资讯类

Meltdown & Spectre 漏洞补丁导致Ubuntu 16.04无法启动

https://www.bleepingcomputer.com/news/software/meltdown-and-spectre-patches-causing-boot-issues-for-ubuntu-16-04-computers/

macOS又爆出密码漏洞：macOS High Sierra’s App Store系统偏好设置可被任意密码解锁

https://twitter.com/zackwhittaker/status/951143200470728704

https://www.reddit.com/r/netsec/comments/7pi8lk/macos_high_sierras_app_store_system_preferences/

https://www.macrumors.com/2018/01/10/macos-high-sierra-app-store-password-bug/

http://openradar.appspot.com/36350507

WhatsApp漏洞可使潜在的攻击者监控加密群聊

http://thehackernews.com/2018/01/whatsapp-encryption-spying.html

技术类

CVE-2017-17485  jackson-rce-via-spel PoC

https://github.com/irsl/jackson-rce-via-spel

看我如何逆向OBi200 Google Voice Appliance：Part 3

https://randywestergren.com/reverse-engineering-obi200-google-voice-appliance-part-3/

一些Wget常用命令

https://n0where.net/howto-wget-command-examples

WPA3新特性解释 – 什么是WPA3？

http://rootsaid.com/wpa3-features-explained/

SANS Christmas Challenge 2017 Writeup

https://allyourbase.utouch.fr/posts/2018/01/10/sans-christmas-challenge-2017/

学习如何用汇编（ARM 32位）编写TCP bind Shell

https://azeria-labs.com/tcp-bind-shell-in-assembly-arm-32-bit/

Parity Ethereum Client <= v1.6.10 Dapp浏览器webproxy token reuse同源策略绕过（含PoC）

https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-18016

CVE-2017-4946：VMware Horizon desktop agent 提权漏洞

https://gosecure.net/2018/01/10/vmware-horizon-v4h-v4pa-desktop-agent-privilege-escalation-vulnerability-cve-2017-4946/

WordPress Plugin Events Calendar event_id SQL Injection

https://cxsecurity.com/issue/WLB-2018010099

新的移动恶意软件利用分层混淆瞄准俄罗斯银行

http://blog.trendmicro.com/trendlabs-security-intelligence/new-mobile-malware-uses-layered-obfuscation-targets-russian-banks/

自动化的网络攻击武器

https://github.com/dendisuhubdy/cyberweapons

一些黑客攻击武器的Demo

https://github.com/LockGit/Hacking

前渗透信息探测工具集-子域名

https://github.com/coco413/DiscoverSubdomain

PhpSploit：后渗透测试框架

https://n0where.net/stealth-post-exploitation-framework-phpsploit