Detection Lab简介与使用

https://medium.com/@clong/introducing-detection-lab-61db34bed6ae

 

Avast开源机器码反编译器

https://blog.avast.com/avast-open-sources-its-machine-code-decompiler

 

基于实例的Applocker安全加强方案

https://oddvar.moe/2017/12/13/harden-windows-with-applocker-based-on-case-study-part-1/

https://oddvar.moe/2017/12/13/applocker-case-study-how-insecure-is-it-really-part-1/

 

XXE应用篇实例讲解

https://www.mbsd.jp/blog/20171213.html

 

HIDDEN COBRA技术分析

https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2017/december/hidden-cobra-volgmer-a-technical-analysis/

 

DirecTV:一个愤怒而绝望的故事(CVE-2017-17411)

https://www.zerodayinitiative.com/blog/2017/12/13/remote-root-in-directvs-wireless-video-bridge-a-tale-of-rage-and-despair

 

OSX.Pirrit macOS恶意软件分析 Part3

https://www.cybereason.com/blog/targetingedge-mac-os-x-pirrit-malware-adware-still-active

 

XXE-旧事重提

https://blog.zsec.uk/out-of-band-xxe-2/

 

CSRF Token一次有趣的窃取经历

https://blog.cloudflare.com/the-curious-case-of-caching-csrf-tokens/

 

新的子域名枚举与信息收集工具

https://github.com/jonluca/Anubis

 

Gif diff中的转义问题

https://www.twistlock.com/2017/12/13/hiding-content-git-escape-sequence-twistlock-labs-experiment/

 

Google Chrome 0day PoC

https://www.youtube.com/watch?v=HadpwNlWCXY&feature=youtu.be&a=

 

SCF文件攻击

https://pentestlab.blog/2017/12/13/smb-share-scf-file-attacks/

 

2018构建安全PHP指南

https://paragonie.com/blog/2017/12/2018-guide-building-secure-php-software