1、drakvuf:使用Xen,libVMI,Volatility & Rekall 构建的动态恶意软件分析系统
http://drakvuf.com/
2、(CVE-2016-0850) :android蓝牙配对认证绕过
https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-android-bluetooth-pairing-bypass-2016-04-12.pdf
3、Samsung Galaxy调制解调器接口通过usb暴露
https://github.com/ud2/advisories
4、SyScan360会议的ppt:Pwning Adobe Reader滥用Readers的嵌入式XFA引擎实现可靠利用
http://siberas.de/presentations/SyScan360_2016_-_Pwning_Adobe_Reader_with_XFA.pdf
5、基于Hypervisor的恶意软件分析
http://www.slideshare.net/tklengyel/stealthy-hypervisorbased-malware-analysis
6、Best reports series – Account Recovery XSS
https://sites.google.com/site/bughunteruniversity/best-reports/account-recovery-xss
7、再见CSRF:讲解set-cookie中的SameSite属性
https://chloe.re/2016/04/13/goodbye-csrf-samesite-to-the-rescue/
8、关于badLock漏洞信息的汇总 (CVE-2016-2118 & CVE-2016-0128/MS16-047)
https://adsecurity.org/?p=2812
9、用Rust写的windows内核模式驱动
http://blog.fortinet.com/post/analysis-of-cve-2016-2414-out-of-bound-write-denial-of-service-vulnerability-in-android-minikin-library-1
10、CVE-2016-2414漏洞分析
https://github.com/pravic/winapi-kmd-rs
11、RDP重放代码发行,相关文章在http://www.contextis.com/resources/blog/rdp-replay/
http://www.contextis.com/resources/blog/rdp-replay-code-release/
12、Ncrack 0.5发行
https://nmap.org/ncrack/
13、开启SPF,有效过滤垃圾邮件的有效方式
https://www.praetorian.com/blog/email-filters-reliable-phishing-protection
14、通过linux shell命令组织恶意攻击
http://ceur-ws.org/Vol-1525/paper-15.pdf
15、分析openssl的随机数生成器
http://eprint.iacr.org/2016/367.pdf
16、Vbulletin Cms (Sendmessage.php 页面) 0Day 利用,可以导致Dos
http://www.securityfocus.com/archive/1/538067
17、Microsoft .NET Framework mscoreei DLL Planting远程代码执行漏洞公告
http://www.zerodayinitiative.com/advisories/ZDI-16-234/
18、从受害者观点看jboss利用
http://www.deependresearch.org/2016/04/jboss-exploits-view-from-victim.html
发表评论
您还未登录,请先登录。
登录