1、Pwnedlist(跟踪账户信息泄露的网站)被黑
http://krebsonsecurity.com/2016/05/how-the-pwnedlist-got-pwned/
2、GrrCon 2015 :内存取证writeup
http://www.ghettoforensics.com/2016/05/grrcon-2015-memory-forensics-grabbing.html
3、CVE-2015-6639:高通安全执行环境权限提升漏洞poc
https://bits-please.blogspot.tw/2016/05/qsee-privilege-escalation-vulnerability.html
4、从ctf的比赛中捕获的流量中收集payload
https://medium.com/@foospidy/collecting-payloads-from-ctf-pcaps-65ffb5a76c09#.xxdr6w26i
5、CORS Enabled XSS
http://brutelogic.com.br/blog/cors-enabled-xss/
6、威胁情报学习第二部分:基础架构建立,第一部分:规划(https://www.fastly.com/blog/lean-threat-intelligence-part-1-plan)
https://www.fastly.com/blog/lean-threat-intelligence-part-2-foundation
7、反向工程实践第二部分:侦察固件
http://jcjc-dev.com/2016/04/29/reversing-huawei-router-2-scouting-firmware/
8、拦截IM应用(Telegram)是如何做到的
https://www.bellingcat.com/news/2016/04/30/russia-telegram-hack/
9、显示每个进程的网络传输的带宽监控脚本
https://github.com/akshayKMR/hogwatch
10、通过克隆站点来偷取Google Rankings
https://blog.sucuri.net/2016/04/cloned-website-stealing-google-rankings-seo-serp.html
11、使用NITRO API和POWERSHELL实现自动化的NetScaler
https://www.citrix.com/blogs/2016/04/29/automate-netscaler-using-nitro-api-and-powershell/
12、虚假的Andorid Update在欧洲推送SMS,点击欺诈
https://blogs.mcafee.com/mcafee-labs/fake-android-update-delivers-sms-click-fraud-europe/
13、CVE-2015-7214 POC
https://github.com/llamakko/CVE-2015-7214
14、实现UAC绕过的的开源POC
https://github.com/pedro-javierf/Twicexploit
15、VulnHub团队的GOOGLE CTF 部分writeup
https://github.com/VulnHub/ctf-writeups/tree/master/2016/google-ctf
16、GOOGLE CTF Mobile关部分writeup
https://github.com/yohanes/write-ups/tree/master/google-ctf
17、Google CTF web关部分writeup
http://buer.haus/2016/05/01/google-ctf-web-write-ups-1115/
18、p4-team团队的Google CTF 2016 部分writeup
https://github.com/p4-team/ctf/tree/master/2016-05-01-googlectf
19、Google CTF 2016 部分writeup
https://github.com/Blystad/googlectf_writeups/tree/master/networking
20、linux-insides系列:Inline assembly
https://github.com/0xAX/linux-insides/blob/master/Theory/asm.md
21、Injecting CSP for Fun and Security
http://research.sidstamm.com/papers/csp_icissp_2016.pdf
22、反向端口转发工具 v 1.0
https://github.com/ring04h/rtcp2udp
23、恶意欺诈软件病毒关闭电厂和水厂
http://thehackernews.com/2016/04/power-ransomware-attack.html
24、如何计划和执行现代安全事件响应
https://www.gartner.com/doc/reprints?ct=160427&id=1-34IIH00&st=sb
25、SSH for Fun and Profit
https://karla.io/2016/04/30/ssh-for-fun-and-profit.html
26、BotConf 2016会议的PPT和视频
https://www.botconf.eu/botconf-2015/final-programme/
27、反向工程发现atm skimmer
https://trustfoundry.net/reverse-engineering-a-discovered-atm-skimmer/
28、coreboot 4.4发行
https://firmwaresecurity.com/2016/05/02/coreboot-4-4-released/
29、php的system函数禁止时,获取shell访问
文章原文链接:https://www.anquanke.com/post/id/83853