SecWiki周刊(第120期)
2016/06/13-2016/06/19
安全资讯
[其它]  谁最给力?国内各大应急响应中心奖励分析
http://www.freebuf.com/articles/others-articles/13953.html
[其它]  由FS-ISAC年会议题看目前信息安全热点
https://mp.weixin.qq.com/s?__biz=MzAwNjA3MzEwNg==&mid=2651329347&idx=1&sn=6152a9d7e31a7d6b5c81fdf39d1b89b1
安全技术
[Web安全]  一次艰难的渗透纪实
http://www.2cto.com/Article/201204/127836.html
[Web安全]  渗透实例_91Ri.org
https://www.91ri.org/category/pentest/pentest-case/page/2
[Web安全]  余弦:自学成才的黑客(安全研究员)是从哪学到那些知识的
http://www.e365.org/?p=7882
[Web安全]  内网渗透思路探索 之新思路的探索与验证 | WooYun知识库
http://drops.wooyun.org/tips/16116
[文档]  渗透测试过程环节
http://book.51cto.com/art/201309/410420.htm
[Web安全]  记一次内网渗透检测
http://my.oschina.net/u/1188877/blog/201619
[数据挖掘]  基于机器学习的waf探究
http://weibo.com/ttarticle/p/show?id=2309403986579453548505
[Web安全]  Thinkphp 漏洞小结
http://www.webshell.cc/4729.html
[视频]  ShowMeCon 2016 Videos
http://www.irongeek.com/i.php?page=videos/showmecon2016/mainlist
[移动安全]  iOS冰与火之歌 – UAF and Kernel Pwn
http://drops.wooyun.org/tips/16681
[数据挖掘]  Datamaps.co: free and simple platform for creating visualizations with data maps
https://github.com/caspg/datamaps.co
[编程技术]  Python自动化代理池
http://www.cdxy.me/python/python%e8%87%aa%e5%8a%a8%e5%8c%96%e4%bb%a3%e7%90%86%e6%b1%a0/
[Web安全]  域渗透——Dump Clear-Text Password after KB2871997 installed
http://drops.wooyun.org/papers/16818
[恶意分析]  Dangerous Websites, Adware, Banking Trojans and Surprises
https://blog.gdatasoftware.com/2016/04/28232-dangerous-websites-adware-banking-trojans-and-surprises
[文档]  28th Annual FIRST Conference / Program
https://www.first.org/conference/2016/program
[运维安全]  Struts2多版本一次性检测工具
http://0ke.org/index.php/archives/27/
[数据挖掘]  es_email_intel: Extract IOCs from emails, store them in ElasticSearch
https://github.com/pierre427/es_email_intel
[Web安全]  awesome-bug-bounty: Bug Bounty & Disclosure Programs and write-ups
https://github.com/djadmin/awesome-bug-bounty
[论文]  DDoS Trojan: A Malicious Concept that Conquered the ELF Format
https://www.virusbulletin.com/virusbulletin/2016/06/vb2015-paper-ddos-trojan-malicious-concept-conquered-elf-format/
[编程技术]  內建安全的软件开发 
https://mp.weixin.qq.com/s?__biz=MjM5MjY3OTgwMA==&mid=2652453481&idx=1&sn=c8caed739d83008a926e1cff7553cab6
[Web安全]  浅谈nginx + lua在安全中的一些应用
https://zhuanlan.zhihu.com/p/21362834
[漏洞分析]  三个白帽之从pwn me调试到Linux攻防学习
http://drops.wooyun.org/binary/16700
[Web安全]  Advisory: HTTP Header Injection in Python urllib
http://blog.blindspotsecurity.com/2016/06/advisory-http-header-injection-in.html
[设备安全]  针对网络空间关键基础设施情报收集的组织行为分析报告
http://plcscan.org/blog/2016/06/ics-security-research-report-2016-05/
[漏洞分析]  CVE-2014-6352漏洞及定向攻击样本分析
http://drops.wooyun.org/papers/16825
[Web安全]  Stories of XSS in Google (April – May, 2016)
http://arsiadi.net/2016/06/11/stories-of-xss-in-google-april-may-2016/
[编程技术]  一个简单的聊天或者私信系统设计
http://www.ideawu.net/blog/archives/953.html
[Web安全]  Python API for dnsd
https://github.com/PaulSec/API-dnsdumpster.com
[漏洞分析]  Summary of recent Anti-Sandbox Tricks
http://joe4security.blogspot.tw/2016/06/summary-of-recent-anti-sandbox-tricks.html
[运维安全]  老马哥哥谈企业安全技术品牌建设
http://mp.weixin.qq.com/s?__biz=MjM5Njc3NjM4MA==&mid=2651067201&idx=1&sn=bfceaeb3e63070c017604696d67050fa&scene=23&srcid=0613Cq6qCslxJgOzt0M0WRed#rd
[编程技术]  CSDN已推出30多个知识库
http://mp.weixin.qq.com/s?__biz=MzAwNzIzMDY5OA==&mid=2651424080&idx=1&sn=1ff179fb92fd2aeb8efb2cd4c6d22674
[编程技术]  谈一谈越来越难做的前端
http://www.barretlee.com/blog/2016/06/13/talk-about-front-end/
安全专题
国内安全应急响应中心(src)
https://www.sec-wiki.com/topic/71
-----微信ID:SecWiki-----
SecWiki,13年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第120期)