技术类:
MS16-039:使用gdi对象对windows 10 64位整形利用
https://blog.coresecurity.com/2016/06/28/ms16-039-windows-10-64-bits-integer-overflow-exploitation-by-using-gdi-objects/
使用burp和zap审计csp头
http://blog.gosecure.ca/2016/06/28/auditing-csp-headers-with-burp-and-zap/
研究保护和恢复namco ES1游戏系统
https://medium.com/@ValdikSS/researching-protection-and-recovering-namco-system-es1-arcades-1f8423fdeb3b#.i7vab2i9f
如何入侵企业终端
http://googleprojectzero.blogspot.com/2016/06/how-to-compromise-enterprise-endpoint.html
解决GOOGLE的ReCaptcha(验证码)服务,大约70%的精确率
http://www.cs.columbia.edu/~polakis/papers/sivakorn_eurosp16.pdf
利用和分析联想固件的秘密,相关代码在https://github.com/Cr4sh/ThinkPwn
http://blog.cr4.sh/2016/06/exploring-and-exploiting-lenovo.html
使用google jar进行有效的应用测试
https://blogs.mcafee.com/mcafee-labs/efficient-application-testing-burps-cookie-jar/?utm_source=twitter&utm_campaign=Labs#sf29887383
impacket 0.9.15
https://github.com/CoreSecurity/impacket/releases/tag/impacket_0_9_15
Alienvault公布研究人员在分析恶意软件时常用的逆向工具
https://www.alienvault.com/blogs/labs-research/reverse-engineering-malware
apache xerces getLastExtEntityInfo 的uaf漏洞
http://permalink.gmane.org/gmane.comp.security.oss.general/19850?utm_source=twitterfeed&utm_medium=twitter
WebGazer使用javascript和摄像头可以跟踪你的眼部活动
http://news.softpedia.com/news/webgazer-uses-javascript-and-your-webcam-to-track-eye-movements-505666.shtml?utm_content=buffer539f2&utm_medium=social&utm_source=plus.google.com&utm_campaign=buffer
如何测试android应用安全第二部分
https://blogs.mcafee.com/mcafee-labs/testing-android-application-security-part-2/?utm_source=twitter&utm_campaign=Labs#sf29787000
LIBREOFFICE RTF 漏洞
http://blog.talosintel.com/2016/06/vulnerability-spotlight-libreoffice-rtf.html
CVE-2016-2207:赛门铁克杀毒软件在解压rar时多个远程内存损坏漏洞
https://bugs.chromium.org/p/project-zero/issues/detail?id=810#c_ts1467137281
赛门铁克:dec2lha库的远程栈溢出漏洞
https://bugs.chromium.org/p/project-zero/issues/detail?id=814#c_ts1467137331
资讯类:
俄罗斯apt组织运行大量的钓鱼攻击针对google账号
http://news.softpedia.com/news/russian-apt-launched-massive-phishing-campaign-targeting-google-accounts-505754.shtml
在hardrock酒店的post系统上发现恶意软件
http://news.softpedia.com/news/malware-found-on-the-pos-systems-at-hard-rock-hotel-casino-505770.shtml
收购信息
cisco收购CloudLock
http://www.fourthwall.co/cisco-to-acquire-cloudlock/?utm_source=twitterfeed&utm_medium=twitter
数据泄露消息:
暗网前段时间销售的Myspace数据库疑似被放出来了