SecWiki周刊(第57期)
2015/03/30-2015/04/05
安全资讯
[恶意分析]  揭露全自动化黑产
http://www.1937cn.net/?p=867
[运维安全]  Google产品全面撤销CNNIC根证书
http://www.solidot.org/story?sid=43556
[文档]  Cybersecurity Ventures 2015年Q1网络安全市场报告
http://www.sec-un.org/cybersecurity-ventures-2015-network-security-market-q1-report.html
[运维安全]  协同共享,下一代信息安全的思考
http://www.sec-un.org/collaborative-sharing-the-next-generation-of-thinking-and-practice-of-information-security.html
安全技术
[编程技术]  用Kafka,Storm以及ElasticSearch搭建搜索引擎
https://nfil.es/w/eIEi9B/
[Web安全]  CTF练习靶场汇总
http://www.backlion.com/ctf%e7%bb%83%e4%b9%a0%e9%9d%b6%e5%9c%ba%e6%b1%87%e6%80%bb/
[文档]  Black Hat Asia 2015 Slide
https://www.blackhat.com/asia-15/archives.html
[编程技术]  Mspider 网页链接爬虫
https://github.com/manning23/MSpider
[移动安全]  Android Security 2014 Year in Review Google Report
https://static.googleusercontent.com/media/source.android.com/en/us/devices/tech/security/reports/Google_Android_Security_2014_Report_Final.pdf
[Web安全]  weakfilescan:动态多线程敏感信息泄露检测工具
https://github.com/ring04h/weakfilescan
[运维安全]  SSL/TLS Suffers 'Bar Mitzvah Attack'漏洞检测方法及修复建议
https://sobug.com/article/detail/17
[数据挖掘]  怎样快糙猛的开始搞Kaggle比赛
http://phunters.lofter.com/post/86d56_66dd375
[数据挖掘]  Machine Learning Math Essentials
http://courses.washington.edu/css490/2012.Winter/lecture_slides/02_math_essentials.pdf
[运维安全]  某电商网站流量劫持案例分析与思考
http://security.tencent.com/index.php/blog/msg/81
[运维安全]  China's Man-on-the-Side Attack on GitHub
http://www.netresec.com/?page=Blog&month=2015-03&post=China%27s-Man-on-the-Side-Attack-on-GitHub
[Web安全]  SQLMAP-Web-GUI Online
https://github.com/Hood3dRob1n/SQLMAP-Web-GUI
[运维安全]  Cyberspace Administration of China DDoS Attack Forensics
https://drive.google.com/file/d/0ByrxblDXR_yqeUNZYU5WcjFCbXM/view?pli=1
[移动安全]  如何配置远程连接的drozer
http://appscan.360.cn/blog/?p=120
[设备安全]  烽火(Fiberhome)HG-110 设备目录穿越漏洞考察
http://blog.knownsec.com/2015/04/fiberhome-hg-110-device-directory-traversal-investigate/
[移动安全]  smalisca:Static Code Analysis for Smali files
https://github.com/dorneanu/smalisca
[Web安全]  The poor, misunderstood innerText
http://perfectionkills.com/the-poor-misunderstood-innerText/
[漏洞分析]  Integrating Outdated Flash is a Bad Idea
http://justhaifei1.blogspot.com/
[会议]   Spark Meetup @Hangzhou 3rd
http://pan.baidu.com/s/1o6sUpzO
[运维安全]  服务器被黑之后的心路历程
http://monklof.com/post/10/
[运维安全]  How To Use Tripwire to Detect Server Intrusions on an Ubuntu VPS
https://www.digitalocean.com/community/tutorials/how-to-use-tripwire-to-detect-server-intrusions-on-an-ubuntu-vps
[恶意分析]  pdf-parser And YARA
http://blog.didierstevens.com/2015/03/31/pdf-parser-and-yara/
[数据挖掘]  Tutorials on topics in machine learning
http://homepages.inf.ed.ac.uk/rbf/IAPR/researchers/MLPAGES/mltut.htm
[编程技术]  亿级用户下的新浪微博平台架构
http://www.infoq.com/cn/articles/weibo-platform-archieture
[Web安全]  Reverse Shell Cheat Sheet
https://highon.coffee/blog/reverse-shell-cheat-sheet/
[恶意分析]  PANDA record & replay logs online for malware
http://panda.gtisc.gatech.edu/malrec/
[漏洞分析]  Multi-Architecture GDB Enhanced Features for Exploiters
https://github.com/hugsy/gef
[移动安全]  IOHIDSecurePromptClient::injectStringGated Heap Overflow
http://blog.pangu.io/iohidsecurepromptclientinjectstringgated-heap-overflow/
[杂志]  黑客防线2015年第3期杂志
http://www.hacker.com.cn/show-7-2746-1.html
[Web安全]  Alibaba CTF 2015 - XSS400 WriteUP
http://linux.im/2015/03/29/alictf-2015-xss400.html
[Web安全]  How to own any windows network with group policy hijacking attacks
https://labs.mwrinfosecurity.com/blog/2015/04/02/how-to-own-any-windows-network-with-group-policy-hijacking-attacks/
[Web安全]   apd-reports:Second-Level Domains (SLDs)
https://github.com/jpascualbeato/apd-reports/
[漏洞分析]  A New Word Document Exploit Kit
https://www.fireeye.com/blog/threat-research/2015/04/a_new_word_document.html
[运维安全]  web攻击日志分析之新手指南
http://drops.wooyun.org/%e8%bf%90%e7%bb%b4%e5%ae%89%e5%85%a8/5411
[漏洞分析]  Bypassing Linux kernel module version check
http://www.cloud-sec.org/Bypassing_Linux_kernel_module_version_check.pdf
[Web安全]  bandit:Python AST-based static analyzer from OpenStack Security Group
https://github.com/stackforge/bandit
[Web安全]  ALi CTF 2015 write up
http://drops.wooyun.org/papers/5493
[Web安全]  验证码安全问题汇总
http://drops.wooyun.org/web/5459
[编程技术]  React 入门实例教程
http://www.ruanyifeng.com/blog/2015/03/react.html
[漏洞分析]  Using the docker command to root the host
http://reventlov.com/advisories/using-the-docker-command-to-root-the-host
[漏洞分析]  Sexrets_of_LoadLibrary_CSW2015
http://vdisk.weibo.com/s/vG9M7U_S4QP
[恶意分析]  100 Days of Malware
http://moyix.blogspot.com/2015/03/100-days-of-malware.html
[恶意分析]  New Malware Attacks On The Threat Horizon
https://labs.opendns.com/2015/04/01/new-malware-attacks-on-the-threat-horizon/
-----微信ID:SecWiki-----
SecWiki,13年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第57期)