11月16日-每日安全知识热点

1、容器脆弱性分析服务

https://github.com/coreos/clair

2、为你的php项目选择正确的加密库

https://paragonie.com/blog/2015/11/choosing-right-cryptography-library-for-your-php-project-guide

3、HITB 2015 WRITE-UP

http://romainthomas.fr/blog/writeup-hitb2015-crypto400.html

4、XSS to RCE in Atlassian Hipchat

http://maustin.net/2015/11/12/hipchat_rce.html

5、LLVM的safeStack栈溢出保护的优势与劣势

http://blog.includesecurity.com/2015/11/LLVM-SafeStack-buffer-overflowprotection.html

6、一个轻巧的java agent 用来阻止Java反序列化攻击

https://github.com/Contrast-Security-OSS/contrast-rO0

7、使用fwunit测试&监控网络流

http://mozilla.github.io/build-fwunit/media/lisa15/#/

8、PHP 7 zend_throw_or_error() 格式化字符串漏洞

https://bugs.php.net/bug.php?id=70914

9、桌面计算机的物理安全

http://hackaday.com/2015/11/13/physical-security-for-desktop-computers/

10、owasp应用安全认证标准3.0

https://www.owasp.org/images/6/67/OWASPApplicationSecurityVerificationStandard3.0.pdf

11、Mac OSX 10.11 El Capitan 系统加固指南

http://docs.hardentheworld.org/OS/OSX_10.11_El_Capitan/

12、恶意LuaJIT字节码

https://www.corsix.org/content/malicious-luajit-bytecode

13、攻击巴黎的恐怖组织ISIS如何使用PS4讨论和计划攻击

http://www.forbes.com/sites/insertcoin/2015/11/14/why-the-paris-isis-terrorists-used-ps4-to-plan-attacks/

14、Pyramix Cipher

http://ben0xa.com/pyramix-cipher/

15、在RegSvcs或RegAsm中执行mimikatz的POC代码

https://gist.github.com/subTee/0a5e6ef84c321ffc89e4

16、blackhat 2015欧洲议题:你是否忘记初始化你的内存?

https://www.blackhat.com/docs/eu-15/materials/eu-15-Chen-Hey-Man-Have-You-Forgotten-To-Initialize-Your-Memory.pdf

17、分析一个恶意的WORD文件的payload

https://isc.sans.edu/diary/Analyze+of+a+malicious+Word+document+with+an+embedded+payload/20377

18、libfuzzer-bot:利用libfuzzer,addresssanitizer实现简单的fuzzing bots

https://github.com/google/libfuzzer-bot

19、我通过建造机器学习系统中学到的10多个知识点

http://www.slideshare.net/xamat/10-more-lessons-learned-from-building-machine-learning-systems

20、来自360公司网络安全研究院的议题:the linux xor ddos botnets

http://www.secure.edu.pl/pdf/2015/D1_1410_A_Ya.pdf

21、Varnish缓存中毒技术

http://info.varnish-software.com/blog/junk-junk-junk

22、javascript内嵌函数:一个潜在的XSS利用点

https://respectxss.blogspot.de/2015/11/javascripts-built-in-functions.html

23、blackhat 2015 欧洲PPT下载

https://www.blackhat.com/eu-15/briefings.html

24、SecureWV2015 安全会议视频

http://www.irongeek.com/i.php?page=videos/securewv2015/mainlist

25、Ruxcon2015年徽章:第一部分-部件分析

http://www.drkns.net/ruxcon-badge-2015-assembly/

26、恶意欺诈勒索软件更附心计

http://bartblaze.blogspot.tw/2015/11/more-ransomware-shenanigans.html

27、chrome针对欺骗攻击采取更多的安全浏览保护

https://googleonlinesecurity.blogspot.fr/2015/11/safe-browsing-protection-from-even-more.html