https://static.jiayezz.com/82/fb47363e50e229f17c6521464861fb

1、使用TLS配置你的远程桌面(rdp)

http://blog.robiii.nl/2015/10/configure-your-windows-remote-desktop.html

2、音频隐写术的基本方法(频谱图)

https://solusipse.net/blog/post/basic-methods-of-audio-steganography-spectrograms/


3、CVE-2015-1642:微软WORD OLE利用分析

https://www.nccgroup.trust/globalassets/our-research/uk/whitepapers/2015/10/understanding-microsoft-word-ole-exploit-primitives-exploiting-cve-2015-1642pdf/

4、从内存提权keepass 2.x数据库的密码

https://github.com/denandz/KeeFarce


5、通过fuzzing浏览器找BUG

https://drive.google.com/file/d/0B4ZwSwfSILSIcWhzY1NnY0lrNEk/view?pli=1

6、Joomla CVE-2015-7297分析,影响joomla 3.2到3.4.4,问题出在JModelList里的populateState()方法

http://blog.perimeterx.com/joomla-cve-2015-7297/


7、DIY一个看起来像壁式充电器似的无线键盘记录

http://lifehacker.com/this-diy-wireless-keylogger-fits-anywhere-looks-like-a-1739266989

8、sniffly:使用HSTS+CSP嗅探浏览器历史记录的POC工具

https://github.com/diracdeltas/sniffly

9、pyelftools:解析ELF和DWARF的PYTHON库

https://github.com/eliben/pyelftools

10、取证时,你应该充分的测试你的取证工具

http://malwarejake.blogspot.it/2015/10/thou-shall-test-thy-forensics-tools.html


11、WSUSpect-proxy:通过中间人WSUS流量,注入欺骗更新的POC工具

https://github.com/ctxis/wsuspect-proxy

12、EBAY MAGENTO XXE注入漏洞,影响eBay Magento CE <= 1.9.2.1和eBay Magento EE <= 1.14.2.1

https://dl.packetstormsecurity.net/1510-exploits/eBay-Magento-XXE-Injection-Vulnerability.txt


13、保护你的windows网络:本地管理员账号管理设置方法

https://dfirblog.wordpress.com/2015/11/01/protecting-windows-networks-local-administrative-accounts-management/

14、root cisco的 Linksys x2000 路由器

http://meat.pisto.horse/2015/11/rooting-linksys-x2000-router-system.html


15、ntp多个漏洞影响cisco多个产品

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151021-ntp

16、以正视听的Moplus SDK和虫洞漏洞

http://blog.trendmicro.com/trendlabs-security-intelligence/setting-the-record-straight-on-moplus-sdk-and-the-wormhole-vulnerability/

文章原文链接:https://www.anquanke.com/post/id/82826