SecWiki周刊（第10期)

SecWiki周刊（第10期）

2014/05/05-2014/05/11

安全资讯

[Web安全] 一周海外安全事件回顾（20140428-0504）
http://www.freebuf.com/news/special/33727.html

[运维安全] 翰海源关于Struts2漏洞的统计分析报告
http://blog.vulnhunt.com/index.php/2014/05/05/%e7%bf%b0%e6%b5%b7%e6%ba%90%e5%85%b3%e4%ba%8estruts2%e6%bc%8f%e6%b4%9e%e7%9a%84%e7%bb%9f%e8%ae%a1%e5%88%86%e6%9e%90%e6%8a%a5%e5%91%8a/

[其它] 中国发布首部国家安全报告
http://www.ziwzx.com/htm/szyw/2014/0506/2592.html?bsh_bid=401238395

[Web安全] 一周海外安全事件回顾（20140421-0427）
http://www.freebuf.com/news/special/33285.html

安全技术

[漏洞分析] ROPs are for the 99%: A revolutionary bypass technology
http://pastebin.ubuntu.com/7444950/

[取证分析] inception： FireWire physical memory manipulation and hacking tool
https://github.com/carmaa/inception

[漏洞分析] Debug Struts2 S2-021的一点心得体会
http://drops.wooyun.org/papers/1778

[运维安全] 使用Suricata進行IDS/IPS
http://maskray.me/blog/2013-07-26-ids-ips-with-suricata

[编程技术] django-xadmin：Bootstrap3.0框架的后台管理系统框架
http://sshwsfc.github.io/django-xadmin/#features

[漏洞分析] 部分dve技术实现代码
http://weibo.com/p/1001603708954432635204

[编程技术] [林仕鼎]系统架构领域的一些学习材料
http://shentar.me/%e8%bd%ac%e8%87%aa%e6%9e%97%e4%bb%95%e9%bc%8e%e7%b3%bb%e7%bb%9f%e6%9e%b6%e6%9e%84%e9%a2%86%e5%9f%9f%e7%9a%84%e4%b8%80%e4%ba%9b%e5%ad%a6%e4%b9%a0%e6%9d%90%e6%96%99/

[Web安全] 编写变态的(非字母数字的)PHP后门
http://www.freebuf.com/articles/web/33824.html

[Web安全] 360hackgame writeup
http://drops.wooyun.org/tips/1666

[设备安全] SniffMap: Maps of Five Eyes interception
http://sniffmap.telcomap.org/

[漏洞分析] The Nitty Gritty of Sandbox Evasion
http://www.fireeye.com/blog/corporate/2014/05/live-from-infosecurity-europe-2014-the-nitty-gritty-of-sandbox-evasion.html

[编程技术] 15款最好的 Twitter Bootstrap 开发工具
http://www.cnblogs.com/lhb25/p/15-best-bootstrap-tools-for-designers.html

[漏洞分析] [CVE-2014-3005]Zabbix 1.8.x-2.2.x Local File Inclusion via XXE Attack | 风井
http://www.pnigos.com/?p=273

[恶意分析] Ghost-Hunting With Anti-Virus
http://www.fireeye.com/blog/corporate/2014/05/ghost-hunting-with-anti-virus.html

[Web安全] [投稿]从CVE-2014-0166看高效率EXP的编写
http://www.91ri.org/8871.html

[设备安全] 工控系统的安全风险及对策
http://www.i170.com/user/falcon/Article_124070

[编程技术] QCon北京2014大会
http://www.qconbeijing.com/videoslides.html

[书籍] 软件定义网络（中文版）（1-4章）
http://www.valleytalk.org/2014/05/05/%e8%bd%af%e4%bb%b6%e5%ae%9a%e4%b9%89%e7%bd%91%e7%bb%9c%ef%bc%88%e4%b8%ad%e6%96%87%e7%89%88%ef%bc%89%ef%bc%881-4%e7%ab%a0%ef%bc%89/

