Fail2Ban 终将支持 ipv6
https://www.slightfuture.com/security/fail2ban-ipv6
对OEM更新的安全分析
https://duo.com/assets/pdf/out-of-box-exploitation_oem-updaters.pdf
Web Storage: the lesser evil for session tokens
http://blog.portswigger.net/2016/05/web-storage-lesser-evil-for-session.html
基于docker,可在浏览器中操作的kali容器
http://jerrygamblin.com/2016/05/31/kalibrowser/
基于docker,可在浏览器中操作的burpsuite容器
http://jerrygamblin.com/2016/05/31/burpbrowser/
使用rr跟踪堆溢出
https://sean.heelan.io/2016/05/31/tracking-down-heap-overflows-with-rr/
深入分析hdroot
http://williamshowalter.com/a-universal-windows-bootkit/
使用windows自带的工具分发恶意软件的三个新方法
https://www.invincea.com/2016/05/decodes-downloads-and-disguises-three-new-methods-for-distributing-malware-using-windows-internal-tools/
Burp Suite JS Beautifier 插件
https://github.com/irsdl/BurpSuiteJSBeautifier
从xss到绕过waf到获取webshell
https://www.ethicalhacker.net/features/root/hacking-wordpress-with-xss-to-bypass-waf-and-shell-an-internal-box
HITB CTF 2016: 'Special Delivery' writeup
https://kitctf.de/writeups/hitbctf/special_delivery/
近期增加的针对23端口的扫描
https://isc.sans.edu/diary/21115
另一个利用powershell和wmi作为恶意软件的实例
https://citizenlab.org/2016/05/stealth-falcon/
通过javascript执行payload的附件
https://neonprimetime.blogspot.tw/2016/05/javascript-attachment-executing-payload.html
通过wpad_audit快速审计.net应用
http://seclist.us/wpad_audit-is-a-quick-and-easy-method-to-audit-net-applications-for-wpad-mitm-attacks-over-http-and-https.html
The Devopsification of Windows Server.pptx
https://github.com/jpsnover/Conferences/blob/master/2016-May-WinOps/The%20Devopsification%20of%20Windows%20Server.pptx
客户端的密码hashing可以减少服务器负载以及限制暴力破解
https://github.com/dxa4481/clientHashing
针对Virtualbox, VirtualMachine, Cuckoo, Anubis, ThreatExpert, Sandboxie, QEMU的检测工具
https://github.com/AlicanAkyol/sems
aleph:一个开源的恶意软件分析系统
https://n0where.net/aleph-opensource-malware-analysis-system/
发表评论
您还未登录,请先登录。
登录