资讯类
Mirai僵尸网络相关人员被判刑,他们因制造传播Mirai而被控告,Mirai去年发起了大规模DDoS攻击
https://thehackernews.com/2017/12/hacker-ddos-mirai-botnet.html
https://krebsonsecurity.com/2017/12/mirai-iot-botnet-co-authors-plead-guilty/
https://www.wired.com/story/mirai-botnet-minecraft-scam-brought-down-the-internet/
广告软件厂商与安全公司纠缠恶意软件定义范围
美国政府将计算机战士送往战场
技术类
Detection Lab简介与使用
https://medium.com/@clong/introducing-detection-lab-61db34bed6ae
Avast开源机器码反编译器
https://blog.avast.com/avast-open-sources-its-machine-code-decompiler
基于实例的Applocker安全加强方案
https://oddvar.moe/2017/12/13/harden-windows-with-applocker-based-on-case-study-part-1/
https://oddvar.moe/2017/12/13/applocker-case-study-how-insecure-is-it-really-part-1/
XXE应用篇实例讲解
https://www.mbsd.jp/blog/20171213.html
HIDDEN COBRA技术分析
DirecTV:一个愤怒而绝望的故事(CVE-2017-17411)
OSX.Pirrit macOS恶意软件分析 Part3
https://www.cybereason.com/blog/targetingedge-mac-os-x-pirrit-malware-adware-still-active
XXE-旧事重提
https://blog.zsec.uk/out-of-band-xxe-2/
CSRF Token一次有趣的窃取经历
https://blog.cloudflare.com/the-curious-case-of-caching-csrf-tokens/
新的子域名枚举与信息收集工具
https://github.com/jonluca/Anubis
Gif diff中的转义问题
https://www.twistlock.com/2017/12/13/hiding-content-git-escape-sequence-twistlock-labs-experiment/
Google Chrome 0day PoC
https://www.youtube.com/watch?v=HadpwNlWCXY&feature=youtu.be&a=
SCF文件攻击
https://pentestlab.blog/2017/12/13/smb-share-scf-file-attacks/
2018构建安全PHP指南
https://paragonie.com/blog/2017/12/2018-guide-building-secure-php-software