[运维安全] SQL SERVER 2008安全配置
http://drops.wooyun.org/tips/1670

[漏洞分析] CVE-2014-1776 的 fun() 函数
http://paste.ubuntu.com/7402258/

[漏洞分析] 安全漏洞概念及分类
http://pan.baidu.com/s/1kT9LT4r

[Web安全] 针对近期“博全球眼球的OAuth漏洞”的分析与防范建议
http://www.freebuf.com/vuls/33750.html

[Web安全] Egor Homakov: Covert Redirect FAQ
http://homakov.blogspot.com/2014/05/covert-redirect-faq.html

[漏洞分析] Python gdb Disassembly Extension 1.20
http://www.thegreycorner.com/2014/05/python-gdb-disassembly-extension-120.html

[数据挖掘] 分布式基础计划详情
http://study.163.com/plan/planIntroduction/272067.htm#/planDetail

[书籍] LIONsolver: the Learning and Intelligent OptimizatioN solver
http://www.lionsolver.com/LIONbook/

[无线安全] 走进科学: 无线安全需要了解的芯片选型、扫描器使用知识
http://www.freebuf.com/articles/wireless/33524.html

[漏洞分析] Windows平台下的堆溢出利用技术（二）（上篇）
http://drops.wooyun.org/papers/1714

[运维安全] Prolexic_Q12014_Global_Attack_Report_US_041614
http://vdisk.weibo.com/s/C72IDYVyeiWsd/1399302056

[漏洞分析] Double-Dip: Using the latest IE 0-day to get RCE and an ASLR Bypass
http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Double-Dip-Using-the-latest-IE-0-day-to-get-RCE-and-an-ASLR/ba-p/6466280#.U2mpkihlIbx

[Web安全] Spring MVC xml绑定pojo造成的XXE
http://drops.wooyun.org/papers/1911

[运维安全] New Paper: Advanced Endpoint and Server Protection
https://securosis.com/blog/new-paper-advanced-endpoint-and-server-protection

[移动安全] 动态调试 Android so库函数的方法
http://riusksk.blogbus.com/logs/271566148.html

[编程技术] 架构师（4月刊）
http://www.infoq.com/cn/minibooks/architect-apr-10-2014

[其它] 《How to Read an Engineering Research Paper》笔记
http://liusihao.com/post/85169957748/how-to-read-an-engineering-research-paper

[Web安全] MSSQL注射知识库 v 1.0
http://drops.wooyun.org/tips/1620

[恶意分析] HII_The_Non-Advanced_Persistent_Threat
http://vdisk.weibo.com/s/C72IDYVyeiYWJ/1399389089

[编程技术] 我的算法学习之路
http://zh.lucida.me/blog/on-learning-algorithms/

[编程技术] 关于效率、程序与生活的一些思考
http://jackiekuo.com/book/2014/04/19/thoughts-on-effectivity-program-and-life/

[编程技术] 有关网络攻击的世界地图是怎么开发的
http://www.zhihu.com/question/23624209

[运维安全] 2014-annual-ddos-attacks-and-impact-report
http://vdisk.weibo.com/s/C72IDYVyeiWt0/1399301885

[漏洞分析] http://www.exploit-db.com/download_pdf/33196/
Windows Heap Overflow Exploitation

[恶意分析] Exploit Kit Roundup: Best of Obfuscation Techniques
http://blog.spiderlabs.com/2014/05/exploit-kit-roundup-best-of-obfuscation-techniques.html

[运维安全] DNS详解
http://liusihao.com/post/85195629143/dns

[恶意分析] Assembly Language Tutorial
https://wiki.skullsecurity.org/Assembly

[Web安全] Open Flash Charts File Upload Attacks
http://blog.spiderlabs.com/2014/05/honeypot-alert-open-flash-charts-file-upload-attacks.html

[编程技术] 我读《大型网站技术架构》笔记
http://iamzhongyong.iteye.com/blog/2063481

[Web安全] SQL Injection in Insert, Update and Delete Statements
http://www.exploit-db.com/download_pdf/33253

[漏洞分析] 逆向基础（二）
http://drops.wooyun.org/tips/1931

-----微信ID：SecWiki-----
SecWiki，12年来一直专注安全技术资讯分析！
SecWiki：https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第10期)

SecWiki周刊（第10期）

最新公告

友情链接

SecWiki公众号

安全学术圈