1、威胁聚焦:Cryptowall4 – 演变继续
http://blogs.cisco.com/security/talos/cryptowall-4
2、新银行木马TELAX(针对在巴西的葡萄牙语用户)滥用GOOGLE云服务(做为下载主机)
http://research.zscaler.com/2015/12/new-spy-banker-trojan-telax-abusing.html?
3、经典黑客工具l0phtcrack的历史
http://www.slideshare.net/cwysopal/history-of-l0phtcrack
4、微软windows媒体中心库解析问题导致RCE的POC
https://www.exploit-db.com/exploits/38911/
5、微软WINDOWS媒体中心链接文件不正确解析参考POC
https://www.exploit-db.com/exploits/38912/
6、Microsoft Office / COM 对象 els.dll DLL Planting (MS15-134)的POC
https://www.exploit-db.com/exploits/38918/
7、转换SHELLCODE到PE文件 (32和64位)
http://www.hexacorn.com/blog/2015/12/10/converting-shellcode-to-portable-executable-32-and-64-bit/
8、metasploit发布DNS fuzzing辅助模块
9、解析代理日志的POWERSHELL脚本
https://gist.github.com/subTee/88cdc379444121b39883
10、攻击MPLS网络的PPT
11、通过使用亚马逊EC2容器服务和DOCKER来管理你的应用部署
12、深入分析域名自动生成(DGA)恶意软件
https://www.botconf.eu/wp-content/uploads/2015/12/OK-P06-Plohmann-DGArchive.pdf
13、google安全团队发现AVAST多个漏洞
https://code.google.com/p/google-security-research/issues/detail?id=549#c1
https://code.google.com/p/google-security-research/issues/detail?id=552#c1
https://code.google.com/p/google-security-research/issues/detail?id=551#c1
https://code.google.com/p/google-security-research/issues/detail?id=554#c1
14、攻击组织购买BIFROSE代码,进行协同工作
15、rovnix下载者更新sinkhole和时间检测
https://blogs.mcafee.com/mcafee-labs/rovnix-downloader-sinkhole-time-checks/
16、Burp Clickbandit:一个基于javascript的clickjacking poc生成器
http://blog.portswigger.net/2015/12/burp-clickbandit-javascript-based.html
发表评论
您还未登录,请先登录。
登录