4月6日-每日安全知识热点

1、DeepSec2015 安全会议视频

https://www.youtube.com/playlist?list=PLBA0WdWrcrCHpBtNgK-H64_S6-xBpzILR

2、crossFire:分析firefox重用扩展漏洞

http://www.buyukkayhan.com/publications/ndss2016crossfire.pdf

3、Windows Kernel Exploitation 101:  CVE-2014-411利用分析

https://labs.mwrinfosecurity.com/publications/windows-kernel-exploitation-101-exploiting-cve-2014-411/

4、java反序列化Cheat Sheet

https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet

5、DirectAccess vs. VPN

http://directaccess.richardhicks.com/2016/02/08/directaccess-vs-vpn/

6、Empire 1.5 增加 RESTFUL API支持

http://www.harmj0y.net/blog/empire/empires-restful-api/

7、CVE-2015-0057的新利用技术

https://www.exploit-db.com/docs/39660.pdf

8、技术分析钓鱼工具包

https://github.com/Spinere/SpinObf-php-obfuscator

9、Apple iOS 9.3.1 (iPhone 6S & iPhone Plus) – (3D Touch) Passcode绕过漏洞

http://seclists.org/fulldisclosure/2016/Apr/19

10、Panda安全多个商业产品被暴包含权限提升漏洞

https://www.nettitude.co.uk/panda-security-multiple-business-products-privilege-escalation/

11、meterpreter新windows powershell扩展

http://www.darkoperator.com/blog/2016/4/2/meterpreter-new-windows-powershell-extension

12、利用powershell进行远程IOC扫描

http://www.cyberforce.be/blog/remote-ioc-scanning-powershell

13、运行一个TOR Exit Node的tips

https://blog.torproject.org/blog/tips-running-exit-node