1、Angular 表达式注入挑战解题思路
http://ryhanson.com/angular-expression-injection-walkthrough/
2、保护windows网络之应付Credential窃取
https://dfirblog.wordpress.com/2015/11/24/protecting-windows-networks-dealing-with-credential-theft/
3、遇到恶意欺诈软件时的处理手册
https://www.demisto.com/playbooks/playbook-for-handling-ransomware-infections/
4、攻击cisco tacacs,绕过CISCO的认证
http://agrrrdog.blogspot.ca/2015/11/3-attacks-on-cisco-tacacs-bypassing.html
5、samy新玩具:MagSpoof:"wireless"信用卡/磁条欺骗,演示视频地址https://www.youtube.com/watch?v=UHSFf0Lz1qc&feature=youtu.be,代码地址https://github.com/samyk/magspoof
6、如何让基于浏览器的加密客户端工作在不知道的私钥情况下
https://github.com/diafygi/gethttpsforfree#how-this-website-works
7、haka:高级包处理语言
http://thisissecurity.net/2015/11/23/hackers-do-the-haka-part-1/
8、检测Mimikatz在你内网的使用
https://isc.sans.edu/forums/diary/Detecting+Mimikatz+Use+On+Your+Network/19311
9、今天ioactive发布了2个联想的安全公告,一个是联想系统更新会新建不安全的管理员随机密码,另一个是联想TVSUkernel权限提升漏洞
http://www.ioactive.com/labs/advisories.html
10、amazon aws java sdk漏洞披露
https://blog.srcclr.com/amazon-aws-sdk-for-java-vulnerability-disclosure/
11、事件响应工具列表
https://github.com/meirwah/awesome-incident-response
12、CC服务检测方法与最佳实践
13、ANDORID恶意软件从PNG文件中释放banker
http://b0n1.blogspot.it/2015/11/android-malware-drops-banker-from-png.html
14、betwixt:基于chrome DevTools网络面板的web Debugging代理
https://github.com/kdzwinel/betwixt
15、VoIP Wars: Destroying Jar Jar Lync (exploit demonstration)
https://www.youtube.com/watch?v=hwDD7K9oXeI&feature=youtu.be
16、分析与攻击Botnet
http://arxiv.org/pdf/1511.06090v1.pdf
17、适当的隐蔽通道
http://blog.cobaltstrike.com/2015/11/24/appropriate-covert-channels/
18、pinvoke:从powershell中调用windows api
19、HTTP-Login.ps1:http basic认证破解的PS脚本
https://github.com/rvrsh3ll/Misc-Powershell-Scripts/blob/master/HTTP-Login.ps1
20、能导致windows提权的几个因素
http://toshellandback.com/2015/11/24/ms-priv-esc/
21、当你的wordpress被黑,botnet会做什么?比如建立假的flash和node.js下载等等
http://betamode.de/2015/11/23/what-happens-if-your-wordpress-is-hacked/
22、技术分析tdrop2恶意软件
文章原文链接:https://www.anquanke.com/post/id/82987
