1、恶意软件使用的Anti-Disassembly技术

http://malwinator.com/anti-disassembly-used-in-malware-a-primer/

2、可预测的SSH主机密钥

https://www.raspberrypi.org/forums/viewtopic.php?f=66&t=126892

3、9%的HTTPS和6%的SSH使用硬编码私钥

http://blog.sec-consult.com/2015/11/house-of-keys-industry-wide-https.html

4、SAP Sybase Adaptive Server Enterprise的XXE漏洞POC

https://www.exploit-db.com/exploits/38805/

5、静态分析恶意java applets

http://scholarworks.sjsu.edu/cgi/viewcontent.cgi?article=1390&context=etd_projects

6、CVE-2015-3628:F5 ICall:script权限提升漏洞分析

http://blog.gdssecurity.com/labs/2015/11/25/exploiting-f5-icallscript-privilege-escalation-cve-2015-3628.html

7、cfdb:Common Findings Database

https://github.com/mubix/cfdb/blob/master/README.md

8、恶意javascript分析

http://neonprimetime.blogspot.tw/2015/11/malicious-javascript-walk-thru.html

9、scapy3k:支持python3的scapy

https://github.com/phaethon/scapy

10、恶意软件Hammertoss如何用Twitter作为C&C,用python帮你简单说下原理

http://securityaffairs.co/wordpress/42254/hacking/hammertoss-malware-python-poc.html

11、自动扫描firefox扩展

http://danstillman.com/2015/11/23/firefox-extension-scanning-is-security-theater

12、TLS/SSL Failures and Some Thoughts on Cert Pinning (Part 1)

https://pen-testing.sans.org/blog/pen-testing/2015/11/25/tlsssl-failures-and-some-thoughts-on-cert-pinning-part-1

13、本地内核debugger

http://grehack.fr/data//grehack2015/slides/Grehack%202015%20-%20Invited%20talk%20-%20Draw%20me%20A%20Local%20Kernel%20Debugger.pdf

14、joomlavs:joomla黑盒漏扫工具

https://github.com/rastating/joomlavs

15、pipe ctf writeup

https://highon.coffee/blog/pipe-ctf-walkthrough/

16、使用JTR破解iwork文件

http://www.openwall.com/lists/john-users/2015/11/23/9

文章原文链接:https://www.anquanke.com/post/id/82993