SecWiki周刊(第61期)
2015/04/27-2015/05/03
安全资讯
[视频]  我是谁:没有绝对安全的系统
http://www.acfun.tv/v/ac1866576
[漏洞分析]  Top 30 Targeted High Risk Vulnerabilities
https://www.us-cert.gov/ncas/alerts/TA15-119A
[比赛]  0ops副队长讲解决赛题目
http://v.qq.com/page/w/e/z/w0152n2duez.html
[Web安全]  Password Alert Chrome Extension: Protect Google Account from Phishers
http://thehackernews.com/2015/04/google-password-alert.html
[会议]  MOSEC移动安全会议
http://mosec.org/?forcelang=true
[会议]  RSA会议:2015六大新型攻击趋势
http://www.freebuf.com/news/65650.html
[会议]  我眼中的RSA 2015 – 改变和信心
http://www.freebuf.com/articles/neopoints/65809.html
安全技术
[Web安全]  The Spy in the Sandbox – Practical Cache Attacks in Javascript
http://arxiv.org/pdf/1502.07373v2.pdf
[论文]  IEEE S&P 2015会议论文预读系列
http://vonwei.com/post/IEEESP2015Papers1.html
[文档]  TSRC安全群英汇•上海站嘉宾分享PPT下载
http://t.cn/RA85feu
[文档]  QCon 北京 2015 议题下载
http://pan.baidu.com/s/1eQ5wOuu
[漏洞分析]  Fuzzing with AFL-Fuzz, a Practical Example ( AFL vs binutils )
http://www.evilsocket.net/2015/04/30/fuzzing-with-afl-fuzz-a-practical-example-afl-vs-binutils/
[Web安全]  WordPress 4.2以下版本XSS漏洞Getshell
http://blog.linux520.com/?p=62
[数据挖掘]  Using Machine-Readable Threat Intelligence to Block Unknown Threats
https://www.brighttalk.com/webcast/8241/150227
[Web安全]  WordPress 4.2 Stored XSS
http://klikki.fi/adv/wordpress2.html
[Web安全]  BeeCli:基于PoC框架Beebeeto-framework的利用工具
https://github.com/RickGray/BeeCli
[视频]  AppSec is Eating Security - Alex Stamos - Opening Keynote
https://www.youtube.com/watch?v=2OTRU--HtLM&feature=youtu.be
[Web安全]  講個秘訣 - 0ctf Final 0cms
http://blog.orange.tw/2015/05/0ctf-final-0cms.html
[Web安全]  WPSploit - Exploiting Wordpress With Metasploit
https://github.com/espreto/wpsploit
[Web安全]  GitHack: git folder disclosure exploit
https://github.com/lijiejie/GitHack
[恶意分析]  pdf-parser: A Method To Manipulate PDFs Part 2
http://blog.didierstevens.com/2015/04/29/pdf-parser-a-method-to-manipulate-pdfs-part-2/
[运维安全]  Intelligence-Driven Computer Network Defense
http://www.valleytalk.org/wp-content/uploads/2015/04/LM-White-Paper-Intel-Driven-Defense.pdf
[Web安全]  Wordpress < 4.1.2 存储型XSS分析与稳定POC
http://www.leavesongs.com/HTML/wordpress-4-1-stored-xss.html
[设备安全]  Developing MIPS Exploits to Hack Routers
https://www.exploit-db.com/docs/36806.pdf
[恶意分析]  Threat Spotlight: TeslaCrypt – Decrypt It Yourself
http://blogs.cisco.com/security/talos/teslacrypt
[论文]  The h Index for Computer Science
http://www.cs.ucla.edu/~palsberg/h-number.html
[Web安全]  ShellCheck:static analysis and linting tool for sh/bash scripts
http://www.shellcheck.net/about.html
[Web安全]  Race conditions on Facebook, DigitalOcean and others (fixed)
http://josipfranjkovic.blogspot.kr/2015/04/race-conditions-on-facebook.html
[Web安全]  SSQLInjection:超级SQL注入工具
http://pan.baidu.com/s/1kTxemcJ
[杂志]  乌云月爆第十期
http://pan.baidu.com/s/1GuyRG
[漏洞分析]  wargame behemoth writeup
http://drops.wooyun.org/binary/5831
[编程技术]  Full Stack Python
http://www.fullstackpython.com/
[移动安全]  移动App中常见的Web漏洞
http://www.dickeye.com/?id=16
[运维安全]  HTTP Cache Poisoning Demo
https://github.com/EtherDream/mitm-http-cache-poisoning
[Web安全]  Amazon EC2 GPU HVM Spot Instance Password Cracking
http://thehackerblog.com/amazon-ec2-gpu-hvm-spot-instance-cracking-setup-tutorial/
[漏洞分析]   PART 1 - TOP-HAT-SEC REVERSING MINI-SERIES
http://www.top-hat-sec.com/r4v3ns-blog/top-hat-sec-reversing-mini-series
[Web安全]  XSSI攻击利用
http://drops.wooyun.org/papers/5797
[设备安全]  Unpacking CCTV Firmware
http://itsjack.cc/blog/2015/04/unpacking-cctv-firmware/
[Web安全]  JDWP exploitation script
https://github.com/IOActive/jdwp-shellifier
[运维安全]  一次心惊肉跳的服务器误删文件的恢复过程
http://netsecurity.51cto.com/art/201504/473962_all.htm
[恶意分析]  pdf-parser: A Method To Manipulate PDFs Part 1
http://blog.didierstevens.com/2015/04/16/pdf-parser-a-method-to-manipulate-pdfs-part-1/
[漏洞分析]  Seeweb Hacking Contest: Blackout Ressurection
https://ctf-team.vulnhub.com/seeweb-hacking-contest-blackout-ressurection/
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第61期)