技术类:

安全ubuntu服务器的指南

http://www.codelitt.com/blog/my-first-10-minutes-on-a-server-primer-for-securing-ubuntu/

反向工程 HID iClass Master Keys

https://blog.kchung.co/reverse-engineering-hid-iclass-master-keys/

介绍osquery在威胁检测与取证领域的应用

https://komunity.komand.com/learn/featured/introduction-to-osquery-for-threat-detection-dfir/

参加Bug Bounty 这5年

https://medium.com/@collingreene/bug-bounty-5-years-in-c95cda604365#.7wiqiihuz

TrustZone内核提权 (CVE-2016-2431) 分析

https://bits-please.blogspot.com/2016/06/trustzone-kernel-privilege-escalation.html

DDN Default SSH Keys

https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-ddn-default-ssh-keys-advisory-2016-06-15.pdf

DIY遗传恶意软件:埃博拉

https://www.okta.com/blog/2016/06/diy-genetic-malware-ebowla/

来自first会议的ppt:Detecting Lateral Movement in APTs,first会议有许多不错的移动,网络取证方面的资料

https://www.first.org/resources/papers/conf2016/FIRST-2016-105.pdf

AdobeUpdateService 3.6.0.248 :没有引号保护的服务路径,有可能导致权限提升

https://www.exploit-db.com/exploits/39954/

微软MS16-071公告:RCE in Windows DNS Server

https://technet.microsoft.com/en-us/library/security/ms16-jun

微软MS16-077公告:Security update for WPAD

https://support.microsoft.com/en-us/kb/3165191

恶意软件作者现在使用OLE嵌入恶意宏

https://blogs.technet.microsoft.com/mmpc/2016/06/14/wheres-the-macro-malware-author-are-now-using-ole-embedding-to-deliver-malicious-files/

针对 Windows Application Compatibility Cache的取证分析

https://www.fireeye.com/blog/threat-research/2015/10/shim_shady_live_inv.html

暴力破解比特B钱包的工具

https://github.com/glv2/bruteforce-wallet

KeyLemon脸部识别绕过

http://seclists.org/fulldisclosure/2016/Jun/31

不再支持的teamviewer版本被用来做有后门版的teamviewer

http://blog.trendmicro.com/trendlabs-security-intelligence/unsupported-teamviewer-versions-exploited-backdoors-keylogging/

新类型的鱼叉钓鱼攻击针对IT专业人士

https://blog.knowbe4.com/new-type-of-spear-phishing-directly-targeted-at-it-pros

foxitsecurity出的MoFang APT报告

https://foxitsecurity.files.wordpress.com/2016/06/fox-it_mofang_threatreport_tlp-white.pdf

用于偷取paypal账号的钓鱼策略

https://blog.malwarebytes.com/cybercrime/2016/06/advanced-phishing-tactics-used-to-steal-paypal-credentials/

资讯类:

朝鲜偷韩国f-15战斗机的蓝图和其他42000份敏感资料

https://www.grahamcluley.com/2016/06/north-korea-stole-15-blueprints-42000-defense-related-documents-south-korea/

贩卖被黑服务器的xDedic 地下市场

https://www.helpnetsecurity.com/2016/06/15/xdedic-underground-market/

Greenwich 大学遭到复仇攻击,导致大量数据泄露

https://www.hackread.com/greenwich-university-hacked-data-leaked/