1.破解php rand()
http://www.sjoerdlangkemper.nl/2016/02/11/cracking-php-rand/
2.对最近的IOS和Andorid安全更新的反思
https://blog.zimperium.com/reflecting-on-recent-ios-and-android-security-updates/
3.在HID上轻松的反弹SHELL
http://www.labofapenetrationtester.com/2016/02/kautilya-easy-reverse-shells.html
4.Hob0Rules:基于hashcat的密码破解规则
https://github.com/praetorian-inc/Hob0Rules
5.Torrents-time(可在浏览器里直接看种子里的视频流的技术)的安全问题
http://blog.andrew.im/post/139084882590/torrents-time-security-issues
6.CVE-2016-1287技术细节 [Cisco ASA 软件 IKEv1 和 IKEv2 缓冲区溢出漏洞]
https://blog.exodusintel.com/2016/02/10/firewall-hacking/
7.在全盘加密的windows系统上实现从0到SYSTEM权限(第一部分)
https://blog.ahmednabeel.com/from-zero-to-system-on-full-disk-encrypted-windows-system/
8.有的网站的图片大小(宽窄)是通过URL参数控制的,通过大量请求这个功能有可能导致针对WEB的DOS攻击
https://blog.silentsignal.eu/2016/02/10/youre-not-looking-at-the-big-picture/
9.解锁motorola的bootloader
http://bits-please.blogspot.com/2016/02/unlocking-motorola-bootloader.html
10.跨域CSS攻击
http://blog.innerht.ml/cross-origin-css-attacks-revisited-feat-utf-16/
11.IE 11 CVE-2015-2419利用分析
12.NetworkMiner 2.0 发行
http://www.netresec.com/?page=Blog&month=2016-02&post=NetworkMiner-2-0-Released
13.检测powershell攻击工具
https://adsecurity.org/?p=2604
14.安全计算的介绍
http://www.alexirpan.com/2016/02/11/secure-computation.html
15.通过配置/etc/hosts阻止恶意广告主机的host列表
https://github.com/StevenBlack/hosts
16.优化比特币key恢复攻击速度
http://eprint.iacr.org/2016/103.pdf
17.D-Link DCS-930L 远程命令执行POC
https://www.exploit-db.com/exploits/39437/
18.几乎被遗忘的WEB BUG
https://www.exploit-db.com/docs/39434.pdf
19.DEEPIN LINUX 15 lastore-daemon提权poc
https://www.exploit-db.com/exploits/39433/
20.Windows webdav (MS16-016)蓝屏poc
https://www.exploit-db.com/exploits/39432/
21.通过NDIS 5.X过滤器中间驱动实现提权
https://www.exploit-db.com/docs/39440.pdf
22.使用yara构造基于情报驱动的事件响应
23.构造一款开源的智能手表
https://hackaday.io/project/6833-open-source-smart-watch
24.监视控制流历史来检测代码重用攻击
http://www.wseas.us/e-library/conferences/2015/Seoul/ACE/ACE-14.pdf
25.使用modsecurity waf修补复杂的web漏洞
https://www.htbridge.com/blog/patching-complex-web-vulnerabilities-using-modsecurity-waf.html
26.从TGI Friday(美食快餐店)得到免费的食物
http://www.adamlogue.com/getting-free-food-from-tgi-fridays-give-me-more-stripes-rewards-fixed/
27.通过vibration motor 获取mediatek mt6261 rom
http://www.sodnpoo.com/posts.xml/mediatek_mt6261_rom_dumping_via_the_vibration_motor.xml
28.介绍使用Aloe进行以安全为重点的BDD(行为驱动开发)
https://zubu.re/security-testing-using-aloe-bdd.html
29.perl 5.8中的反序列化
http://www.agarri.fr/kom/archives/2016/02/06/deserialization_in_perl_v5_8/index.html
30.使用emet保护windows网络
http://dfir-blog.com/2016/02/06/protecting-windows-networks-emet/
31.使用pgp签名web内容
http://www.sajalkayan.com/post/pgp-sign-web-content.html
32.一些数据取证和事件响应方面的cheatsheet
33.maybe:观察程序是否按照你预期的想法操作的开源程序
https://github.com/p-e-w/maybe
34.七个步骤有效的防护工控系统的安全
35.XSSMas 2015 挑战writeup
https://github.com/cure53/XSSChallengeWiki/wiki/XSSMas-Challenge-2015
36.解锁我的联想笔记本(ThinkPad X230T)
http://www.zmatt.net/unlocking-my-lenovo-laptop-part-2/
http://www.zmatt.net/unlocking-my-lenovo-laptop-part-1/
37.从命令行打包/解包javascript
http://www.kahusecurity.com/2016/packingunpacking-javascript-from-dos/
38.Sofacy Linux后门分析
http://researchcenter.paloaltonetworks.com/2016/02/a-look-into-fysbis-sofacys-linux-backdoor/
39.通过短信钓鱼 – 骗子瞄准澳洲手机银行用户
40.通过powershell logging提高调查的能见度
https://www.fireeye.com/blog/threat-research/2016/02/greater_visibilityt.html
41.恶意软件如何检测虚拟环境以及一个对策
42.虚假的alipay android应用窃取SMS
http://research.zscaler.com/2016/02/fake-security-app-for-alipay-customers.html
43.使用Grsecurity加固debian桌面环境
https://micahflee.com/2016/01/debian-grsecurity/
44.使用一些字节实现从SMM到用户层
https://scumjr.github.io/2016/01/10/from-smm-to-userland-in-a-few-bytes/
45.cve-2014-1767分析
http://ricklarabee.blogspot.com/2016/02/walkthough-and-poc-for-cve-2014-1767.html
46.在钓鱼和恶意软件中的语法和拼写错误
https://labs.opendns.com/2016/02/08/grammar-and-spelling-errors-in-phishing-and-malware/
47.rr:gdb记录和重放框架
48.linux系统调用cheatsheet
http://www.digilife.be/quickreferences/qrc/linux%20system%20call%20quick%20reference.pdf
49.CVE-2016-0040 非初始化指针的故事
http://ioctl.ir/index.php/2016/02/13/cve-2016-0040-story-of-uninitialized-pointer/
发表评论
您还未登录,请先登录。
登录