资讯类
趋势科技发布报告:回顾2017年最严重的网络攻击以及总结的经验
语法纠错Chrome扩展程序泄露用户隐私
https://threatpost.com/grammarly-patches-chrome-extension-bug-that-exposed-users-docs/129794/
http://www.zdnet.com/article/grammarly-flawed-chrome-extension-exposed-private-documents/
假的Adobe Flash更新站点欺骗用户下载CPU矿工
https://www.bleepingcomputer.com/news/security/fake-adobe-flash-update-sites-pushing-cpu-miners/
2017年度中国信息安全从业人员现状调研报告
http://www.itsec.gov.cn/zxxw/201802/t20180205_23641.html
在WordPress CMS平台中发现了一个简单而严重的应用程序级拒绝服务(DoS)漏洞,它可以让任何人甚至只用一台机器就可以关闭大多数WordPress网站。
https://thehackernews.com/2018/02/wordpress-dos-exploit.html
技术类
机器学习检测WebShell
https://mp.weixin.qq.com/s/XWIIniSgq75lMK6Vi_BKaA
Jackson dbcp gadget以及CVE-2018-5968
http://blog.csdn.net/u011721501/article/details/79257709
分析OSX / CreativeUpdater
https://objective-see.com/blog/blog_0x29.html
如何减轻加密货币带给企业安全的威胁
https://thehackernews.com/2018/02/cryptocurrency-mining-threat.html
基于机器学习的 Webshell 发现技术探索
https://mp.weixin.qq.com/s/5wJbvuG0IUOX4jdFtYNnkg
微信海量数据监控的设计与实践
https://mp.weixin.qq.com/s/EAPHplKe9meI0-EHeF_BcQ
引用外部脚本的隐患及防御
LSB-Steganography – 使用最低有效位将文件隐写到图像中
https://www.kitploit.com/2018/02/lsb-steganography-python-program-to.html
Modern CSS Explained For Dinosaurs
https://medium.com/actualize-network/modern-css-explained-for-dinosaurs-5226febe3525
MACHINE LEARNING FOR EFFECTIVE FUZZING – CLOUDFUZZ
https://payatu.com/machine-learning-effective-fuzzing
分析一个HTA文件
https://isc.sans.edu/diary/rss/23307
利用CSS注入(无iFrames)窃取CSRF令牌
https://github.com/dxa4481/cssInjection
具有高级分析功能的hunting ELK
https://github.com/Cyb3rWard0g/HELK
Hacking With Go
https://secdevops.ai/hacking-with-go-packet-crafting-and-manipulation-in-golang-pt-2-632e99917865
X.509在TLS和SSL实现中的新方法
https://www.fidelissecurity.com/threatgeek/2018/02/exposing-x509-vulnerabilities