web和android安全评估方面的cheatsheets

https://github.com/iamthefrogy/Application-Security

使用ELK和Wazuh构建PCI-DSS面板

http://logz.io/blog/how-to-build-a-pci-dss-dashboard-with-elk-and-wazuh/

使用JavaScript 和 COM Scriptlets 进行渗透测试

http://www.labofapenetrationtester.com/2016/05/practical-use-of-javascript-and-com-for-pentesting.html

恶意软件exploit数据库

https://security-base.com:8000/

在线ctf录像

https://blog.forallsecure.com/2016/05/24/live-streaming-security-games/#videos

在现代web应用程序中的csrf

http://rootme.in/csrf-in-modern-web-applications/

windows平台基于CDP和LLDP协议的discovery工具

https://github.com/chall32/LDWin

看不见的劫持,一个案例学习劫持百万IP

https://ripe72.ripe.net/presentations/45-Invisible_Hijacking.pdf

被广告和blackhat seo滥用的Nulled WordPress样式

https://blog.sucuri.net/2016/05/nulled-wordpress-themes-malvertising-black-hat-seo.html

mimikatz 2.1 alpha 20160525 (oe.eo) edition 发行

https://github.com/gentilkiwi/mimikatz/releases

The Return Of the EmPyre

https://www.xorrior.com/the-return-of-the-empyre/

根据前几天报道的RUAG apt行动添加的yara规则

https://github.com/Neo23x0/signature-base/blob/master/yara/apt_ruag.yar

构建下一代洋葱网络

https://blog.torproject.org/blog/mission-montreal-building-next-generation-onion-services

利用.net GUIDs帮助捕捉恶意软件

https://www.virusbulletin.com/virusbulletin/2015/06/using-net-guids-help-hunt-malware

从攻击者视角:取证分析AS劫持

http://www.sigcomm.org/sites/default/files/ccr/papers/2013/April/2479957-2479959.pdf

添加root ca到ios设备

https://www.sensepost.com/blog/2016/too-easy-adding-root-cas-to-ios-devices/

安全评估微软DirectAccess

https://www.ernw.de/download/newsletter/ERNW_Newsletter_53_MS_DA_Security_Assessment_Signed.pdf

waf.js 如何使用javascript保护web应用程序

http://www.slideshare.net/DenisKolegov/wafjs-how-to-protect-web-applications-using-javascript

反向工程微软的kinect

https://learn.adafruit.com/hacking-the-kinect/overview

DEFCON CTF 2016 – heapfun4u 关卡的writeup

https://blahcat.github.io/2016/05/24/defcon-ctf-2016-heapfun4u.html