http://p1.qhimg.com/t01ee0ded1a480b06ce.jpg

1、Centos 7.1/Fedora 22 自动缺陷报告工具(ABRT)导致的本地提权POC (abrt-hook-ccpp不安全的open()函数使用以及abrt-action-install-debuginfo 不安全的临时目录使用导致的)

https://www.exploit-db.com/exploits/38835/

2、有关meterpreter的替代工具的讨论,好多人评论使用Empire来替代

http://security.stackexchange.com/questions/106762/metasploit-meterpreter-alternatives


3、Docker容器之基于IRC的TOR隐藏服务

https://github.com/dustyfresh/OnionIRC

4、Advantech EKI 存有多个已知的安全漏洞

https://community.rapid7.com/community/infosec/blog/2015/12/01/r7-2015-25-advantech-eki-multiple-known-vulnerabilities


5、火眼的报告:当你公司的数据泄露的时候,你能做什么?

https://www2.fireeye.com/rs/848-DID-242/images/eb-cyber-security-playbook.pdf?

6、一些攻击Tqcacs+协议的脚本

https://github.com/GrrrDog/TacoTaco


7、如何构建一个产品安全团队

https://medium.com/starting-up-security/starting-up-security-85382451ae2e#.wozerq89p

8、高亮SSO消息的burpsuite扩展

https://github.com/RUB-NDS/BurpSSOExtension


9、戴尔基础服务的远程信息泄露(II)

http://rum.supply/2015/12/01/dell-foundation-services.2.html

10、LI-FI(可见光无线通信)传输数据的技术细节

http://www.ijcta.com/documents/volumes/vol5issue1/ijcta2014050121.pdf


11、隐藏在每个http/2连接中的秘密信息

http://blog.jgc.org/2015/11/the-secret-message-hidden-in-every.html

12、rr:gdb增强调试工具

http://rr-project.org/


13、在内存中执行Mimikatz

https://github.com/subTee/Utils/tree/master

14、nccgroup新paper:探索Ruby on Rails的身份验证和授权模式方面的陷阱

https://www.nccgroup.trust/uk/our-research/going-auth-the-rails-on-a-crazy-train/


15、Raspberry Pi Zero新手辅导教程

http://www.wired.co.uk/news/archive/2015-11/30/raspberry-pi-zero-starter-guide

16、实现rc4攻击的POC代码

https://github.com/evolmatt/CryptoPaper?utm_source=hootsuite


17、Exploitation揭秘第二部分:覆写和重定向

http://researchcenter.paloaltonetworks.com/2015/12/exploitation-demystified-part-2-overwrite-and-redirect/

18、whatsapp在其android app中阻止telegram链接

http://www.androidpolice.com/2015/12/01/whatsapp-is-blocking-telegram-links-in-the-android-app/


19、MMCSnapInsView :显示所有安装在你系统中的MMC插件细节

http://blog.nirsoft.net/2015/12/01/new-utility-that-displays-the-details-of-all-mmc-snap-ins-installed-on-your-system/

20、Nuclear Pack载入无文件的CVE-2014-4113 Exploit

http://malware.dontneedcoffee.com/2015/12/nuclear-pack-loading-fileless-cve-2014.html

文章原文链接:https://www.anquanke.com/post/id/83027