资讯类
tomcat发布两个高危漏洞预警
http://tomcat.apache.org/security.html
全球网络犯罪造成的损失高达6000亿美元
http://securityaffairs.co/wordpress/69401/cyber-crime/cybercrime-cost-2017.html
npm更新导致Linux系统崩溃,迫使用户重新安装
英特尔发布Spectre补丁更新
代码签名证书买卖黑市的真实情况
技术类
FINSPY VM UNPACKING教程第3部分:设备的虚拟化
CVE-2018-6947漏洞利用教程
https://www.fidusinfosec.com/nomachine-road-code-execution-without-fuzzing-cve-2018-6947/
DEVSPIRTUALIZATION FINSPY,PHASE#1:反混淆FINSPY VM字节码程序
http://www.msreverseengineering.com/blog/2018/2/21/wsbjxrs1jjw7qi4trk9t3qy6hr7dye
伪造的ASIC(澳大利亚证券和投资委员会)利用钓鱼邮件传播恶意软件
Nix技巧:SSH复用
https://0x00sec.org/t/stupid-nix-tricks-ssh-multiplexing/5583
荷兰DDoS攻击始末
伪造代码签名证书的兴起
https://www.recordedfuture.com/code-signing-certificates/
保护物联网网络
https://blog.trendmicro.com/securing-iot-networks/
数说IoT僵尸网络
http://www.aqniu.com/learn/31650.html
Drive-by download campaign targets Chinese websites
SinVR漏洞利用分析
利用TAP适配器窃取哈希值
https://orangewirelabs.wordpress.com/2018/02/21/stealing-hashes-with-tap/
Wavpack 5.1.0 Denial of Service
https://cxsecurity.com/issue/WLB-2018020236
Web浏览安全性概述
https://sec.eff.org/articles/web-browsing-security
Wafid: WAF指纹识别工具