SecWiki周刊（第17期)

SecWiki周刊（第17期）

2014/06/23-2014/06/29

安全资讯

[Web安全] IDC：中国IT安全硬件、软件和服务全景图2014–2018 预测与分析
http://yepeng.blog.51cto.com/3101105/1430943

[Web安全] Gartner：2014年SIEM（安全信息与事件管理）市场分析
http://yepeng.blog.51cto.com/3101105/1431857

[Web安全] TimThumb plugin zero-day found, WordPress websites at risk
http://grahamcluley.com/2014/06/timthumb-plugin-zero-day-vulnerability-discovered-thousands-wordpress-websites-risk/?utm_source=rss&utm_medium=rss&utm_campaign=timthumb-plugin-zero-day-vulnerability-discovered-thousands-wordpress-websites-risk&omhide

[Web安全] CCID: 2013-2014年度中国信息安全产品市场研究年度报告
http://yepeng.blog.51cto.com/3101105/1430933

安全技术

[Web安全] 论黑产黑阔如何安全地转移赃款/洗钱？
http://drops.wooyun.org/news/2450

[Web安全] XssHtml – 基于白名单的富文本XSS过滤类
http://www.freebuf.com/tools/37106.html

[Web安全] Charles Web Debugging Proxy
http://www.charlesproxy.com/

[Web安全] 用Burpsuite 来处理csrf token
http://drops.wooyun.org/tips/2460

[运维安全] DNS Sinkhole
http://resources.infosecinstitute.com/dns-sinkhole/

[Web安全] CAPTCHA (驗證碼) OCR 前置處理
http://steven5538.hack-stuff.com/2014/06/captcha-ocr-python.html

[数据挖掘] Spark：一个高效的分布式计算系统
http://tech.uc.cn/?p=2116

[数据挖掘] Interactive Data Visualization for the Web
http://chimera.labs.oreilly.com/books/1230000000345/

[Web安全] odat:Oracle Database Attacking Tool
https://github.com/quentinhardy/odat

[Web安全] 一个巧妙的sshd后门
http://www.icylife.net/blog/?p=950

[运维安全] baseline_testing：Linux的配置检查工具
https://github.com/smarttang/baseline_testing

[Web安全] mysql新型报错注入(mysql无符号整数溢出)
http://www.jinglingshu.org/?p=7343

[漏洞分析] Iscc驱动漏洞题目分析与利用
http://www.91ri.org/9399.html

[Web安全] Mimikatz ON Metasploit
http://drops.wooyun.org/tips/2443

[编程技术] 构建一个类timeline系统的架构设计
http://neoremind.net/2014/06/%e6%9e%84%e5%bb%ba%e4%b8%80%e4%b8%aa%e7%b1%bbtimeline%e7%b3%bb%e7%bb%9f%e7%9a%84%e6%9e%b6%e6%9e%84%e8%ae%be%e8%ae%a1/

[移动安全] Attacking Android browsers via intent scheme URLs
http://www.mbsd.jp/Whitepaper/IntentScheme.pdf

[无线安全] Aircrack-ng Suite Cheatsheet
https://evilzone.org/security-tools/aircrack-ng-suite-cheatsheet/

[运维安全] awesome-sysadmin
https://github.com/kahun/awesome-sysadmin

[恶意分析] malcom：Malware Communications Analyzer
https://github.com/tomchop/malcom

[运维安全] Linux被DDOS&CC攻击解决实例
http://drops.wooyun.org/tips/2457

[编程技术] php 依赖管理工具 composer 中文视频教程
http://www.kittencup.com/composer-%E4%B8%AD%E6%96%87%E8%A7%86%E9%A2%91%E7%9B%AE%E5%BD%95%E5%85%8D%E8%B4%B9%E3%80%81%E8%B6%85%E6%B8%85/

[移动安全] drozer- security and attack framework for Android
http://www.sectechno.com/2014/06/22/drozer-security-and-attack-framework-for-android/

[Web安全] C99.PHP webshell 绕过登陆密码漏洞
http://www.5luyu.cn/archives/69/

[移动安全] 一套标准的安卓挂马代码
http://weibo.com/p/1001603724694418249344

[无线安全] Hacking with Android Part 2: Network Spoofer (HD)
https://www.youtube.com/watch?v=sm-llBJA8EA

[Web安全] Evil HTTP Compression - Compression Bombs
http://www.cyberis.co.uk/downloads/Cyberis%20Whitepaper%20-%20Evil%20HTTP%20Compression.pdf

[Web安全] Linux 通配符可能产生的问题
http://drops.wooyun.org/papers/2448

[恶意分析] MalwareResourceScanner
https://github.com/edix/MalwareResourceScanner

[漏洞分析] Bypassing Windows 8.1 Mitigations using Unsafe COM Objects
http://www.contextis.com/blog/windows-mitigaton-bypass/

[漏洞分析] VRT: Exceptional behavior: the Windows 8.1 X64 SEH Implementation
http://vrt-blog.snort.org/2014/06/exceptional-behavior-windows-81-x64-seh.html

[恶意分析] Detecting Keyloggers on Dynamic Analysis Systems
http://labs.lastline.com/detecting-keyloggers-on-dynamic-analysis-systems

[漏洞分析] CS161 Syllabus
http://inst.eecs.berkeley.edu/~cs161/fa08/syllabus.html

[其它] Ubuntu 安装使用 DNSCrypt
http://www.slblog.net/2014/06/install-dnscrypt-on-ubuntu/

[编程技术] prowler:Base Code for P2P Network Crawlers
https://github.com/tillmannw/prowler

[编程技术] Searchcode: 源代码搜索利器
https://searchcode.com/

[Web安全] 流量劫持 —— 浮层登录框的隐患
http://fex.baidu.com/blog/2014/06/danger-behind-popup-login-dialog/

[编程技术] 基于AngularJS的企业软件前端架构
http://www.infoq.com/cn/presentations/frontend-architecture-based-on-angularjs

[无线安全] Android渗透测试工具大合集
http://www.freebuf.com/tools/36880.html

[恶意分析] 主流APT解决方案对比分析
http://safe.zol.com.cn/463/4635852.html

[编程技术] fullPage.js:jQuery全屏滚动插件
https://github.com/alvarotrigo/fullPage.js

[漏洞分析] Offensive Computer Security Home Page
http://www.cs.fsu.edu/~redwood/OffensiveComputerSecurity/lectures.html

[恶意分析] Beta Version of VMRay Analyzer
http://www.vmray.com/beta-version-of-vmray-analyzer/

[Web安全] CUIT 2014 Writeup
http://www.91ri.org/9482.html

[编程技术] Visualizing Algorithms
http://bost.ocks.org/mike/algorithms/

[编程技术] 跟python有关的东西
http://iteches.com/archives/63840

-----微信ID：SecWiki-----
SecWiki，13年来一直专注安全技术资讯分析！
SecWiki：https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第17期)

SecWiki周刊（第17期）

最新公告

友情链接

SecWiki公众号

安全学术圈