SecWiki周刊(第7期)
2014/04/14-2014/04/20
安全技术
[Web安全]  一个可大规模悄无声息窃取淘宝/支付宝账号与密码的漏洞
http://drops.wooyun.org/papers/1426
[其它]  浏览器安全策略说之内容安全策略CSP | WooYun知识库
http://drops.wooyun.org/tips/1439
[漏洞分析]  ScyllaHide:open-source x64/x86 usermode Anti-Anti-Debug library
https://tuts4you.com/download.php?view.3560
[Web安全]  Jenny:linux 下web漏洞扫描器
http://xiaoyu.ws/jenny/
[运维安全]  workerman-satistics:PHP 统计监控系统
http://www.workerman.net/workerman-statistics
[编程技术]  Pydio, formerly AjaXplorer:文件共享平台
http://pyd.io/
[其它]  2014年最新华为HCNP认证全套讲解视频教程(共22个课时)
http://edu.51cto.com/course/course_id-1176.html#6720061-tsina-1-55867-beb47058ad4ce5a6b43f97ee91cac13a
[其它]  How I obtained the private key for www.cloudflarechallenge.com
https://gist.github.com/epixoip/10570627
[会议]  2014年中国数据库技术大会(DTCC)PPT合集
http://wenku.it168.com/huiyi/2083
[移动安全]  窥探Android内核:crash & Treasure
http://pan.baidu.com/s/1kTG6QEV#0-tsina-1-69192-397232819ff9a47a7b7e80a40613cfe1
[其它]  NASA_Software_Catalog_2014
http://vdisk.weibo.com/s/zdEEhwOoanw4j
[设备安全]  LTE-Cell-Scanner:An OpenCL accelerated TDD/FDD LTE Scanner
https://github.com/JiaoXianjun/LTE-Cell-Scanner
[编程技术]  Pyston:Dropbox 正开发的开源 Python 解释器
http://blog.jobbole.com/65414/
[无线安全]  Kismet:wireless network detector, sniffer, and intrusion detection system
http://www.kismetwireless.net/
[会议]  CanSecWest Applied Security Conference 2014
https://cansecwest.com/csw14archive.html
[书籍]  逆向工程核心原理
http://product.china-pub.com/3769828
[运维安全]  网站日志实时分析工具 GoAccess
http://blog.sae.sina.com.cn/archives/3534
[编程技术]  一个爬虫项目记录
http://ichuan.net/post/59/%E4%B8%80%E4%B8%AA%E7%88%AC%E8%99%AB%E9%A1%B9%E7%9B%AE%E8%AE%B0%E5%BD%95/
[数据挖掘]  50 Great Examples of Data Visualization
http://www.webdesignerdepot.com/2009/06/50-great-examples-of-data-visualization/
[恶意分析]  RATDecoders:Python Decoders for Common Remote Access Trojans
https://github.com/kevthehermit/RATDecoders
[书籍]  Targeted Cyber Attacks Book
http://secniche.blogspot.com/2014/04/targeted-cyber-attacks-book-syngress.html
[编程技术]  从Code Review 谈如何做技术
http://coolshell.cn/articles/11432.html
[移动安全]  VisualThreat 免费开放移动应用隐私泄露分析API和云端沙盒动态分析服务
http://www.valleytalk.org/2014/04/13/visualthreat-%e5%85%8d%e8%b4%b9%e5%bc%80%e6%94%be%e7%a7%bb%e5%8a%a8%e5%ba%94%e7%94%a8%e9%9a%90%e7%a7%81%e6%b3%84%e9%9c%b2%e5%88%86%e6%9e%90api%e5%92%8c%e4%ba%91%e7%ab%af%e6%b2%99%e7%9b%92%e5%8a%a8/
[漏洞分析]  Android Adobe Reader 任意代码执行分析(附POC)
http://drops.wooyun.org/papers/1440
[运维安全]  Announcing ModSecurity v2.8.0
http://blog.spiderlabs.com/2014/04/announcing-modsecurity-v280.html
[恶意分析]  Crimeware or APT? Malware’s “Fifty Shades of Grey”
http://www.fireeye.com/blog/technical/malware-research/2014/04/crimeware-or-apt-malwares-fifty-shades-of-grey.html
[数据挖掘]  动态可视化库Vis.js:秀外慧中,可处理大量动态数据
http://code.csdn.net/news/2819345
[无线安全]  无线安全の七年之病_杨哲3
http://pan.baidu.com/s/1ntsMe1r
[编程技术]  好的开发人员在项目经理眼中应该具备哪些素质
http://iamzhongyong.iteye.com/blog/2049097
[漏洞分析]  Buffer Overflows
http://www.spectrumcoding.com/tutorials/exploits/2013/05/27/buffer-overflows.html
[Web安全]  Wordpress 3.8.2补丁分析 HMAC timing attack
http://drops.wooyun.org/papers/1404
[设备安全]  Debugging Embedded Systems With JTAG
http://www.devttys0.com/wp-content/uploads/2014/04/JTAG_Slides.pdf
[恶意分析]  Xtreme RAT analysis
https://code.google.com/p/malware-lu/wiki/en_xtreme_RAT
[恶意分析]  Introducing Microsoft Threat Modeling Tool 2014
http://blogs.msdn.com/b/sdl/archive/2014/04/15/introducing-microsoft-threat-modeling-tool-2014.aspx
-----微信ID:SecWiki-----
SecWiki,12年来一直专注安全技术资讯分析!
SecWiki:https://www.sec-wiki.com

本期原文地址: SecWiki周刊(第7期)