1.Imgur的SSRF漏洞
https://hackerone.com/reports/115748
2.Flask/Jinja2的服务端模板注入漏洞第二部分
https://nvisium.com/blog/2016/03/11/exploring-ssti-in-flask-jinja2-part-ii/
3.POWERSNIFF恶意软件使用基于宏的攻击
http://researchcenter.paloaltonetworks.com/2016/03/powersniff-malware-used-in-macro-based-attacks/
4.在windows shell中使用crypto API
https://odzhan.wordpress.com/2016/03/12/windows-shells-part4/
5.恶意欺诈软件Criakl的活动时间表
http://phishme.com/ransomware-rising-criakl-osx-others/
6.cryptostalker:简单的工具帮助在LINUX上检测加密恶意欺诈软件
https://github.com/unixist/randumb#cryptostalker-example
7.DET:数据提取工具包,主要用在渗透过程中通过ICMP,DNS,HTTP等技术读取目标文件
https://github.com/sensepost/det
8.VBad:结合OFFICE文档的VBA混淆工具生成器(加密和混淆你的VBA代码)
https://github.com/Pepitoh/VBad
9.如何解析WINDOWS事件日志
http://dfir-blog.com/2016/03/13/how-to-parse-windows-eventlog/
10.盘古ios9.0 -9.1越狱
11.sans sec760课程:windows 内核利用介绍
http://www.bluenotch.com/resources/SANS_Orlando_Kernel_Exploits_Sims.pdf
12.JSRat-Py:JSRat.ps1的python实现。服务端不仅仅限制于windows的powershell了
https://github.com/Hood3dRob1n/JSRat-Py
13.深入分析Locky恶意欺诈软件
https://blog.avast.com/a-closer-look-at-the-locky-ransomware
14.随着恶意勒索软件对各个行业的渗透,nccgroup发布一个白皮书帮助企业如何能最大限度的减少初次感染的可能性
https://www.nccgroup.trust/uk/our-research/ransomware-what-organisations-can-do-to-survive/
15.Cyphercon 2016 安全会议视频
http://www.irongeek.com/i.php?page=videos%2Fcyphercon2016%2Fmainlist
16.wordpress配置错误导致xda开发者站点( http://XDA-Developers.com )被重新安装
http://seclists.org/fulldisclosure/2016/Mar/37
17.Mozilla Firefox nsHTMLDocument SetBody UAF远程代码执行漏洞
http://www.zerodayinitiative.com/advisories/ZDI-16-199/
18.通过email附件分发的LOCKY恶意欺诈软件
https://blogs.mcafee.com/mcafee-labs/locky-ransomware-arrives-via-email-attachment/
19.通过机器学习和分析检测内部违规人员
http://blog.imperva.com/2016/03/how-to-detect-insiders-with-machine-learning-and.html
20.你的数据中心能够阻止无人机侦察,受到保护?
http://www.thegeekpub.com/4421/data-center-protected-drones/
21.wooyun dorps英文文章:LUA脚本虚拟机逃逸技术分析,中文在http://drops.wooyun.org/tips/12677
http://en.wooyun.io/2016/02/29/44.html
22.使用bash实现的TOTP(基于时间的一次性密码算法)
https://github.com/64b2b6d12b/otpknock
23.ELF: dynamic struggles
https://michalmalik.github.io/elf-dynamic-segment-struggles
24.powershell实现的runas
https://github.com/FuzzySecurity/PowerShell-Suite/blob/master/Invoke-Runas.ps1
25.0CTF 2016 web第四关卡Monkey的Write Up:
https://w00tsec.blogspot.tw/2016/03/0ctf-2016-write-up-monkey-web-4.html
26.如何在PS4上设置和启动linux
http://cturt.github.io/ps4-3.html#linux
27.一些gnome应用程序使用不安全的连接和有漏洞的WebKit
https://blogs.gnome.org/mcatanzaro/2016/03/12/do-you-trust-this-application/
28.android BnBluetoothGattServer和BnBluetoothGatServerCallback IPC中的栈内存损坏
https://code.google.com/p/google-security-research/issues/detail?id=712
29.开源的3GPP LTE库
https://github.com/srsLTE/srsLTE
30.使用非空开(undocumented) windbg命令反向工程crash的dump格式
http://sww-it.ru/2016-03-13/1320
31.linux inside系列更新:Linux内核的时钟和时间管理
https://github.com/0xAX/linux-insides/blob/master/Timers/timers-5.m
发表评论
您还未登录,请先登录。
登录