Magento:非认证远程代码执行漏洞
http://netanelrub.in/2016/05/17/magento-unauthenticated-remote-code-execution/
价值5000美金的GOOGLE存储型XSS
https://blog.it-securityguard.com/bugbounty-sleeping-stored-google-xss-awakens-a-5000-bounty/
Chrome XSS Auditor绕过。
https://html5sec.org/xssauditor/bypasses-052016?xss=%3Clink%20rel=import%20href=https:html5sec.org/
跟踪黑客第一部分
https://dfir-blog.com/2016/05/17/funny-honey-tracking-hackers-in-cyberspace-part1/
searchgiant_cli:命令行下针对云服务器的(Google Drive/Gmail/Dropbox等)的图像取证工具
https://github.com/jadacyrus/searchgiant_cli
AppleCronPrank:通过cron控制MACOX的工具
https://github.com/01010101/AppleCronPrank
CVE-2016-1287 POC: IKEv1/v2 缓冲区溢出POC,技术文档原来推动送过,在https://blog.exodusintel.com/2016/02/10/firewall-hacking/
https://github.com/exodusintel/disclosures/blob/master/CVE_2016_1287_PoC
当恶意软件遇到rootkit
https://www.symantec.com/avcenter/reference/when.malware.meets.rootkits.pdf
新的Angler挂马家族黑了19个站点,包括UltraVNC
http://www.cyphort.com/angler-hacks-vnc/
Django, ELB health checks and continuous delivery
http://tech.octopus.energy/2016/05/05/django-elb-health-checks.html
通过反向工程智能手环实现控制无人机
Windows – gdi32.dll Heap-Based Buffer Overflow in ExtEscape() Triggerable via EMR_EXTESCAPE EMF Record (MS16-055)
https://www.exploit-db.com/exploits/39834/
分析foxit reader的堆溢出
https://scoding.de/analsysis-of-a-heap-overflow-in-foxit-reader
Volatility Framework 框架插件用于提取 BitLocker FVEK (Full Volume Encryption Key)
https://github.com/elceef/bitlocker
使用VOLATILITY发现高级的恶意软件
https://eforensicsmag.com/finding-advanced-malware-using-volatility/
介绍x64汇编
https://software.intel.com/sites/default/files/m/d/4/1/d/8/Introduction_to_x64_Assembly.pdf
linux-insides系列:信号量
https://github.com/0xAX/linux-insides/blob/master/SyncPrim/sync-5.md
一个内存访问冲突问题可导致Symantec Antivirus 奔溃你的windows系统
钓鱼邮件攻击:组合office和pdf漏洞
#WindowsServer 2016 Nano的新powershell安全cmdlets替代SecEdit和AuditPol
https://blogs.msdn.microsoft.com/powershell/2016/05/09/new-security-cmdlets-in-nano-server/
我如何再一次绕过facbook csrf
http://pouyadarabi.blogspot.tw/2016/05/how-i-bypassed-facebook-csrf-in-2016.html