1.Ebay发布在github上发布生物认证android库

https://github.com/eBay/UAF

2.比较OWASP ModSecurity 2.2.x和3.0.0-dev规则

https://www.netnea.com/cms/2015/12/20/modsec-crs-2-2-x-vs-3-0-0-dev/

3.在office中使用ActiveX控件实现堆喷射

http://www.greyhathacker.net/?p=911

4.静态分析工具PVS-Studio 现在支持c#了

http://www.viva64.com/en/pvs-studio-download/

5.NCN2k15 CTF "CivilWar" writeup

http://www.haibane.org/node/39

6.对后门的后门进行的一些分析(针对 Juniper Dual_EC)

https://rpw.sh/blog/2015/12/21/the-backdoored-backdoor/

7.Sleepy Puppy的Burp Suite扩展

http://techblog.netflix.com/2015/11/sleepy-puppy-extension-for-burp-suite.html

8.strncat中的整型溢出

https://sourceware.org/bugzilla/show_bug.cgi?id=19390

9.dnSpy: .NET反编译,debugger工具

https://github.com/0xd4d/dnSpy/

10.Anti Debugging Tricks (1993年的文章)

http://textfiles.com/programming/antidbg.txt

11.攻击Android的Bound Services

http://blog.thecobraden.com/2015/12/attacking-bound-services-on-android.html?m=1

12.CryptoWall的历史

https://www.botconf.eu/wp-content/uploads/2015/12/OK-P14-Yonathan-Klijnsma-The-Story-of-CryptoWall-a-historical-analysis-of-a-large-scale-cryptographic-ransomware-threat.pdf

13.使用mssql ntlm stealer获取高权限的域信任

http://www.hackwhackandsmack.com/?p=462

14.查找恶意的TOR中继节点

http://marcoramilli.blogspot.tw/2015/12/spotting-malicious-node-relays.html