SecWiki周刊(第5期)
2014/03/31-2014/04/06
安全资讯
[新闻]  传统安全产业的再思考
http://hi.baidu.com/fs_fx/item/fa8f65fd5649ad0d84d278c5
[新闻]  More than 24M home routers enabling DNS amplification DDoS attacks
http://www.scmagazine.com/more-than-24m-home-routers-enabling-dns-amplification-ddos-attacks/article/341265/
安全技术
[Web安全]  Struts2 S2-020在Tomcat 8下的命令执行分析
http://www.freebuf.com/articles/web/31039.html
[恶意分析]  DECAF( Dynamic Executable Code Analysis Framework) 动态二进制分析平台
http://blog.sina.com.cn/s/blog_7847a1bf0101wrqi.html
[Web安全]  深入理解JavaScript Hijacking原理
http://www.cnblogs.com/hyddd/archive/2009/07/02/1515768.htm
[运维安全]  falcon-eye:linux monitor tool
https://github.com/UlricQin/falcon-eye
[运维安全]  lnav:The Log File Navigator
http://lnav.org/
[恶意分析]  SysAnalyzer:automated malcode run time analysis application
http://www.aldeid.com/wiki/SysAnalyzer
[Web安全]  Smbexec:rapid post exploitation tool
http://www.sectechno.com/2014/03/30/smbexec-rapid-post-exploitation-tool/
[Web安全]  NINJA PingU:open-source high performance network scanner
http://owasp.github.io/NINJA-PingU/index.html
[Web安全]  Web Application Firewalls Are Worth the Investment for Enterprises
http://www.gartner.com/technology/reprints.do?id=1-1RTLH9W&ct=140313&st=sb
[新闻]  传统安全产业的再思考
http://hi.baidu.com/fs_fx/item/fa8f65fd5649ad0d84d278c5
[其它]  网络上的欺骗
http://segmentfault.com/a/1190000000455352
[书籍]  现代体系结构上的 UNIX 系统──内核程序员的 SMP 和 Caching 技术
http://vdisk.weibo.com/s/qFP9Ntxv48OA
[论文]  International Conference on Learning Representations 2014
http://openreview.net/venue/iclr2014
[Web安全]  SQLMAP 实例COOKBOOK
http://drops.wooyun.org/tips/1343
[Web安全]  Polypasshash:A Password hashing scheme
http://polypasshash.github.io/PolyPassHash/
[恶意分析]  A Close Look at RTF Zero-Day Attack CVE-2014-1761
http://blogs.mcafee.com/mcafee-labs/close-look-rtf-zero-day-attack-cve-2014-1761-shows-sophistication-attackers
[编程技术]  nude:Nudity detection with Python
https://github.com/hhatto/nude.py
[运维安全]  Watchman:微博平台的链路追踪及服务质量保障系统
http://www.infoq.com/cn/articles/weibo-watchman
[新闻]  More than 24M home routers enabling DNS amplification DDoS attacks
http://www.scmagazine.com/more-than-24m-home-routers-enabling-dns-amplification-ddos-attacks/article/341265/
[恶意分析]  Office”组合”式漏洞攻击样本分析
http://blog.vulnhunt.com/index.php/2014/04/04/office%e7%bb%84%e5%90%88%e5%bc%8f%e6%bc%8f%e6%b4%9e%e6%94%bb%e5%87%bb%e6%a0%b7%e6%9c%ac%e5%88%86%e6%9e%90/
[Web安全]  一种基于Web Workers和CORS技术实现的Web僵尸网络
http://hi.baidu.com/html5sec/item/bd0a12e5a3b4af0a570f1d4e
[恶意分析]  DLL Side-Loading: Another Blind-Spot for Anti-Virus
http://www.fireeye.com/blog/technical/cyber-exploits/2014/04/dll-side-loading-another-blind-spot-for-anti-virus.html
[其它]  统计分析时间日志的三种方式3
http://www.gtdlife.com/2014/3375/three-ways-to-write-the-timelog3/?utm_source=feedly&utm_reader=feedly&utm_medium=rss&utm_campaign=three-ways-to-write-the-timelog3
[漏洞分析]  Struts2 S2-020在Tomcat 8下的命令执行分析
http://sec.baidu.com/index.php?research/detail/id/18
[编程技术]  DPDK:Data Plane Development Kit
http://dpdk.org/
[Web安全]  DNS泛解析与内容投毒,XSS漏洞以及证书验证的那些事
