Kate Li (Taiwan)的部落格

首頁

secwiki週刊(第5期)

作者 lace 時間 2020-03-02
all

安全技術

[惡意分析]  DECAF(Dynamic Executable Code Analysis Framework)動態二進位分析平臺http://blog.sina.com.cn/s/blog_7847a1bf0101wrqi.html

[Web安全]  Struts2 S2-020在Tomcat 8下的命令執行分析http://www.freebuf.com/articles/web/31039.html

[Web安全]  深入理解JavaScript Hijacking原理http://www.cnblogs.com/hyddd/archive/2009/07/02/1515768.htm

[書籍]  現代體系結構上的UNIX系統——內核程式師的SMP和Caching科技http://vdisk.weibo.com/s/qFP9Ntxv48OA

[Web安全]  Web Application Firewalls Are Worth the Investment for Enterpriseshttp://www.gartner.com/technology/reprints.do?id=1-1RTLH9W&ct=140313&st=sb

[新聞]  傳統安全產業的再思考http://hi.baidu.com/fs_fx/item/fa8f65fd5649ad0d84d278c5

[Web安全]  Smbexec:rapid post exploitation toolhttp://www.sectechno.com/2014/03/30/smbexec-rapid-post-exploitation-tool/

[運維安全]  falcon-eye:linux monitor toolhttps://github.com/UlricQin/falcon-eye

[論文]  International Conference on Learning Representations 2014http://openreview.net/venue/iclr2014

[新聞]  More than 24M home routers enabling DNS amplification DDoS attackshttp://www.scmagazine.com/more-than-24m-home-routers-enabling-dns-amplification-ddos-attacks/article/341265/

[Web安全]  SQLMAP實例COOKBOOKhttp://drops.wooyun.org/tips/1343

[惡意分析]  A Close Look at RTF Zero-Day Attack CVE-2014-1761 http://blogs.mcafee.com/mcafee-labs/close-look-rtf-zero-day-attack-cve-2014-1761-shows-sophistication-attackers

[運維安全]  lnav:The Log File Navigatorhttp://lnav.org/

[程式設計技術]  nude:Nudity detection with Pythonhttps://github.com/hhatto/nude.py

[Web安全]  NINJA PingU:open-source high performance network scannerhttp://owasp.github.io/NINJA-PingU/index.html

[Web安全]  Polypasshash:A Password hashing scheme http://polypasshash.github.io/PolyPassHash/

[惡意分析]  SysAnalyzer:automated malcode run time analysis applicationhttp://www.aldeid.com/wiki/SysAnalyzer

[運維安全]  Watchman:微博平臺的連結追跡及服務品質保障系統http://www.infoq.com/cn/articles/weibo-watchman

[會議]  第二届京東JSRC電商安全沙龍紀實PPThttp://static.3001.net/upload/20140402/13964200397156.rar

[其它]  網絡上的欺騙http://segmentfault.com/a/1190000000455352

[惡意分析]  Office”組合”式漏洞攻擊樣本分析http://blog.vulnhunt.com/index.php/2014/04/04/office%e7%bb%84%e5%90%88%e5%bc%8f%e6%bc%8f%e6%b4%9e%e6%94%bb%e5%87%bb%e6%a0%b7%e6%9c%ac%e5%88%86%e6%9e%90/

[惡意分析]  DLL Side-Loading: Another Blind-Spot for Anti-Virushttp://www.fireeye.com/blog/technical/cyber-exploits/2014/04/dll-side-loading-another-blind-spot-for-anti-virus.html

[Web安全]  Wildcard DNS,Content Poisoning,XSS and Certificate Pinninghttp://w00tsec.blogspot.jp/2014/03/wilcard-dns-content-poisoning-xss-and.html

[Web安全]  DNS泛解析與內容投毒,XSS漏洞以及證書驗證的那些事http://drops.wooyun.org/tips/1354

[程式設計技術]  DPDK:Data Plane Development Kithttp://dpdk.org/

[設備安全]  Transceiver for 27 MHz wireless keyboards from Logitechhttps://www.cgran.org/wiki/Logitech27MHzTransceiver

[程式設計技術]  phantomjs使用說明http://zhouhua.github.io/2014/03/19/phantomjs/

[Web安全]  一種基於Web Workers和CORS科技實現的Web僵屍網路http://hi.baidu.com/html5sec/item/bd0a12e5a3b4af0a570f1d4e

