可通过文件名利用的GraphicsMagick 和 ImageMagick popen() shell漏洞
http://permalink.gmane.org/gmane.comp.security.oss.general/19669
攻破一个同事的wordpress站点
https://notehub.org/5zo2v
Double Free in Standard PHP Library Double Link List [CVE-2016-3132]
(php中的堆分配利用)
http://www.libnex.org/blog/doublefreeinstandardphplibrarydoublelinklist
java应用程序中利用ORM注入的新方法
http://www.slideshare.net/0ang3el/new-methods-for-exploiting-orm-injections-in-java-applications
使用GO实现的安全的,高性能的, OAuth2和OpenID连接服务
https://github.com/ory-am/hydra
hitbsecconf2016ams 会议所有的PPT
https://conference.hitb.org/hitbsecconf2016ams/materials/
WordPress Jetpack 插件中的XSS漏洞
https://blog.sucuri.net/2016/05/security-advisory-stored-xss-jetpack-2.html
WiFi-Pumpkin:提供恶意WIFI访问点进行中间人攻击的工具
https://github.com/P0cL4bs/WiFi-Pumpkin/wiki
Tor浏览器指纹识别demo页面
https://tor.triop.se/
Duqu 2.0 内核利用技术分析,第一部分
https://blogs.technet.microsoft.com/mmpc/2016/05/29/%E2%80%8Bduqu-2-0-kernel-exploitation-technique-analysis-part-1-of-2-2/
HITB CTF 2016 – Binary 300 writeup
http://gnoobz.com/hitb-ctf-2016-binary-300.html
HITB CTF 2016 – Binary 100 writeup
https://ced.pwned.systems/hitb-2016-ctf-bin100-stone-soup.html
HITB CTF 2016 – spc400 – Kitchen on a kitchen Write-up
https://ced.pwned.systems/hitb-2016-ctf-spc400-kitchen-on-a-kitchen.html
Node.js 安全 Checklist
https://blog.risingstack.com/node-js-security-checklist/
在node.js应用中反向SHELL
https://wiremask.eu/writeups/reverse-shell-on-a-nodejs-application/
darkleech混淆:darkleech是一个apache模块用来分发恶意软件
https://blogs.mcafee.com/mcafee-labs/seeing-darkleech-obfuscation-quick-hack-iframes/
CVE-2015-2545:当前威胁观察
https://securelist.com/analysis/publications/74828/cve-2015-2545-overview-of-current-threats/
不同语言中生成安全的随机码
https://paragonie.com/blog/2016/05/how-generate-secure-random-numbers-in-various-programming-languages
mplayer的在解析mp3文件时的越界读漏洞
https://trac.mplayerhq.hu/ticket/2298
一个docker容器用于捕捉所有来自主机的流量
http://linkis.com/jerrygamblin.com/201/h5NoU
发表评论
您还未登录,请先登录。
登录