资讯类
美英政府网站被注入矿工,影响范围甚广
黑客可利用macOS应用程序截图功能来窃取密码,标记,密钥
技术类
思科NX-OS VDC接管漏洞
在Snapchat上存储XSS
https://medium.com/@mrityunjoy/stored-xss-on-snapchat-5d704131d8fd
使用concolic执行静态分析恶意软件
https://int0xcc.svbtle.com/using-concolic-execution-for-static-analysis-of-malware
教程:恶意软件分析
https://www.slideshare.net/bartblaze/malware-analysis-threat-intelligence-and-reverse-engineering
From APK to Golden Ticket
警惕GLOBEIMPOSTER勒索软件
https://www.secpulse.com/archives/68257.html
使用hashcat强化Linux全盘加密(LUKS)
https://blog.pnb.io/2018/02/bruteforcing-linux-full-disk-encryption.html
使用图像链接的UNC路径注入
https://www.secpulse.com/archives/68334.html
macOS内核漏洞
https://www.exploit-db.com/exploits/44007/
bug bounty program
http://10degres.net/the-bugbounty-program-that-changed-my-life/
Nessus插件的武器化
https://depthsecurity.com/blog/weaponization-of-nessus-plugins
易受攻击的ARM二进制文件集合
https://github.com/Billy-Ellis/Exploit-Challenges
BLEAH – 一种用于“智能”设备的BLE扫描仪
https://www.kitploit.com/2018/02/bleah-ble-scanner-for-smart-devices.html
Winpayloads – 不可检测的Windows Payload生成工具
https://www.kitploit.com/2017/07/winpayloads-undetectable-windows.html
StaCoAn——一个在移动应用上执行静态代码分析的跨平台工具
https://github.com/vincentcox/StaCoAn
Windows转储文件解密工具
https://github.com/AlessandroZ/LaZagneForensic