1、俄罗斯金融犯罪:他们是如何运行和操作的
https://securelist.com/files/2015/11/Kaspersky_Lab_cybercrime_underground_report_eng_v1_0.pdf
2、DELL笔记本的证书问题,可以劫持HTTPS通信,窃取用户隐私,在线检测dellrootcheck.detectify.com
https://www.duosecurity.com/static/pdf/Dude,_You_Got_Dell_d.pdf
3、DefCamp CTF Finals 2015的writeup
https://github.com/p4-team/ctf/blob/master/2015-11-20-dctffinals/README.md
4、CSL Dualcom CS2300-R(在英国最受欢迎的防盗警报信号系统)严重漏洞
http://cybergibbons.com/security-2/csl-dualcom-cs2300-signalling-unit-vulnerabilities/
5、glassRat:一个号称来自China的0检测木马
https://blogs.rsa.com/wp-content/uploads/2015/11/GlassRAT-final.pdf
6、使用glasswire检测网络摄像头和麦克风的使用
https://blog.glasswire.com/2015/11/23/detect-webcam-and-mic-usage-with-glasswire/
7、DockerMaze challenge write-up
http://testpurposes.net/2015/11/23/dockermaze-challenge-write-up/
8、多版本可执行文件防御基于编译器BUG的后门
http://blog.regehr.org/archives/1282
9、copykitten:一个针对以色列外交部的网络攻击组织
https://s3-eu-west-1.amazonaws.com/minervaresearchpublic/CopyKittens/CopyKittens.pdf
10、依托 Botnet 的内幕交易第二部分
https://blogs.mcafee.com/mcafee-labs/a-dummies-guide-to-insider-trading-via-botnet-part-2/
11、PowerShell版本SSL中间人欺骗工具
https://github.com/subTee/Interceptor
12、滥用u2f的'store'健
https://jbp.io/2015/11/23/abusing-u2f-to-store-keys/
13、Practical Invalid Curve Attacks
http://bsidesvienna.at/slides/2015/practical_invalid_curve_attacks_on_tls-ecdh.pdf
14、usenix的paper:硬件exploit变得简单
http://users.ece.cmu.edu/~ejschwar/papers/usenix11.pdf
评论