1、TrendMicro:远程debugger node.js默认监听端口,可导致任意命令执行
https://bugs.chromium.org/p/project-zero/issues/detail?id=773
2、HID 门控远程root漏洞
http://blog.trendmicro.com/let-get-door-remote-root-vulnerability-hid-door-controllers/
3、理解win32的进程内存
https://drive.google.com/file/d/0B0tBYiOD2uG7SlI2YzdQbnRlbUk/view?pref=2&pli=1
4、一些渗透测试指南:包括如何配置渗透环境(nmap/oracle)
https://github.com/ZephrFish/InfoSecTutorials
5、微软拥抱开源:Ubuntu on Windows:Win10很快将能运行Ubuntu版Bash
http://blog.dustinkirkland.com/2016/03/ubuntu-on-windows.html
6、burpsuite使用技巧,第一部分,第二部分在http://parsiya.net/blog/2016-03-29-burp-tips-and-tricks-for-non-webapp-testing—part-2-history-intruder-scanner-and-more/
7、无文件(Fileless )感染技术:预览
https://blog.malwarebytes.org/cybercrime/2016/03/fileless-infections-an-overview/
8、OSX平台使用FSEvents(文件系统事件)检测和删除恶意文件
http://www.crowdstrike.com/blog/using-os-x-fsevents-discover-deleted-malicious-artifact/
9、构建一个浏览器引擎
https://limpet.net/mbrubeck/2014/08/08/toy-layout-engine-1.html
10、猫鼠游戏,我是如何迷惑想搞CryptoWall Tracker网站的攻击者的
http://blog.0x3a.com/post/141950176719/playing-games-with-an-attacker-how-i-messed-with
11、Central Ohio 2016安全会议视频
http://www.irongeek.com/i.php?page=videos/centralohioinfosec2016/mainlist
12、droidsheep-2.0稳定版发行:android会话劫持安全测试工具
https://github.com/veekoon/droidsheep-2.0?platform=hootsuite
13、Eli.Decode:使用unicorn引擎decode混淆的shellcode
https://github.com/DeveloppSoft/Eli.Decode
14、通过Twitter进行的钓鱼攻击
https://github.com/fjalappat/TwitterResearch?platform=hootsuite
15、针对路由器和iot设备的linux bot分析
16、VLC 2.1.6在处理wav文件时,引发的堆溢出漏洞
17、Kamailio SEAS模块encode_msg 堆缓冲区溢出漏洞
https://census-labs.com/news/2016/03/30/kamailio-seas-heap-overflow/
18、针对医疗设备安全的威胁与展望
https://www.insinuator.net/2016/03/medical-device-security-hack-or-hype/