1、一周渗透系列的第四天:Post Exploitation
http://www.labofapenetrationtester.com/2015/12/week-of-continuous-intrusion-tools-day-4.html
2、一个隐藏原数据(metadata)的隐私消息系统
https://github.com/davidlazar/vuvuzela
3、由于三年的老漏洞导致备受瞩目的移动应用存在风险
4、常见powershell渗透工具整理
https://www.peerlyst.com/blog-post/resource-infosec-powershell-tools-resources-and-authors
5、Java的零日漏洞CVE-2015-4852被发现用于网络攻击
6、自动MIME附件分流
https://blog.rootshell.be/2015/12/04/automatic-mime-attachments-triage/
7、fuzzing math:opessl中的BN_mod_exp(CVE-2015-3193)错误计算
8、Zeronights'2015 会议上的2篇攻击hypervisors的PPT
https://github.com/REhints/Publications/tree/master/Conferences/Zeronights'2015
9、Botconf 2015 会议第二天记录
https://blog.rootshell.be/2015/12/03/botconf-2015-wrap-up-day-2/
10、0day贸易市场分析
http://moritzlaw.osu.edu/students/groups/is/files/2015/06/Fidler-Second-Review-Changes-Made.pdf
11、分析利用elasticsearch漏洞形成的僵尸网络
12、用VB.NET实现通过PID获取用户名
http://ibreak.software/2015/12/03/get-username-from-pid-in-vb-net/
13、从远程shell到远程终端(实现了tty,通过信号实现窗口大小改变)
http://blog.stalkr.net/2015/12/from-remote-shell-to-remote-terminal.html#more
14、微软IE CDOMStringDataList::InitFromString导致信息泄露
http://www.zerodayinitiative.com/advisories/ZDI-15-547/
15、sknyk's的公共漏洞数据库,帮你查阅历史漏洞
https://github.com/Snyk/vulndb
16、Defusing a binary bomb with gdb – Part 3
http://blog.carlosgaldino.com/2015/12/03/defusing-a-binary-bomb-with-gdb-part-3.html
17、恶意软件解密
https://blog.malwarebytes.org/development/2015/12/malware-crypters-the-deceptive-first-layer/
18、mitmproxy 0.15发行
http://corte.si/posts/code/mitmproxy/announce_0_15/
文章原文链接:https://www.anquanke.com/post/id/83049