http://drops.wooyun.org/tips/1354
[会议]  第二届京东JSRC电商安全沙龙纪实PPT
http://static.3001.net/upload/20140402/13964200397156.rar
[编程技术]  一个科技媒体团队用什么样的团队工具
http://jianshu.io/p/3631a398cd9b#
[编程技术]  phantomjs使用说明
http://zhouhua.github.io/2014/03/19/phantomjs/
[Web安全]  H5SC:HTML5 Security Cheatsheet
https://github.com/cure53/H5SC
[书籍]  Reverse Engineering for Beginners
http://yurichev.com/writings/RE_for_beginners-en.pdf
[运维安全]  支持多策略的安全数据库系统研究
http://vdisk.weibo.com/s/zaKA9PTdkdefS/1396588548
[恶意分析]  Financial cyber threats in 2013. Part 1: phishing
http://www.securelist.com/en/analysis/204792330/Financial_cyber_threats_in_2013_Part_1_phishing
[运维安全]  ngxtop:Real-time metrics for nginx server
https://github.com/lebinh/ngxtop
[Web安全]  Wildcard DNS, Content Poisoning, XSS and Certificate Pinning
http://w00tsec.blogspot.jp/2014/03/wilcard-dns-content-poisoning-xss-and.html
[移动安全]  Android源码分析工具及方法
http://static.sanwho.com/uploads/2014/01/Android%E6%BA%90%E7%A0%81%E5%88%86%E6%9E%90%E5%B7%A5%E5%85%B7%E5%8F%8A%E6%96%B9%E6%B3%95.pdf
[设备安全]  Transceiver for 27 MHz wireless keyboards from Logitech
https://www.cgran.org/wiki/Logitech27MHzTransceiver
[编程技术]  iMilo 实时引擎:Solr vs Elasticsearch
http://www.imilo.cn/findblog/36
[编程技术]  D2进校园成都站圆满结束
http://ued.taobao.org/blog/2014/04/d2campus-at-chengdu/
[论文]   A Formula for Academic Papers: Introduction
http://slowsearching.blogspot.sg/2014/04/a-formula-for-academic-papers.html
[设备安全]  How to Own a Router – Fritz!Box AVM Vulnerability Analysis
http://www.insinuator.net/2014/03/how-to-own-a-router-fritzbox-avm-vulnerability-analysis/
[编程技术]  How to write secure Yii applications
http://www.yiiframework.com/wiki/275/how-to-write-secure-yii-applications/#hh18
[Web安全]  DNS泛解析与内容投毒,XSS漏洞以及证书验证的那些事
http://drops.wooyun.org/tips/1354
[Web安全]  通过dns进行文件下载
http://drops.wooyun.org/tools/1344
[无线安全]  Exploring the Effectiveness of Wireless Based Attacks
https://docs.google.com/document/d/16rpRCOCOFQYmKd4FsrtYDI035JsIt5r9ZuivjfBg3zM/edit
[编程技术]  30个有关Python的小技巧
http://blog.jobbole.com/63320/
[Web安全]  500行PHP代码搞定富文本安全过滤
http://www.welefen.com/only-500-line-php-code-for-filter-rich-content.html
[Web安全]  HTML5 Using CORS
http://www.html5rocks.com/en/tutorials/cors/
[移动安全]  Open technology Found CryptoCat iOS
http://vdisk.weibo.com/s/G_jLEbJWrgRb/1396496915
[漏洞分析]  Using the Immunity Debugger API to Automate Analysis
http://vrt-blog.snort.org/2014/04/using-immunity-debugger-api-to-automate.html
[编程技术]  也谈基于NodeJS的全栈式开发
http://ued.taobao.org/blog/2014/04/%e4%b9%9f%e8%b0%88%e5%9f%ba%e4%ba%8enodejs%e7%9a%84%e5%85%a8%e6%a0%88%e5%bc%8f%e5%bc%80%e5%8f%91%ef%bc%88%e5%9f%ba%e4%ba%8enodejs%e7%9a%84%e5%89%8d%e7%ab%af%e5%90%8e%e7%ab%af%e5%88%86%e7%a6%bb/
[编程技术]  前端工作流程
http://willkan.github.io/blog/html/Workflow/
[Web安全]  TrustedSec Tools and Exploits
https://www.trustedsec.com/downloads/tools-download/
安全专题
Android安全相关书籍汇总
https://www.sec-wiki.com/topic/43
互联网公司的安全架构
https://www.sec-wiki.com/topic/42
-----微信ID:SecWiki-----
SecWiki,13年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第5期)