SecWiki周刊(第60期)
2015/04/20-2015/04/26
安全资讯
Freedome VPN For Mac OS X
https://www.f-secure.com/weblog/archives/00002806.html
https://www.f-secure.com/weblog/archives/00002806.html
我和NLP的故事
http://www.52cs.org/?p=499
http://www.52cs.org/?p=499
黑客行为分析与攻击溯源
http://www.aqniu.com/news/7401.html
http://www.aqniu.com/news/7401.html
2014 Report on Security Clearance Determinations April 2015
http://www.dni.gov/files/documents/2015-4-21%20Annual%20Report%20on%20Security%20Clearance%20Determinations.pdf
http://www.dni.gov/files/documents/2015-4-21%20Annual%20Report%20on%20Security%20Clearance%20Determinations.pdf
DARPA资助Tor改进隐藏服务
http://www.solidot.org/story?sid=43793
http://www.solidot.org/story?sid=43793
一周海外安全事件回顾(20150412-0419)
http://www.freebuf.com/news/65315.html
http://www.freebuf.com/news/65315.html
Leaked papers reveal NZ plan to spy on China for US
http://www.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=11434886
http://www.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=11434886
揭开中国黑客群体的神秘面纱 年薪数百万
http://www.youxia.org/china-hacker-100.html
http://www.youxia.org/china-hacker-100.html
安全技术
plupload - Same-Origin Method Execution [Wordpress 3.9 - 4.1.1]
http://zoczus.blogspot.kr/2015/04/plupload-same-origin-method-execution.html
http://zoczus.blogspot.kr/2015/04/plupload-same-origin-method-execution.html
iOS内核漏洞挖掘–fuzz&代码审计
http://blog.pangu.io/xkungfoo2015/
http://blog.pangu.io/xkungfoo2015/
Java Obfuscator - Lite
http://obfuscat.ion.land/
http://obfuscat.ion.land/
Linux_Local_Root_Exploits
http://exploit.linuxnote.org/
http://exploit.linuxnote.org/
Geo-Inference Attacks via the Browser Cache
http://www.comp.nus.edu.sg/~jiayaoqi/publications/geo_inference.pdf
http://www.comp.nus.edu.sg/~jiayaoqi/publications/geo_inference.pdf
http.sys漏洞应对方案
http://www.2cto.com/Article/201504/393357.html
http://www.2cto.com/Article/201504/393357.html
burpsuite扩展开发之Python
http://drops.wooyun.org/tools/5751
http://drops.wooyun.org/tools/5751
RSA Conference 2015 Slide
http://www.rsaconference.com/events/us15/downloads-and-media?type=presentations
http://www.rsaconference.com/events/us15/downloads-and-media?type=presentations
redis渗透中的getshell问题总结
http://blog.csdn.net/u011721501/article/details/45157399
http://blog.csdn.net/u011721501/article/details/45157399
Python爬虫入门系列
http://cuiqingcai.com/927.html
http://cuiqingcai.com/927.html
Introduction to security code review for the web
https://github.com/snyff/stuff/blob/master/codereview.pdf
https://github.com/snyff/stuff/blob/master/codereview.pdf
Amazon Machine Learning Concepts
http://docs.aws.amazon.com/machine-learning/latest/mlconcepts/machinelearning-concepts.pdf
http://docs.aws.amazon.com/machine-learning/latest/mlconcepts/machinelearning-concepts.pdf
Analyzing the Magento Vulnerability
http://blog.checkpoint.com/2015/04/20/analyzing-magento-vulnerability/
http://blog.checkpoint.com/2015/04/20/analyzing-magento-vulnerability/
gr-gsm:Gnuradio blocks and tools for receiving GSM transmissions
https://github.com/ptrkrysik/gr-gsm
https://github.com/ptrkrysik/gr-gsm
开源跳板机Jumpserver
http://laoguang.blog.51cto.com/6013350/1635853
http://laoguang.blog.51cto.com/6013350/1635853
Node.Js Server-Side JavaScript Injection Detection & Exploitation
http://blog.gdssecurity.com/labs/2015/4/15/nodejs-server-side-javascript-injection-detection-exploitati.html
http://blog.gdssecurity.com/labs/2015/4/15/nodejs-server-side-javascript-injection-detection-exploitati.html
plaidctf-2015-write-ups
https://github.com/ctfs/write-ups-2015/tree/master/plaidctf-2015
https://github.com/ctfs/write-ups-2015/tree/master/plaidctf-2015
计算机安全会议(学术界)概念普及 & ASIACCS2015
http://drops.wooyun.org/papers/5810
http://drops.wooyun.org/papers/5810
Introduction to Fuzzing in Python with AFL
https://alexgaynor.net/2015/apr/13/introduction-to-fuzzing-in-python-with-afl/
https://alexgaynor.net/2015/apr/13/introduction-to-fuzzing-in-python-with-afl/
机器学习最佳入门学习资料汇总
http://article.yeeyan.org/view/22139/410514
http://article.yeeyan.org/view/22139/410514
Docker恶意软件分析系列V:ALICTF决赛题目设计
http://weibo.com/p/1001603835206674039802
http://weibo.com/p/1001603835206674039802
Binary Ninja - The Reverse Engineer's Swiss Army Knife
https://binary.ninja/index.html
https://binary.ninja/index.html
The Further Democratization of QUANTUM
