1.通过内核监控进程创建 (第一部分)
https://objective-see.com/blog.html
2.使用javascript反向工程IOS9
https://www.nowsecure.com/blog/2015/11/16/ios-9-reverse-engineering-with-javascript/
3.MS15-116分析:无返回的解析指针
http://sourceincite.com/2015/11/16/ms15-116-parse-the-pointer-of-no-return/
4.flare ida pro脚本系列:自动化函数参数提取
https://www.fireeye.com/blog/threat-research/2015/11/flare_ida_pro_script.html
5.Mediajacking技术:偷偷使用你的摄像头(可以是GPS,手机)
http://blog.breathless.space/mediajacking-unintentional-photography/
6.老外对移动社交APP探探的隐私分析
https://www.larrysalibra.com/how-chinese-tinder-clone-screws-you/
7.GOOGLE AOSP Email APP的HTML注入漏洞
https://labs.integrity.pt/articles/google-aosp-email-app-html-injection-2/
8.linux kernel ctf
https://github.com/mncoppola/Linux-Kernel-CTF
9.fireEye报告:精确定位目标:开拓网络分析诱捕受害者
https://www2.fireeye.com/rs/848-DID-242/images/rpt-witchcoven.pdf
10.XSS在<input type=hidden>的挖掘
http://blog.portswigger.net/2015/11/xss-in-hidden-input-fields.html
11.如何反向工程andorid应用程序
http://darkmatters.norsecorp.com/2015/07/15/how-to-reverse-engineer-android-applications/
12.CC如何隐藏通信
13.getHead:HTTP 头漏洞分析工具
https://httphacker.github.io/gethead/
14.混淆Windows DLL
http://users.elis.ugent.be/~brdsutte/research/publications/2015SPROabrath.pdf
15.使用scapy做扫描器的一些技巧
https://isc.sans.edu/forums/diary/Scanning+tricks+with+scapy/20381/
16.RCTF 2015 pwn 200 ROP writeup
https://www.whitehatters.academy/rctf-2015-pwn-200/
17.D-Link DIR-815, DIR-850L – SSDP 命令注入漏洞POC
https://www.exploit-db.com/exploits/38715/
18.D-Link DIR-890L/R:存有多个缓冲区溢出漏洞POC
https://www.exploit-db.com/exploits/38716/
19.D-Link DIR-866L:存有多个缓冲区溢出漏洞POC
https://www.exploit-db.com/exploits/38717/
20.D-Link DIR-818W: 存有缓冲区溢出和命令执行漏洞POC
https://www.exploit-db.com/exploits/38719/
21.D-Link DIR-817LW:存有缓冲区溢出和命令执行漏洞POC
https://www.exploit-db.com/exploits/38720/
22.卡巴杀毒:证书处理时的路径遍历漏洞POC
https://www.exploit-db.com/exploits/38734/
23.恶意二进制重构辅导教程
http://int0xcc.svbtle.com/a-guide-to-malware-binary-reconstruction
评论