1.LTE安全和协议利用
http://www.ee.columbia.edu/~roger/ShmooCon_talk_final_01162016.pdf
2.一个通过PNGs和content tyes利用的facebook xss
https://fin1te.net/articles/xss-on-facebook-via-png-content-types/
3.2016-1-28日openssl安全公告:包括CVE-2016-0701(高风险,允许攻击者解密https流量),CVE-2015-3197(低风险)
http://openssl.org/news/secadv/20160128.txt
4.CVE-2016-0701分析:OpenSSL 密钥恢复攻击
http://intothesymmetry.blogspot.com/2016/01/openssl-key-recovery-attack-on-dh-small.html
5.使用go和一些其他的脚本写一个破解md5的程序
https://morris.guru/its-go-time/
6.一个使用Empire的案例
https://enigma0x3.wordpress.com/2016/01/28/an-empire-case-study/
7.USENIX Enigma 会议视频更新
https://www.youtube.com/channel/UCIdV7bE97mSPTH1mOi_yUrw
8.脑电波嗅探演示视频:通过中间人攻击NeuroSKy(神念科技) mindwave和NeuroServer
https://www.youtube.com/watch?v=PAeIabNvsmg&feature=youtu.be
9.47%税务欺诈背后的身份盗窃
http://krebsonsecurity.com/2016/01/ftc-tax-fraud-behind-47-spike-in-id-theft/
10.2016年是开发驱动的安全年限
http://www.rsaconference.com/blogs/2016-is-the-year-of-developer-driven-security
11.预览Bergard:老的恶意软件新的欺骗技巧
https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks
12.Trend Micro Direct Pass :filter绕过漏洞
http://seclists.org/fulldisclosure/2016/Jan/97
13.cisco plugs漏洞导致防火墙设备可以劫持
http://www.net-security.org/secworld.php?id=19383
14.AngularJS:正则表达式沙箱逃逸xss
https://spring.io/blog/2016/01/28/angularjs-escaping-the-expression-sandbox-for-xss
15.BlackEnergy APT攻击:通过word文档实现钓鱼
16.FUD Metasploit Android Payload
https://github.com/nickthesail0r/AndroidPayload
17.7ev3n恶意欺诈软件清除你的PC,然后索要13个比特币
18.聚焦关注固件恶意软件(VirusTotal已经开始支持EFI固件分析)
http://blog.virustotal.com/2016/01/putting-spotlight-on-firmware-malware_27.html
19.CENTERPOS:POS威胁的演变
https://www.fireeye.com/blog/threat-research/2016/01/centerpos_an_evolvi.html
发表评论
您还未登录,请先登录。
登录