可通过文件名利用的GraphicsMagick 和 ImageMagick popen() shell漏洞

http://permalink.gmane.org/gmane.comp.security.oss.general/19669

攻破一个同事的wordpress站点

https://notehub.org/5zo2v

Double Free in Standard PHP Library Double Link List [CVE-2016-3132]

(php中的堆分配利用)

http://www.libnex.org/blog/doublefreeinstandardphplibrarydoublelinklist

java应用程序中利用ORM注入的新方法

http://www.slideshare.net/0ang3el/new-methods-for-exploiting-orm-injections-in-java-applications

使用GO实现的安全的,高性能的, OAuth2和OpenID连接服务

https://github.com/ory-am/hydra

hitbsecconf2016ams 会议所有的PPT

https://conference.hitb.org/hitbsecconf2016ams/materials/

WordPress Jetpack 插件中的XSS漏洞

https://blog.sucuri.net/2016/05/security-advisory-stored-xss-jetpack-2.html

WiFi-Pumpkin:提供恶意WIFI访问点进行中间人攻击的工具

https://github.com/P0cL4bs/WiFi-Pumpkin/wiki

Tor浏览器指纹识别demo页面

https://tor.triop.se/

Duqu 2.0 内核利用技术分析,第一部分

https://blogs.technet.microsoft.com/mmpc/2016/05/29/%E2%80%8Bduqu-2-0-kernel-exploitation-technique-analysis-part-1-of-2-2/

HITB CTF 2016 – Binary 300 writeup

http://gnoobz.com/hitb-ctf-2016-binary-300.html

HITB CTF 2016 – Binary 100 writeup

https://ced.pwned.systems/hitb-2016-ctf-bin100-stone-soup.html

HITB CTF 2016 – spc400 – Kitchen on a kitchen Write-up

https://ced.pwned.systems/hitb-2016-ctf-spc400-kitchen-on-a-kitchen.html

Node.js 安全 Checklist

https://blog.risingstack.com/node-js-security-checklist/

在node.js应用中反向SHELL

https://wiremask.eu/writeups/reverse-shell-on-a-nodejs-application/

darkleech混淆:darkleech是一个apache模块用来分发恶意软件

https://blogs.mcafee.com/mcafee-labs/seeing-darkleech-obfuscation-quick-hack-iframes/

CVE-2015-2545:当前威胁观察

https://securelist.com/analysis/publications/74828/cve-2015-2545-overview-of-current-threats/

不同语言中生成安全的随机码

https://paragonie.com/blog/2016/05/how-generate-secure-random-numbers-in-various-programming-languages

mplayer的在解析mp3文件时的越界读漏洞

https://trac.mplayerhq.hu/ticket/2298

一个docker容器用于捕捉所有来自主机的流量

http://linkis.com/jerrygamblin.com/201/h5NoU