技术类:

http://www.hexacorn.com/blog/2016/07/09/pefix-simple-pe-file-re-aligner/

PEFix:简单修复从内存中dump出的pe文件内存页大小的问题

http://www.phillips321.co.uk/2016/07/09/hashcat-on-os-x-getting-it-going/

在OSX上运行hashcat

https://marcograss.github.io/security/linux/2016/07/09/this-url-will-crash-wget.html

可以crash掉ubuntu wget的一串url字符

https://danielgrzelak.com/exploring-an-aws-account-after-pwning-it-ff629c2aae39#.gg0q37pfv

当你获取到一个amazon帐号后的post-compromise(后渗透攻击)思路

https://danielgrzelak.com/backdooring-an-aws-account-da007d36f8f9#.qhq0hycnu

后门一个aws帐号(主要是讲当获取到一个AWS帐号后,如何维持权限)

http://www.shellntel.com/blog/2016/7/7/smart-smb-brute-forcing

Invoke-SMBAutoBrute.ps1 :智能SMB破解工具

https://www.youtube.com/watch?v=vE8Xu97SSQg&feature=youtu.be

使用Rvictl实现IOS包捕捉

https://decentsecurity.com/#/holiday-tasks/

优化和安全你的windows系统

https://github.com/chrislgarry/Apollo-11/

Apollo(阿波罗11号)导航计算机(AGC)的源代码

https://msdn.microsoft.com/en-us/powershell/wmf/5.1/features-scenarios-cache/ps-engine-enhancements

powershell 5.1的引擎增强

https://medium.com/@ArmandGrillet/comparison-of-container-schedulers-c427f4f7421#.b8dxbhpvi

比较不同容器的调度功能

http://www.vulnerability-lab.com/get_content.php?id=1737

http://www.vulnerability-lab.com/get_content.php?id=1736

BMW ConnectedDrive POC:包括客户端token xss,VIN会话漏洞。这两个漏洞的相关新闻报道可以参考http://news.softpedia.com/news/zero-days-in-bmw-web-portal-let-hackers-tamper-with-customer-cars-506103.shtml

http://garwarner.blogspot.com/2016/07/kelihos-botnet-delivering-dutch.html

Kelihos 僵尸网络开始分发wildfire恶意欺诈勒索软件

http://ly0n.me/2015/07/30/bypass-aslr-with-partial-eip-overwrite/

通过部分eip重写绕过ASLR

https://assets.documentcloud.org/documents/2972678/Lawsuit-charges-Assad-military-killed-American.pdf

OPSEC行动,可以利用卫星和移动电话跟踪战争区域的记者的skype,然后杀死他们

https://gist.github.com/elliptic-shiho/1d5adeb4f3d99b66b2998582d471c6ff

SECUINSIDE CTF 2016: SBBS Writeup

https://github.com/AndroBugs/AndroBugs_Framework

AndroBugs 框架:可以帮助开发者和黑客有效寻找andorid应用程序潜在漏洞的框架

http://www.ijcaonline.org/volume24/number9/pxc3874002.pdf

以色列的安全系统中的个人身份识别之生物识别系统

https://crack.sh/mschapv2.html

MSCHAPv2 / (NT)LMv1破解,并提供在线收费破解

https://github.com/0xAX/linux-insides/blob/master/SyncPrim/sync-6.md

linux内核中的Sequential locks(顺序锁)

http://phobosys.de/blog_july_16.html

微软64位系统中的FASM调用约定

http://www.instructables.com/id/MyLittlePwny-Make-a-self-powered-pentesting-box-/

基于树莓派构建一个渗透测试工具箱

https://github.com/gentilkiwi/mimikatz/releases

mimikatz 发布 2.1 alpha 20160709 (oe.eo) ,增加可以提取chrome中的cookies功能

https://github.com/client9/libinjection

SQL / SQLI 词法解析分析器

http://blog.brian.jp/python/png/2016/07/07/file-fun-with-pyhon.html

在png文件中隐藏payload

https://visuallyexplainedpentest.barricade.io/?utm_content=bufferb001c&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer

通过可视化来解释渗透测试流程

http://securityblog.gr/3504/how-to-delete-a-folder-in-use/

windows下如何删除正在使用的文件夹

http://jvns.ca/blog/2016/07/03/debugging-tools-i-love/

我最喜欢的linux下的debugging工具

https://bugs.chromium.org/p/project-zero/issues/detail?id=856#c_ts1468003102

PaX: reference count overflow mitigation can be bypassed by racing       

https://www.ibr.cs.tu-bs.de/users/kurmus/papers/acsac13.pdf

实现一个硬件驱动的后门

http://www.cise.ufl.edu/~traynor/papers/scaife-icdcs16.pdf

研究人员研发出阻止勒索软件的新方法[阻止勒索软件看到文件系统]

https://0ang3el.blogspot.ru/2016/07/beware-of-ws-xmlrpc-library-in-your.html

小心应用ws-xmlrp库在你的java应用中

https://kristaps.bsd.lv/letskencrypt/

letskencrypt :一个安全的加密客户端

https://raymii.org/s/articles/Decrypt_NitroKey_HSM_or_SmartCard-HSM_private_keys.html

从HSM/SmartCard-HSM中提取/解密RSA密钥

https://gist.github.com/cure53/521c12e249478c1c50914b3b41d8a750

The Scriptless Scriptlet

https://github.com/epinna/tplmap

服务端模板注入检测和利用工具

https://www.troopers.de/media/filer_public/45/b6/45b61ede-cffa-484d-8064-067c76b200cf/attilamarosihacking_finspy_v016.pdf

来自troopers会议的ppt:hacking FinSpy

https://www.troopers.de/wp-content/uploads/2013/11/TROOPERS14-Making-and_Breaking-an_802.15.4_WIDS-Sergey_Bratus+Javier_Vazquez+Ryan_Speers.pdf

来自troopers会议的ppt: MAKING (AND BREAKING) AN 802.15.4 WIRELESS IDS

https://heimdalsecurity.com/blog/javascript-malware-explained/

面向小白用户的javascript恶意软件的解释和防护

资讯类:

http://news.softpedia.com/news/clones-of-recent-pokemon-go-android-app-are-spreading-droidjack-rat-malware-506137.shtml

修改版的Pokemon GO (口袋妖怪)andorid应用程序派发DroidJack木马

http://www.csoonline.com/article/3092720/security/fbi-chief-says-guccifer-lied-about-hacking-into-clintons-email-server.html?utm_source=dlvr.it&utm_medium=twitter#tk.rss_all

FBI首席执行官说Gucciferz在黑克林顿邮件服务器的事件中说谎了

http://securityaffairs.co/wordpress/49184/cyber-crime/nettraveler-apt.html

NetTraveler APT组织还是针对欧洲和俄罗斯的利益

http://motherboard.vice.com/read/hackers-allegedly-steal-14m-passwords-from-mac-forums-web-hosting-talk

黑客在暗网销售 Mac Forums和HotScripts.com的数据

https://threatpost.com/dropping-elephant-apt-targets-old-windows-flaws/119123/

大象APT组织使用老的windows漏洞施行攻击

https://www.hackread.com/anonymous-ddos-zimbabwe-government-sites/

匿名者开始DDoS津巴布韦政府网站

数据泄露信息:

黑客公开下载80,000 份Amazon kindle用户的登录凭证,下回来确认后,其实是一些调试接口泄露的信息。

全球支付网关BlueSnap数据泄露:包括IP, Email, Phone Number, Address, First and last name, Zip, Credit Card信息