1、inVtero.net:使用微架构独立的虚拟机机自省技术DUMP内存的工具
https://github.com/ShaneK2/inVtero.net
2、matadata调查:HackingTeam内部调查
3、windows 沙盒攻击面分析
http://googleprojectzero.blogspot.in/2015/11/windows-sandbox-attack-surface-analysis.html
4、Visual Studio GDB Debugger
https://visualstudiogallery.msdn.microsoft.com/35dbae07-8c1a-4f9d-94b7-bac16cad9c01
5、使用vDSO复写绕过SMEP
6、在限制的环境下使用ngrok代理内部服务
https://shubh.am/using-ngrok-to-proxy-internal-servers-in-restrictive-environments/
7、不用Meterpreter时进行Post-Exploitation
http://blog.cobaltstrike.com/2015/11/18/flying-a-cylon-raider/
8、确认智能卡是否在登录状态
http://digirati82.com/2015/11/18/determine-if-a-smart-card-was-used-for-logon/
9、Docker内容信任获取硬件签名
https://blog.docker.com/2015/11/docker-content-trust-yubikey/
10、即使是LastPass的会被人盗用,对付它!
http://www.martinvigo.com/even-the-lastpass-will-be-stolen-deal-with-it/
11、Ruxon 2015徽章第二部分:编程
http://www.drkns.net/ruxcon-badge-2015-programming/
12、APK Studio:跨平台基于QT5的ANDROID应用反向工程的IDE
http://github.vaibhavpandey.com/apkstudio/
13、RTL-SDR ADS-B 和 ACARS 的树梅派Docker镜像
http://www.rtl-sdr.com/raspberry-pi-docker-images-for-ads-b-and-acars-with-the-rtl-sdr/
14、java反序列化利用工具
https://github.com/njfox/Java-Deserialization-Exploit
15、IBM i Access 7.1:缓冲区溢出代码执行
https://www.exploit-db.com/exploits/38751/
16、google的virustotal现在能自动分析OSX恶意软件了
https://nakedsecurity.sophos.com/2015/11/18/google-virustotal-now-with-autoanalysis-of-os-x-malware/
评论