资讯类
微软Meltdown补丁引发更大的安全漏洞,允许任何用户级应用程序从操作系统内核读取内容,甚至将数据写入内核内存
新的CPU侧信道攻击——BranchScope
BranchScope is a new side-channel attack method against Intel chip
灰鹭监视公司
Grey Heron, the new Co in the surveillance industry that promises to spy on Signal and Telegram
浏览器内的加密越来越难以检测到
https://www.bleepingcomputer.com/news/security/in-browser-cryptojacking-is-getting-harder-to-detect/
VirusBay——分享恶意软件分析社区
https://www.bleepingcomputer.com/news/security/virusbay-aims-to-make-malware-analysis-more-social/
Firefox插件将Facebook网站及其所有域名隔离
Struts框架S2-056漏洞预警
https://cwiki.apache.org/confluence/display/WW/S2-056
GOSCANSSH恶意软件瞄准SSH服务器
GoScanSSH Malware Targets SSH Servers, But Avoids Military and .GOV Systems
高额打车补贴下,黑产如何薅走美团的羊毛?
http://t.cn/RnHbBfP
技术类
客户端 session 导致的安全问题
披着狼皮的羊——寻找惠普多款打印机中的RCE漏洞
智能合约蜜罐
https://medium.com/@gerhard.wagner/the-phenomena-of-smart-contract-honeypots-755c1f943f7b
利用入侵分析的微控制器进行固件修复
https://duo.com/blog/microcontroller-firmware-recovery-using-invasive-analysis
强网杯出题思路
https://bbs.pediy.com/thread-225488.htm
强网杯writeup
https://lorexxar.cn/2018/03/26/qwb2018/
加密101:解密者的思考过程
记一次爬虫批量爬取exp
Pwn a CTF Platform with Java JRMP Gadget
http://blog.orange.tw/2018/03/pwn-ctf-platform-with-java-jrmp-gadget.html
Reducing Fuzzing Code Coverage Overhead using “Disposable Probes”
https://repret.wordpress.com/2018/03/21/128/
DiskShadow工具介绍