https://www.schneier.com/blog/archives/2015/04/the_further_dem.html
https://www.schneier.com/blog/archives/2015/04/the_further_dem.html
The power of DNS rebinding: stealing WiFi passwords with a website(B&O)
https://miki.it/blog/2015/4/20/the-power-of-dns-rebinding-stealing-wifi-passwords-with-a-website/
https://miki.it/blog/2015/4/20/the-power-of-dns-rebinding-stealing-wifi-passwords-with-a-website/
后Hadoop时代的大数据架构
http://zhuanlan.zhihu.com/donglaoshi/19962491
http://zhuanlan.zhihu.com/donglaoshi/19962491
SQL Inception: How to select yourself
http://www.contextis.com/resources/blog/sql-inception-how-select-yourself/
http://www.contextis.com/resources/blog/sql-inception-how-select-yourself/
常见Android Native崩溃及错误原因
http://bugly.qq.com/blog/?p=131
http://bugly.qq.com/blog/?p=131
Fiesta Exploit Kit Spreading Crypto-Ransomware
http://blog.trendmicro.com/trendlabs-security-intelligence/fiesta-exploit-kit-spreading-crypto-ransomware-who-is-affected/
http://blog.trendmicro.com/trendlabs-security-intelligence/fiesta-exploit-kit-spreading-crypto-ransomware-who-is-affected/
Playing with Content-Type – XXE on JSON Endpoints
https://blog.netspi.com/playing-content-type-xxe-json-endpoints/
https://blog.netspi.com/playing-content-type-xxe-json-endpoints/
MS15-035 EMF文件处理漏洞分析与POC构造
http://drops.wooyun.org/papers/5731
http://drops.wooyun.org/papers/5731
WordPress < 4.1.2 Stored XSS vulnerability
https://cedricvb.be/post/wordpress-stored-xss-vulnerability-4-1-2/
https://cedricvb.be/post/wordpress-stored-xss-vulnerability-4-1-2/
SSL Freak来袭:如何实施一个具体的SSL Freak攻击
https://www.zybuluo.com/romangol/note/88007
https://www.zybuluo.com/romangol/note/88007
VolDiff – Malware Memory Footprint Analysis.
http://seclist.us/voldiff-malware-memory-footprint-analysis.html
http://seclist.us/voldiff-malware-memory-footprint-analysis.html
CRLF injection on Twitter or why blacklists fail
http://blog.innerht.ml/twitter-crlf-injection/
http://blog.innerht.ml/twitter-crlf-injection/
Russia’s APT28 in Highly-Targeted Attack
https://www.fireeye.com/blog/threat-research/2015/04/probable_apt28_useo.html
https://www.fireeye.com/blog/threat-research/2015/04/probable_apt28_useo.html
Sentiment Analysis on Twitter
https://github.com/mayank93/Twitter-Sentiment-Analysis
https://github.com/mayank93/Twitter-Sentiment-Analysis
htpwdScan:A python HTTP weak pass scanner
https://github.com/lijiejie/htpwdScan
https://github.com/lijiejie/htpwdScan
DARPA:个性化搜索支撑项目开源列表
http://www.darpa.mil/opencatalog/MEMEX.html
http://www.darpa.mil/opencatalog/MEMEX.html
IE浏览器漏洞一例及未初始化内存占位研究
http://blog.pangu.io/ie-uninit-memory/
http://blog.pangu.io/ie-uninit-memory/
Zero-Day Exploits in the Dark
http://resources.infosecinstitute.com/zero-day-exploits-in-the-dark/
http://resources.infosecinstitute.com/zero-day-exploits-in-the-dark/
架构师如何才能够设计一个安全的架构
http://tech.it168.com/a2012/0812/1383/000001383894_all.shtml
http://tech.it168.com/a2012/0812/1383/000001383894_all.shtml
A Javascript-based DDoS Attack as seen by Safe Browsing
http://googleonlinesecurity.blogspot.com/2015/04/a-javascript-based-ddos-attack-as-seen.html
http://googleonlinesecurity.blogspot.com/2015/04/a-javascript-based-ddos-attack-as-seen.html
HiTB Challenge: IRMA
http://blog.quarkslab.com/irma-hitb-challenge.html
http://blog.quarkslab.com/irma-hitb-challenge.html
Got 15 minutes and want to learn Git
https://try.github.io/levels/1/challenges/1
https://try.github.io/levels/1/challenges/1
Hunting and Decrypting Communications of Gh0st RAT in Memory
http://malware-unplugged.blogspot.in/2015/01/hunting-and-decrypting-communications.html
http://malware-unplugged.blogspot.in/2015/01/hunting-and-decrypting-communications.html
IE安全系列:脚本先锋(I)
http://drops.wooyun.org/papers/5673
http://drops.wooyun.org/papers/5673
隐私泄露杀手锏:Flash 权限反射
http://drops.wooyun.org/papers/5732
http://drops.wooyun.org/papers/5732
Villoc is a heap visualisation tool
https://github.com/wapiflapi/villoc
https://github.com/wapiflapi/villoc
CTF Field Guide
https://trailofbits.github.io/ctf/index.html
https://trailofbits.github.io/ctf/index.html
Onyx:A simple Linux keylogger
https://github.com/guitarman0831/Onyx
https://github.com/guitarman0831/Onyx
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com本期原文地址: SecWiki周刊(第60期)
