使用三星aboot非公开文档功能锁定下载模式
WarBerryPi – Tactical Exploitation [将树莓派打造成WarBerry]
https://github.com/secgroundzero/warberry
当打开或者执行文件时使用认证码或者签名得到通知
http://blog.thinkst.com/2016/05/certified-canarytokens-alerts-from_25.html
WPAD名称冲突漏洞
模拟恶意硬件
RSPET (Reverse Shell and Post Exploitation Tool)
https://github.com/panagiks/RSPET
RemoteDLLGuest.cs :通过URL来执行.NET/COM二进制
https://gist.github.com/subTee/d01abb15f58eef05873f2d67398ff5e8#file-remotedllguest-cs-L22
Moxa MiiNePort 多个漏洞
http://ipositivesecurity.blogspot.tw/2016/05/moxa-miineport-multiple-vulnerabilities.html
来自SEC560课程的哦powershell cheatsheet
http://pen-testing.sans.org/blog/2016/05/25/sans-powershell-cheat-sheet
Xen exploitation第一部分:从nobody到root
http://blog.quarkslab.com/xen-exploitation-part-1-xsa-105-from-nobody-to-root.html
恶意软件中的虚拟机检测技术
https://labs.bromium.com/2016/05/25/am-i-in-a-vm-the-tale-of-a-targeted-phish/
OWASP TOP 10: Insecure Direct Object Reference (#4)
https://blog.detectify.com/2016/05/25/owasp-top-10-insecure-direct-object-reference-4/
高价值网络窃贼攻击银行SWIFT系统
你android手机中的中国后门
跟踪和exploration windows内核的工具
https://github.com/rabbitstack/fibratus
demo:使用javascript跟踪你的眼部活动
https://webgazer.cs.brown.edu/collision.html
最近针对paypal的钓鱼,绕过已有的安全控制策略
http://phishme.com/paypal-customers-targeted-stealthy-html-attachment-phish/
如果你的浏览器支持自动下载功能,将有可能面临dll劫持漏洞 ,这里是演示页面
https://binaer.xyz/haifei-li/test.html
CVE-2016-0140 / MS16-054 Use-After-Free RCE POC
https://github.com/sourceincite/SRC-2016-22
RawPOS的变种分析
http://www.darkreading.com/cloud/a-newer-variant-of-rawpos-an-in-depth-look-/a/d-id/1325669
对cobalt strike的快速介绍
http://blog.cobaltstrike.com/2016/05/25/raffis-abridged-guide-to-cobalt-strike/
C++逆向工程第二部分:分支语句
http://www.cybersmash.io/reversing-c-pt-2-switch-statement/
停止使用“Internal”顶级域名
https://isc.sans.edu/diary/Stop+Using+%22internal%22+Top+Level+Domain+Names/21095