资讯类:

俄国家联邦安全局说,俄的重要基础设施已成为恶意程序的目标

http://www.csoonline.com/article/3102664/cyber-attacks-espionage/spies-planted-malware-on-critical-infrastructure-russian-security-service-says.html#tk.rss_all


Pokemon GO正遭受来自PoodleCorp 僵尸网络的ddos攻击

http://news.softpedia.com/news/pokemon-go-ddos-attacks-postponed-as-poodlecorp-botnet-suffers-security-breach-506910.shtml


技术类:

通过后门渗透IPv6网络

http://www.linux-magazine.com/Online/Features/IPv6-Penetration-Testing


如何构建你自己的渗透测试工具盒子

http://www.blackhillsinfosec.com/?p=5156


一个来自2013年的研究文档:蓝牙低功耗的低安全级别

https://www.usenix.org/system/files/conference/woot13/woot13-ryan.pdf


黑客入侵了FreeDNS,然后将客户的DNS都指向了恶意站点

https://blog.sucuri.net/2016/07/fake-freedns-used-to-redirect-traffic-to-malicious-sites.html


一种新的偷取社保号/信用卡号的攻击方式,使用浏览器的 javascript APIs对抗HTTPS,无须借用中间人攻击

http://arstechnica.com/security/2016/08/new-attack-steals-ssns-e-mail-addresses-and-more-from-https-pages/


对反向工程工具Radare2的使用介绍

https://www.insinuator.net/2016/08/reverse-engineering-with-radare2-intro/


Salesforce开源了渗透测试管理和自动平台,相关文档在http://vulnreport.io/documentation

https://github.com/salesforce/vulnreport


.NET Framework 4.6.2发布:提供多种加密和安全相关的更新

https://blogs.msdn.microsoft.com/dotnet/2016/08/02/announcing-net-framework-4-6-2/


FakeNet-NG :号称是下一代动态网络分析工具

https://github.com/fireeye/flare-fakenet-ng


使用Tplmap对nunjucks模板引擎进行服务端的模板注入,tplmap工具的下载地址在https://github.com/epinna/tplmap

http://disse.cting.org/2016/08/02/2016-08-02-sandbox-break-out-nunjucks-template-engine


XML External Entity 注入,打开窃贼的攻击之门

https://blogs.mcafee.com/mcafee-labs/xml-external-entity-injection-opens-door-attacks-theft/


Oracle Java MethodHandle 远程代码执行利用程序在售卖

http://0day.today/exploits/25837


一个收集的很好的XSS payloads列表

http://d3adend.org/xss/ghettoBypass


windows hacking 1:注入后门到PE文件

https://www.cybrary.it/0p3n/windows-hacking-1-inject-backdoor-pe-file/


一款搭载渗透工具集的无人机,议题PPT/视频/工具还没有更新上去

https://www.bishopfox.com/resources/tools/drones-penetration-testers/


chaoskey 1.0发行:一个USB设备,可以生成随机数

http://keithp.com/blogs/chaoskey/


Black Hat USA 2016 的议题PPT: “Beyond the MCSE: Active Directory for the Security Professional”

https://adsecurity.org/wp-content/uploads/2016/08/US-16-Metcalf-BeyondTheMCSE-ActiveDirectoryForTheSecurityProfessional.pdf


Black Hat USA 2016军火库的Android Tamer 工具演示PPT

http://www.slideshare.net/anantshri/android-tamer-bh-usa-2016-arsenal-presentation


当WDK更新时,你要小心了

https://www.osr.com/blog/2016/08/03/careful-wdk-updates/


Black Hat USA 2016的议题PPT : subverting apple graphics practical approaches to remotely gaining root

http://www.slideshare.net/LiangChen13/us-16subverting-applegraphicspracticalapproachestoremotelygainingrootchenhegrassifu


BurpSuite的非HTTP劫持代理和DNS服务插件

https://github.com/summitt/Burp-Non-HTTP-Extension

文章原文链接:https://www.anquanke.com/post/id/84330