1、Flash 0 Day In The Wild: Group 123 At The Controls
http://blog.talosintelligence.com/2018/02/group-123-goes-wild.html

2、Gold Dragon Widens Olympics Malware Attacks, Gains Permanent Presence on Victims’ Systems
https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malware-attacks-gains-permanent-presence-on-victims-systems/

3、LockPoS goes fashionable
https://forums.juniper.net/t5/Security-Now/LockPoS-goes-fashionable/ba-p/317665

4、Satori Adds Known Exploit Chain to Enslave Wireless IP Cameras
https://blog.fortinet.com/2018/02/02/satori-adds-known-exploit-chain-to-slave-wireless-ip-cameras

5、腾讯反病毒实验室预警:网页挂马会修改转账信息窃取财产
http://www.freebuf.com/column/162027.html

6、wget 缓冲区溢出漏洞分析(CVE-2017-13089)
https://paper.seebug.org/525/

7、Signal Safari: Investigating RF Controls with RTL-SDR
https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-signal-safari-2018-02-01.pdf

8、Reverse Engineering the Win32k Type Isolation Mitigation
https://blog.quarkslab.com/reverse-engineering-the-win32k-type-isolation-mitigation.html

9、Attacking the Nintendo 3DS Boot ROMs
https://arxiv.org/pdf/1802.00359.pdf

10、Linux Malware Analysis — Why Homebrew Encryption is Bad
https://medium.com/@jacob16682/linux-malware-analysis-why-homebrew-encryption-is-bad-48e349b252f9

11、Automating Apache mod_rewrite and Cobalt Strike Malleable C2 Profiles
https://posts.specterops.io/automating-apache-mod-rewrite-and-cobalt-strike-malleable-c2-profiles-d45266ca642

12、Active Directory: What can make your million dollar SIEM go blind?
http://www.bluehatil.com/files/Active%20Directory%20What%20Can%20Make%20Your%20Million%20Dollar%20SIEM%20Go%20Blind.pdf

13、初探机器学习检测 PHP Webshell
https://paper.seebug.org/526/

14、浅谈情报的实践与落地
https://www.sec-un.org/%E6%B5%85%E8%B0%88%E6%83%85%E6%8A%A5%E7%9A%84%E5%AE%9E%E8%B7%B5%E4%B8%8E%E8%90%BD%E5%9C%B0/

15、官方历年cve收集
https://github.com/CVEProject/cvelist

16、2017年度安全报告--漏洞势态
https://cert.360.cn/static/files/2017%E5%B9%B4%E5%BA%A6%E5%AE%89%E5%85%A8%E6%8A%A5%E5%91%8A--%E6%BC%8F%E6%B4%9E%E5%8A%BF%E6%80%81.pdf

17、BlueHatIL 2018 PPT
http://www.bluehatil.com/abstracts.html

18、ProtonVPN vulnerability allows anyone to access their paid services for FREE.
https://bigsn00p.wordpress.com/2018/01/31/protonvpn-information-disclosure-0day/

工具#Minesweeper:A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 3200 malicious cryptocurrency mining domains (cryptojacking).
https://github.com/codingo/Minesweeper

工具#Sickle:A python based shellcode development tool
https://github.com/wetw0rk/Sickle

工具#hate_crack:A tool for automating cracking methodologies through Hashcat
https://github.com/trustedsec/hate_crack

工具#tensorflow/cleverhans: An adversarial example library for constructing attacks, building defenses, and benchmarking
https://github.com/tensorflow/cleverhans

工具#WHIDS:Very flexible Host IDS designed for Windows.
https://github.com/0xrawsec/whids

点击收藏 | 0 关注 | 1
  • 动动手指,沙发就是你的了!
登录 后跟帖