1、VPN提供商提供的端口转发功能有可能泄露真实IP,Torrent用户有可能受影响http://0x27.me/2015/11/26/Practical-Exploitation-of-Portfail.html

https://www.perfect-privacy.com/blog/2015/11/26/ip-leak-vulnerability-affecting-vpn-providers-with-port-forwarding/

2、windows phone internals:解锁bootloader,root访问文件系统,选择自定义的lumia

http://www.wpinternals.net/

3、你所不知道的恶意软件惯用的技巧

http://www.ghacks.net/2015/11/25/malware-tricks-that-you-may-not-know-about/

4、Stack Smashing

http://torcellite.com/projects/stack-smashing/report.pdf

5、家庭路由器安全checklist

http://routersecurity.org/checklist.php

6、基于javascript的DGA(域名生成算法)

http://www.johannesbader.ch/2015/11/a-javascript-based-dga/

7、debian包管理工具dpkg发现2个栈溢出和一个越界访问漏洞

https://blog.fuzzing-project.org/30-Stack-overflows-and-out-of-bounds-read-in-dpkg-Debian.html

8、检测通过dns查询的data exfiltration行为

https://blog.bit9.com/2015/11/24/developer-relations-month-detecting-data-exfiltration-via-dns-queries/

9、恶意软件分析人员手册:分析PE文件

http://resources.infosecinstitute.com/2-malware-researchers-handbook-demystifying-pe-file/

10、PHP 7.0.0 RC 8 发行

https://secure.php.net/archive/2015.php#id2015-11-26-1

11、滥用css Selectors执行Ui Redressing攻击

https://security.linkedin.com/blog-archive#11232015

12、基于模式的漏洞挖掘

https://ediss.uni-goettingen.de/bitstream/handle/11858/00-1735-0000-0023-9682-0/mainFastWeb.pdf

13、2015 JSRC电商与智能安全沙龙 PPT

https://drive.google.com/folderview?id=0B_thUFNIy8TdLTVsVTFvdUVqd0k&usp=sharing

14、fuzz和检测win32k.sys中的"uaf"漏洞

https://github.com/Rootkitsmm/Win32k-Fuzzer

15、我的secTor会议上的故事:获取Belkin Wemo交换机的root权限

http://www.tripwire.com/state-of-security/featured/my-sector-story-root-shell-on-the-belkin-wemo-switch/

文章原文链接:https://www.anquanke.com/post/id/82998