SecWiki周刊(第17期)
2014/06/23-2014/06/29
安全资讯
[Web安全]  IDC:中国IT安全硬件、软件和服务全景图2014–2018 预测与分析
http://yepeng.blog.51cto.com/3101105/1430943
[Web安全]  Gartner:2014年SIEM(安全信息与事件管理)市场分析
http://yepeng.blog.51cto.com/3101105/1431857
[Web安全]  CCID: 2013-2014年度中国信息安全产品市场研究年度报告
http://yepeng.blog.51cto.com/3101105/1430933
安全技术
[Web安全]  论黑产黑阔如何安全地转移赃款/洗钱?
http://drops.wooyun.org/news/2450
[Web安全]  XssHtml – 基于白名单的富文本XSS过滤类
http://www.freebuf.com/tools/37106.html
[Web安全]  用Burpsuite 来处理csrf token
http://drops.wooyun.org/tips/2460
[Web安全]  Charles Web Debugging Proxy
http://www.charlesproxy.com/
[Web安全]   CAPTCHA (驗證碼) OCR 前置處理
http://steven5538.hack-stuff.com/2014/06/captcha-ocr-python.html
[数据挖掘]  Spark:一个高效的分布式计算系统
http://tech.uc.cn/?p=2116
[数据挖掘]  Interactive Data Visualization for the Web
http://chimera.labs.oreilly.com/books/1230000000345/
[Web安全]  一个巧妙的sshd后门
http://www.icylife.net/blog/?p=950
[Web安全]  mysql新型报错注入(mysql无符号整数溢出)
http://www.jinglingshu.org/?p=7343
[Web安全]  odat:Oracle Database Attacking Tool
https://github.com/quentinhardy/odat
[运维安全]  baseline_testing:Linux的配置检查工具
https://github.com/smarttang/baseline_testing
[Web安全]  Mimikatz ON Metasploit
http://drops.wooyun.org/tips/2443
[无线安全]  Aircrack-ng Suite Cheatsheet
https://evilzone.org/security-tools/aircrack-ng-suite-cheatsheet/
[移动安全]  Attacking Android browsers via intent scheme URLs
http://www.mbsd.jp/Whitepaper/IntentScheme.pdf
[运维安全]  awesome-sysadmin
https://github.com/kahun/awesome-sysadmin
[漏洞分析]  Iscc驱动漏洞题目分析与利用
http://www.91ri.org/9399.html
[运维安全]  Linux被DDOS&CC攻击解决实例
http://drops.wooyun.org/tips/2457
[恶意分析]  malcom:Malware Communications Analyzer
https://github.com/tomchop/malcom
[移动安全]  一套标准的安卓挂马代码
http://weibo.com/p/1001603724694418249344
[Web安全]  C99.PHP webshell 绕过登陆密码漏洞
http://www.5luyu.cn/archives/69/
[移动安全]  drozer- security and attack framework for Android
http://www.sectechno.com/2014/06/22/drozer-security-and-attack-framework-for-android/
[无线安全]  Hacking with Android Part 2: Network Spoofer (HD)
https://www.youtube.com/watch?v=sm-llBJA8EA
[恶意分析]  MalwareResourceScanner
https://github.com/edix/MalwareResourceScanner
[Web安全]  Linux 通配符可能产生的问题
http://drops.wooyun.org/papers/2448
[漏洞分析]  VRT: Exceptional behavior: the Windows 8.1 X64 SEH Implementation
http://vrt-blog.snort.org/2014/06/exceptional-behavior-windows-81-x64-seh.html
[恶意分析]  Detecting Keyloggers on Dynamic Analysis Systems
http://labs.lastline.com/detecting-keyloggers-on-dynamic-analysis-systems
[漏洞分析]  Bypassing Windows 8.1 Mitigations using Unsafe COM Objects
http://www.contextis.com/blog/windows-mitigaton-bypass/
[其它]  Ubuntu 安装使用 DNSCrypt
http://www.slblog.net/2014/06/install-dnscrypt-on-ubuntu/
[编程技术]  Searchcode: 源代码搜索利器
https://searchcode.com/
[编程技术]  prowler:Base Code for P2P Network Crawlers
https://github.com/tillmannw/prowler
[无线安全]  Android渗透测试工具大合集
http://www.freebuf.com/tools/36880.html
[Web安全]  流量劫持 —— 浮层登录框的隐患
http://fex.baidu.com/blog/2014/06/danger-behind-popup-login-dialog/
[恶意分析]  主流APT解决方案对比分析
http://safe.zol.com.cn/463/4635852.html
[编程技术]  fullPage.js:jQuery全屏滚动插件
https://github.com/alvarotrigo/fullPage.js
[漏洞分析]  Offensive Computer Security Home Page
http://www.cs.fsu.edu/~redwood/OffensiveComputerSecurity/lectures.html
[编程技术]  基于AngularJS的企业软件前端架构
http://www.infoq.com/cn/presentations/frontend-architecture-based-on-angularjs
[恶意分析]  Beta Version of VMRay Analyzer
http://www.vmray.com/beta-version-of-vmray-analyzer/
[Web安全]  CUIT 2014 Writeup
http://www.91ri.org/9482.html
[编程技术]  Visualizing Algorithms
http://bost.ocks.org/mike/algorithms/
[编程技术]  跟python有关的东西
http://iteches.com/archives/63840
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第17期)