1、2015年安全会议视频收集

https://www.tunnelsup.com/online-security-conferences/

2、趋势node.js http服务器监听localhost能够导致命令执行

https://code.google.com/p/google-security-research/issues/detail?id=693

3、ebay的一个站点漏洞允许黑客偷取用户密码(XSS)

https://motherboard.vice.com/read/a-flaw-on-ebays-site-allowed-hackers-to-steal-users-passwords

4、#PoC for #firefox x-origin info leak (CVE-2015-7215) 需要用户交互

http://pastebin.com/raw/rXFL8LnH

5、几款路由器的默认wpa/wep密钥生成器

https://github.com/routerkeygen/routerkeygenAndroid

6、探索p2p僵尸网络

http://www.malwaretech.com/2016/01/exploring-peer-to-peer-botnets.html

7、BlackEnergy .XLS Dropper分析

https://isc.sans.edu/forums/diary/BlackEnergy+XLS+Dropper/20601/

8、ZeroAccess,创新的恶意软件 [一份2013年的分析报告]

http://www.andrea-allievi.com/blog/zeroaccess-sirefef-analysis/

9、metasploit新加86/Bitmap polyglot encoder,可以发送简历给目标了 🙂

https://github.com/rapid7/metasploit-framework/pull/6441

10、PrivaTegrity:新的匿名工具的介绍

http://blog.hackersonlineclub.com/2016/01/introducing-new-more-anonymity-tool.html

11、Ransom32 :查看这款恶意欺诈软件的包结构

https://blog.malwarebytes.org/intelligence/2016/01/ransom32-look-at-the-malicious-package/

12、车载呼吸机制造商公司遭到黑客攻击,内部文档在暗网曝光

http://motherboard.vice.com/read/car-breathalyzer-company-gets-hacked-internal-docs-dumped-on-dark-web