SecWiki周刊(第123期)
2016/07/04-2016/07/10
安全资讯
[数据挖掘]  个人征信行业蓄势待发:首批八家个人征信大盘点
http://blog.memect.cn/?p=1110
[漏洞分析]  漏洞的稳定性及所谓的负责任披露
http://weibo.com/ttarticle/p/show?id=2309403995654442634928
[人物]  访威胁情报技术尝试者宫一鸣
http://www.aqniu.com/news-views/17506.html
[恶意分析]  Top 1000 Websites Blocking VPN & TOR Users
http://jerrygamblin.com/2016/07/06/top-1000-websites-blocking-vpn-tor-users/
[事件]  网络安全法(草案二次审议稿)全文
http://www.npc.gov.cn/npc/flcazqyj/2016-07/05/content_1993343.htm
安全技术
[Web安全]  如何利用Struts2中的webconsole.html
https://t0data.gitbooks.io/mysecuritybook/content/chapter2.html
[Web安全]  如何使用开源组件解决web应用系统中的XSS漏洞
https://t0data.gitbooks.io/mysecuritybook/content/chapter1.html
[数据挖掘]  HData: 一个支持多数据源的ETL数据导入/导出工具
https://github.com/stuxuhai/HData
[Web安全]  腾讯实习挑战赛通关writeup(冠军通关策略)
https://mp.weixin.qq.com/s?__biz=MzI0NjQxODg0Ng==&mid=2247483920&idx=1&sn=a859296a41c9b735e88ebee7ea5562fe#rd
[漏洞分析]  ARM栈溢出攻击实践:从虚拟环境搭建到ROP利用
http://www.ms509.com/?p=345
[恶意分析]  逆向浅析各种病毒的注入方式之二-----exe注入与进程替换
http://drops.wooyun.org/tips/17351
[数据挖掘]  scrapy爬取知乎用户数据
https://github.com/ansenhuang/scrapy-zhihu-users
[Web安全]  mimikittenz: extracting juicy info from memory
https://github.com/putterpanda/mimikittenz
[Web安全]  对方不想说话并扔了个message.pptx
http://pan.baidu.com/s/1pLCfCWr
[数据挖掘]  Head First Stanford NLP (1)
http://hujiaweibujidao.github.io/blog/2016/03/30/Stanford-NLP/
[运维安全]  用大数据思维做运维监控
http://www.jianshu.com/p/f634d7fc0f05
[数据挖掘]  Reusable Security: Cracking the MySpace List
http://reusablesec.blogspot.jp/2016/07/cracking-myspace-list-first-impressions.html
[运维安全]  自制蜜罐之前端部分
https://zhuanlan.zhihu.com/p/21534942
[漏洞分析]  浏览器漏洞入门
http://drops.wooyun.org/papers/17229
[杂志]  《安全档案(第一期)》:逆向工程与WEB安全
http://www.ixsec.org/wp-content/uploads/2016/07/ixsec.org_2016-07-07_06-53-27.pdf
[设备安全]  LL-Fuzzer: An automated NFC fuzzing framework for Android devices.
https://github.com/mit-ll/LL-Fuzzer
[移动安全]  TaintDroid深入剖析之启动篇
http://drops.wooyun.org/mobile/17417
[Web安全]  域渗透——EFS文件解密
http://drops.wooyun.org/tips/17352
[设备安全]  Awesome IoT. A collaborative list of great resources about IoT
https://github.com/phodal/awesome-iot
[恶意分析]  sems – Sandbox and Virtual Machine Detection Tool
http://www.sectechno.com/sems-anti-sandbox-anti-virtual-machine-detection-tool/
[Web安全]  AS_BugScan: 通过 Webshell 创建 BugScan 节点(需要目标支持 Python2.7)
https://github.com/Medicean/AS_BugScan
[运维安全]  1996-2016 Network Monitoring Tools
https://www.slac.stanford.edu/xorg/nmtf/nmtf-tools.html
[漏洞分析]  Lenovo ThinkPad System Management Mode arbitrary code execution 0day exploit
https://github.com/Cr4sh/ThinkPwn
[Web安全]  Sn1per: Automated Pentest Recon Scanner
https://github.com/1N3/Sn1per
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第123期)