[書籍]  Reverse Engineering for Beginnershttp://yurichev.com/writings/RE_for_beginners-en.pdf

[其它]  統計分析時間日誌的三種方式3http://www.gtdlife.com/2014/3375/three-ways-to-write-the-timelog3/?utm_source=feedly&utm_reader=feedly&utm_medium=rss&utm_campaign=three-ways-to-write-the-timelog3

[運維安全]  支持多策略的安全資料庫系統研究http://vdisk.weibo.com/s/zaKA9PTdkdefS/1396588548

[漏洞分析]  Struts2 S2-020在Tomcat 8下的命令執行分析http://sec.baidu.com/index.php?research/detail/id/18

[程式設計技術]  一個科技媒體團隊用什麼樣的團隊工具http://jianshu.io/p/3631a398cd9b#

[運維安全]  ngxtop:Real-time metrics for nginx serverhttps://github.com/lebinh/ngxtop

[Web安全]  H5SC:HTML5 Security Cheatsheethttps://github.com/cure53/H5SC

[惡意分析]  Financial cyber threats in 2013. Part 1: phishinghttp://www.securelist.com/en/analysis/204792330/Financial_cyber_threats_in_2013_Part_1_phishing

[設備安全]  How to Own a Router–Fritz!Box AVM Vulnerability Analysishttp://www.insinuator.net/2014/03/how-to-own-a-router-fritzbox-avm-vulnerability-analysis/

[論文]  A Formula for Academic Papers: Introductionhttp://slowsearching.blogspot.sg/2014/04/a-formula-for-academic-papers.html

[無線安全]  Exploring the Effectiveness of Wireless Based Attackshttps://docs.google.com/document/d/16rpRCOCOFQYmKd4FsrtYDI035JsIt5r9ZuivjfBg3zM/edit

[程式設計技術]  iMilo實时引擎:Solr vs Elasticsearchhttp://www.imilo.cn/findblog/36

[Web安全]  通過dns進行文件下載http://drops.wooyun.org/tools/1344

[移動安全]  Android源碼分析工具及方法http://static.sanwho.com/uploads/2014/01/Android%E6%BA%90%E7%A0%81%E5%88%86%E6%9E%90%E5%B7%A5%E5%85%B7%E5%8F%8A%E6%96%B9%E6%B3%95.pdf

[Web安全]  500行PHP程式碼搞定富文字安全過濾http://www.welefen.com/only-500-line-php-code-for-filter-rich-content.html

[程式設計技術]  D2進校園成都站圓滿結束http://ued.taobao.org/blog/2014/04/d2campus-at-chengdu/

[Web安全]  DNS泛解析與內容投毒,XSS漏洞以及證書驗證的那些事http://drops.wooyun.org/tips/1354

[漏洞分析]  Using the Immunity Debugger API to Automate Analysishttp://vrt-blog.snort.org/2014/04/using-immunity-debugger-api-to-automate.html

[移動安全]  Open technology Found CryptoCat iOShttp://vdisk.weibo.com/s/G_jLEbJWrgRb/1396496915

[程式設計技術]  30個有關Python的小技巧http://blog.jobbole.com/63320/

[程式設計技術]  也談基於NodeJS的全棧式開發http://ued.taobao.org/blog/2014/04/%e4%b9%9f%e8%b0%88%e5%9f%ba%e4%ba%8enodejs%e7%9a%84%e5%85%a8%e6%a0%88%e5%bc%8f%e5%bc%80%e5%8f%91%ef%bc%88%e5%9f%ba%e4%ba%8enodejs%e7%9a%84%e5%89%8d%e7%ab%af%e5%90%8e% e7%ab%af%e5%88%86%e7%a6%bb/

[Web安全]  HTML5 Using CORShttp://www.html5rocks.com/en/tutorials/cors/

[程式設計技術]  How to write secure Yii applicationshttp://www.yiiframework.com/wiki/275/how-to-write-secure-yii-applications/#hh18

[程式設計技術]  前端工作流程http://willkan.github.io/blog/html/Workflow/

[Web安全]  TrustedSec Tools and Exploitshttps://www.trustedsec.com/downloads/tools-download/