sample(pass infected)
http://yun.baidu.com/s/1qW4RMA4
[数据挖掘]  BDAS:the Berkeley Data Analytics Stack
https://amplab.cs.berkeley.edu/software/
[移动安全]  Q1 2014 Mobile Threat Report
http://www.f-secure.com/weblog/archives/00002699.html
[运维安全]  小米自动化运维实践 qcon 2014 Beijing
http://noops.me/?p=1496
[Web安全]  Joomla Plugin Constructor Backdoor
http://blog.sucuri.net/2014/04/joomla-plugin-constructor-backdoor.html
[漏洞分析]  Exploit: McAfee ePolicy 0wner (ePowner) v0.1
http://funoverip.net/2014/04/mcafee-epolicy-0wner-0-1-release/
[编程技术]  SimpleSAMLphp:native PHP that deals with authentication
https://simplesamlphp.org/
[无线安全]  Snoopy: A distributed tracking and profiling framework
https://www.sensepost.com/blog/7557.html
[漏洞分析]  那些年,那些 Apache Struts2 的漏洞
http://www.freebuf.com/articles/web/33232.html
[书籍]  Wiley.Data Driven Security.Analysis.Visualization and Dashboards.2014
http://www.itpub.net/thread-1846599-1-1.html
[数据挖掘]  #QCon北京# 推荐系统工程实践
http://vdisk.weibo.com/s/A0GI9rXOBsAo
[编程技术]  对sfgg所有博客的数据统计
http://blog.segmentfault.com/bigtan/1190000000486961
[编程技术]  python的分布式任务并行处理框架Jug简单使用
http://rfyiamcool.blog.51cto.com/1030776/1405532
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第9期)