恶意软件分析新手工具包

https://bluesoul.me/practical-malware-analysis-starter-kit/

mysql union注入新手教程

http://infoseczone.net/mssql-union-based-injection-step-step/

一个demo用来演示用javascript覆盖剪切板内容,然后欺骗受害者运行恶意命令

https://github.com/dxa4481/Pastejacking

反向工程实践第三部分 : Following the Data

http://jcjc-dev.com/2016/05/23/reversing-huawei-3-sniffing/

ads广泛影响的漏洞:flash版 (Facebook’s LiveRail, Akamai, Adobe产品受影响)

https://randywestergren.com/widespread-vulnerable-ads-part-two-flash-edition-facebooks-liverail-akamai-adobe-products-affected/

安全域环境

https://adsecurity.org/?p=1684

新一代的Exploit 开发工具包

https://github.com/b3mb4m/shellsploit-framework

python代码混淆,压缩工具

https://github.com/b3mb4m/pyminifier

理解和缓解apple ZeroConf的安全风险

http://www.ieee-security.org/TC/SP2016/papers/0824a655.pdf

跨平台分析android和ios潜在的危险库

http://www.ieee-security.org/TC/SP2016/papers/0824a357.pdf

Hacking WordPress Plugins

http://www.slideshare.net/LarryCashdollar/hacking-wordpress-plugins

DMA Locker 4.0 :已知的准备大范围扩散的恶意欺诈软件

https://blog.malwarebytes.org/threat-analysis/2016/05/dma-locker-4-0-known-ransomware-preparing-for-a-massive-distribution/

从pcap文件中帮助分析HTTP协议中恶意流量的工具

https://github.com/omriher/CapTipper/archive/master.zip

使用scapy处理网络包

http://www.howtohackin.com/blog/scapy/

DEFCON CTF 2016 – feedme关卡writeup

https://blahcat.github.io/2016/05/23/defcon-ctf-2016-feedme.html

CVE-2016-1542 (BMC-2015-0010) 和 CVE-2016-1543 (BMC-2015-0011) 的 poc,漏洞细节在https://www.insinuator.net/2016/03/bmc-bladelogic-cve-2016-1542-and-cve-2016-1543/

https://github.com/ernw/insinuator-snippets/tree/master/bmc_bladelogic

有人给pornhub提交漏洞了,XSS漏洞25美金

https://hackerone.com/reports/82929

针对中东银行的攻击

https://www.fireeye.com/blog/threat-research/2016/05/targeted_attacksaga.html