资讯类
思科软件被曝出现严重高危硬编码漏洞
https://www.bleepingcomputer.com/news/security/hardcoded-password-found-in-cisco-software/
只用12小时,密币挖矿恶意软件就感染了约50万台电脑
Siri、科塔娜等语音助手可导致企业遭攻击
https://www.securityweek.com/cortana-can-expose-enterprises-attacks-researchers-warn
由于大规模网络钓鱼攻击,Binance加密货币遭到抛售
技术类
Memcache UDP 反射放大攻击 II: 最近的数据分析
https://blog.netlab.360.com/memcache-ddos-ii-numbers-and-charts-by-ddosmon/
利用WPAD/PAC与JScript,Exploiting Windows 10
基于MetaSploit内网穿透渗透测试
https://blog.sectown.cn/archives/323/
利用Debug Help Library定位Windows NT内核未导出的函数和结构体
http://www.4hou.com/system/10590.html
Lazarus APT组织最新攻击活动揭露
https://mp.weixin.qq.com/s/-cCnpo1kBebvJ7WMRj65tg
区块链安全 – 以太坊短地址攻击
http://blog.csdn.net/u011721501/article/details/79476587
从SQL注入到Getshell:记一次禅道系统的渗透
http://www.cnblogs.com/iamstudy/articles/chandao_pentest_1.html
构建Docker容器时的安全性探索
https://blog.heroku.com/exploration-of-security-when-building-docker-containers
ArcSight实战系列之三:ESM安装配置指南
http://www.aqniu.com/tools-tech/31913.html
The devil’s in the Rich header
https://securelist.com/the-devils-in-the-rich-header/84348/
Tearing Apart the Undetected (OSX)Coldroot RAT
https://objective-see.com/blog/blog_0x2A.html
OlympicDestroyer is here to trick the industry
Mac恶意软件的现状
DCSYNCMonitor——监视DCSYNC和DCSHADOW攻击的工具
https://github.com/shellster/DCSYNCMonitor
工具——password_pwncheck