web和android安全评估方面的cheatsheets
https://github.com/iamthefrogy/Application-Security
使用ELK和Wazuh构建PCI-DSS面板
http://logz.io/blog/how-to-build-a-pci-dss-dashboard-with-elk-and-wazuh/
使用JavaScript 和 COM Scriptlets 进行渗透测试
http://www.labofapenetrationtester.com/2016/05/practical-use-of-javascript-and-com-for-pentesting.html
恶意软件exploit数据库
https://security-base.com:8000/
在线ctf录像
https://blog.forallsecure.com/2016/05/24/live-streaming-security-games/#videos
在现代web应用程序中的csrf
http://rootme.in/csrf-in-modern-web-applications/
windows平台基于CDP和LLDP协议的discovery工具
https://github.com/chall32/LDWin
看不见的劫持,一个案例学习劫持百万IP
https://ripe72.ripe.net/presentations/45-Invisible_Hijacking.pdf
被广告和blackhat seo滥用的Nulled WordPress样式
https://blog.sucuri.net/2016/05/nulled-wordpress-themes-malvertising-black-hat-seo.html
mimikatz 2.1 alpha 20160525 (oe.eo) edition 发行
https://github.com/gentilkiwi/mimikatz/releases
The Return Of the EmPyre
https://www.xorrior.com/the-return-of-the-empyre/
根据前几天报道的RUAG apt行动添加的yara规则
https://github.com/Neo23x0/signature-base/blob/master/yara/apt_ruag.yar
构建下一代洋葱网络
https://blog.torproject.org/blog/mission-montreal-building-next-generation-onion-services
利用.net GUIDs帮助捕捉恶意软件
https://www.virusbulletin.com/virusbulletin/2015/06/using-net-guids-help-hunt-malware
从攻击者视角:取证分析AS劫持
http://www.sigcomm.org/sites/default/files/ccr/papers/2013/April/2479957-2479959.pdf
添加root ca到ios设备
https://www.sensepost.com/blog/2016/too-easy-adding-root-cas-to-ios-devices/
安全评估微软DirectAccess
https://www.ernw.de/download/newsletter/ERNW_Newsletter_53_MS_DA_Security_Assessment_Signed.pdf
waf.js 如何使用javascript保护web应用程序
http://www.slideshare.net/DenisKolegov/wafjs-how-to-protect-web-applications-using-javascript
反向工程微软的kinect
https://learn.adafruit.com/hacking-the-kinect/overview
DEFCON CTF 2016 – heapfun4u 关卡的writeup
https://blahcat.github.io/2016/05/24/defcon-ctf-2016-heapfun4u.html
发表评论
您还未登录,请先登录。
登录