http://p1.qhimg.com/t01ee0ded1a480b06ce.jpg

1、宝马I3的app(https://play.google.com/store/apps/details?id=com.bmwi.remote)反向工程接口(https://shkspr.mobi/blog/2015/11/reverse-engineering-the-bmw-i3-api/)

https://github.com/edent/BMW-i-Remote

2、qualcomm TrustZone漏洞导致Droid Turbo bootloader解锁

http://theroot.ninja/disclosures/TRUSTNONE_1.0-11282015.pdf


3、卡内基梅隆二进制炸弹实验室(CMU Binary Bomb)的符号执行writeup

http://ctfhacker.com/ctf/python/symbolic/execution/reverse/radare/2015/11/28/cmu-binary-bomb-flag2.html

4、zeroNights会议ppt:orm2pwn:利用Hibernate ORM注入

http://www.slideshare.net/0ang3el/orm2pwn-exploiting-injections-in-hibernate-orm?from_action=save


5、zeroNights会议ppt:执行渗透测试的另一种方式

http://www.slideshare.net/KirillErmakov/lets-play-the-game-yet-another-way-to-perform-penetration-test-russian-red-team-exercise-experience-from-qiwi

6、GO语言运行时环境变量介绍

http://dave.cheney.net/2015/11/29/a-whirlwind-tour-of-gos-runtime-environment-variables


7、serpico:渗透测试报告生成和协同工作的工具

https://github.com/MooseDojo/Serpico/

8、powerMemory:可以查看内存和文件中的明文帐号的powershell工具集

https://github.com/giMini/PowerMemory


9、on* Landing Point :文章考虑到<符号后都过滤的情况,但是没有过滤'和"时的on*事件XSS利用方法,随后又分别讨论了,过滤'和"时的绕过方法

https://respectxss.blogspot.de/2015/11/on-landing-point.html

10、Terminus项目启动:自动生成windows structure的差异(当前只支持NTDLL的PDBs)

http://blog.rewolf.pl/blog/?p=1438


11、Math.random() and 32-bit precision

http://jandemooij.nl/blog/2015/11/27/math-random-and-32-bit-precision/

12、优化ssDeep(一种哈希算法)比较,降低大范围的文件比较所需的时间

https://www.virusbtn.com/virusbulletin/archive/2015/11/vb201511-ssDeep


13、事件响应方法的PPT

https://cert.societegenerale.com/en/publications.html

14、阻止基于jaxws-rt (2.1) web服务的XXE攻击

http://stackoverflow.com/questions/12977299/prevent-xxe-attack-with-jaxb


15、virtual-search.py更新,支持-s参数,可以指定csv分隔符

http://blog.didierstevens.com/2015/11/28/update-virustotal-search-py-version-0-1-3/

16、国外研究人员报google翻译页面的上传文档翻译功能可导致xss,其实是translate.googleusercontent.com的问题,根据SOP,并不能访问到translate.google.es

http://www.intelligentexploit.com/view-details.html?id=22623


17、php-fusion 9 的Robots.php文件的xss存储型XSS到远程代码执行

http://permalink.gmane.org/gmane.comp.security.oss.general/18253?utm_source=twitterfeed&utm_medium=twitter

18、使用python ctypes库写一个简单的mach-o解析器

https://rotlogix.com/2015/11/28/writing-a-simple-binary-parser-with-python-ctypes/


19、ARM反向工程练习

https://github.com/rotlogix/Exercises

20、Easy File Sharing Web Server v7.2 – Remote SEH 缓冲区溢出漏洞

http://blog.knapsy.com/blog/2015/11/25/easy-file-sharing-web-server-v7-dot-2-remote-seh-buffer-overflow-dep-bypass-with-rop/


21、广告牌照明系统漏洞

http://randywestergren.com/cutting-the-lights-vulnerabilities-in-a-billboard-lighting-system/

22、使用AFL和libFuzzer来fuzz C++代码

http://jefftrull.github.io/c++/clang/llvm/fuzzing/sanitizers/2015/11/27/fuzzing-with-sanitizers.html


23、在图片里隐藏shellcode

https://www.blackhat.com/presentations/bh-usa-06/BH-US-06-Sutton.pdf

文章原文链接:https://www.anquanke.com/post/id/83007