http://p1.qhimg.com/t01ee0ded1a480b06ce.jpg

1、俄罗斯金融犯罪:他们是如何运行和操作的

https://securelist.com/files/2015/11/Kaspersky_Lab_cybercrime_underground_report_eng_v1_0.pdf

2、DELL笔记本的证书问题,可以劫持HTTPS通信,窃取用户隐私,在线检测dellrootcheck.detectify.com

https://www.duosecurity.com/static/pdf/Dude,_You_Got_Dell_d.pdf


3、DefCamp CTF Finals 2015的writeup

https://github.com/p4-team/ctf/blob/master/2015-11-20-dctffinals/README.md#eng-version

4、CSL Dualcom CS2300-R(在英国最受欢迎的防盗警报信号系统)严重漏洞

http://cybergibbons.com/security-2/csl-dualcom-cs2300-signalling-unit-vulnerabilities/


5、glassRat:一个号称来自China的0检测木马

https://blogs.rsa.com/wp-content/uploads/2015/11/GlassRAT-final.pdf

6、使用glasswire检测网络摄像头和麦克风的使用

https://blog.glasswire.com/2015/11/23/detect-webcam-and-mic-usage-with-glasswire/


7、DockerMaze challenge write-up

http://testpurposes.net/2015/11/23/dockermaze-challenge-write-up/

8、多版本可执行文件防御基于编译器BUG的后门

http://blog.regehr.org/archives/1282


9、copykitten:一个针对以色列外交部的网络攻击组织

https://s3-eu-west-1.amazonaws.com/minervaresearchpublic/CopyKittens/CopyKittens.pdf

10、依托 Botnet 的内幕交易第二部分

https://blogs.mcafee.com/mcafee-labs/a-dummies-guide-to-insider-trading-via-botnet-part-2/


11、PowerShell版本SSL中间人欺骗工具

https://github.com/subTee/Interceptor

12、滥用u2f的'store'健

https://jbp.io/2015/11/23/abusing-u2f-to-store-keys/


13、Practical Invalid Curve Attacks

http://bsidesvienna.at/slides/2015/practical_invalid_curve_attacks_on_tls-ecdh.pdf

14、usenix的paper:硬件exploit变得简单

http://users.ece.cmu.edu/~ejschwar/papers/usenix11.pdf


15、PROFTPD v1.3.5a堆溢出

http://www.securityfocus.com/archive/1/536947

文章原文链接:https://www.anquanke.com/post/id/82976