1、Instagram一个价值百万的bug

http://exfiltrated.com/research-Instagram-RCE.php

2、SEE:F-Secure 开源的沙盒执行环境

https://github.com/F-Secure/see

3、oauth2 的 top 10 实现漏洞

http://intothesymmetry.blogspot.ch/2015/12/top-10-oauth-2-implementation.html

4、有效地全自动化浏览器暴力测试

http://techblog.mdsol.com/2015/12/14/forced_browsing.html

5、Xen XSA 155: Double fetches in paravirtualized devices

https://www.insinuator.net/2015/12/xen-xsa-155-double-fetches-in-paravirtualized-devices/

6、Juniper NetScreen 设备被爆后门自2012年以来(解密VPN流量)

https://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554

7、微软的新特权访问工作站的概念

https://technet.microsoft.com/en-US/library/mt634654.aspx

8、yahoo cso  Alex Stamos在appsec会议傻姑娘的演讲,解释为什么防火墙不是他们安全策略的一部分。

http://etherealmind.com/why-firewalls-wont-matter-in-a-few-years/

9、检测beef的yara规则

http://www.varanoid.com/research-alerts/sans-internet-storm-center/when-hunting-beef-yara-rules-part-2-thu-dec-17th/

10、Docker, linux容器安全PPT

http://www.slideshare.net/jpetazzo/docker-linux-containers-lxc-and-security

11、bitdefender报告:针对apt28对政府的全球情报搜集工作深入分析

http://download.bitdefender.com/resources/media/materials/white-papers/en/Bitdefender_In-depth_analysis_of_APT28%E2%80%93The_Political_Cyber-Espionage.pdf

12、黄貂鱼细节:政府监控你手机的秘密项目

https://theintercept.com/2015/12/17/a-secret-catalogue-of-government-gear-for-spying-on-your-cellphone/

13、loadlibray调用dll的秘密

https://cansecwest.com/slides/2015/Sexrets_of_LoadLibrary__Yang_yu%20_CSW2015.pdf

14、日志的重要性

http://www.crowdstrike.com/blog/the-importance-of-logs/

15、ios银行app评估

http://blog.ioactive.com/2015/12/by-ariel-sanchez-two-years-ago-idecided.html?spref=tw