技术类:
Apple EFI固件密码和SCBO的秘密
https://reverse.put.as/2016/06/25/apple-efi-firmware-passwords-and-the-scbo-myth/
研究人员在维也纳度假时遇到的ATM Skimmer
http://thehackernews.com/2016/06/atm-skimmer.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Security+Blog%29
Security Onion 提供安全/匿名上网的LINUX发行版
https://security-onion-solutions.github.io/security-onion/
使用多字节字符绕过sql WAF
http://howto.hackallthethings.com/2016/06/using-multi-byte-characters-to-nullify.html
Cloakify:开源的Data Exfiltration工具
https://github.com/trycatchhcf/cloakify
From LFI to RCE in php
https://dustri.org/b/
facebook bug:可以删除任意视频(已经修复)
http://www.pranavhivarekar.in/2016/06/23/facebooks-bug-delete-any-video-from-facebook/
Windows: NtCreateProcessEx 空指针引用POC
https://bugs.chromium.org/p/project-zero/issues/detail?id=852#c_ts1466850084
Apple OS X 10.10 系统安全辅导
http://csrc.nist.gov/publications/drafts/800-179/sp800_179_draft.pdf
使用kali实现evil twin攻击
https://www.cybrary.it/0p3n/evil-twin-attack-using-kali-linux/
uber攻击:渗透测试人员如何从bug到bereach
https://nakedsecurity.sophos.com/2016/06/24/uber-under-attack-how-penetration-testers-turn-bugs-into-breaches/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+nakedsecurity+%28Naked+Security+-+Sophos%29
我如何被黑以及丢掉我的工作的
https://heimdalsecurity.com/blog/true-story-time-got-hacked-lost-work/?utm_content=buffer6b7d2&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
dorothy2:用ruby编写的恶意软件/僵尸网络分析框架
https://github.com/m4rco-/dorothy2
从编程和GPU破解角度讲解密码安全
https://www.troyhunt.com/our-password-hashing-has-no-clothes/
secant:给云作安全评估的工具
https://github.com/CESNET/secant
浏览器exploi pack,可用于辅助进行内网攻击
https://github.com/julienbedard/browsersploit
CVE-2016-5699 POC
https://github.com/bunseokbot/CVE-2016-5699-poc
Pornhub的svn服务可访问,导致源码泄露,漏洞发现者获得了1W美金奖励
https://hackerone.com/reports/72243
回顾这一年多款杀软自身的漏洞
http://blog.ptsecurity.com/2016/06/antivirus-as-threat.html
受雇的黑客是如何完全控制Palantir(大数据公司)的
https://www.buzzfeed.com/williamalden/how-hired-hackers-got-complete-control-of-palantir
恶意软件可以使用风扇噪音从空气中提取计算机数据
http://news.softpedia.com/news/malware-can-use-fan-noise-to-exfiltrate-data-from-air-gapped-systems-505623.shtml?utm_content=bufferc9615&utm_medium=social&utm_source=linkedin.com&utm_campaign=buffer
绕过保护,访问敏感数据
http://reverseengineeringtips.blogspot.com/2016/06/bypassing-protections-exploiting.html
资讯类:
黑客在暗网销售651,894份医疗记录
http://news.softpedia.com/news/hacker-selling-651-894-patient-records-on-the-dark-web-505680.shtml
网络广告公司InMobi通过WIFI暗中跟踪用户,被罚$950,000
http://news.softpedia.com/news/ad-network-fined-950-000-for-secretly-tracking-users-via-nearby-wifi-signals-505602.shtml?utm_content=buffer4e92e&utm_medium=social&utm_source=linkedin.com&utm_campaign=buffer
新的ICS恶意软件攻击SCADA系统
https://securityintelligence.com/news/new-ics-malware-irongate-channels-stuxnet-to-scam-scada-systems/
黑客泄露美国军方个人数据
https://www.hackread.com/ghost-squad-hackers-leak-us-military-data/
通过tor的xmpp中间人攻击
https://tech.immerda.ch/2016/03/xmpp-man-in-the-middle-via-tor/
PunkeyPOS已经窃取千万信用卡号
http://securityaffairs.co/wordpress/48742/malware/punkeypos-impacts-millions-via-infected-restaurants.html
联邦储备银行从2011-2015年至少被黑了50次
http://venturebeat.com/2016/06/04/federal-reserve-bank-was-hacked-more-than-50-times-between-2011-and-2015/
Locky欺诈勒索软件回来了:已经感染了49个域名
http://securityaffairs.co/wordpress/48725/malware/locky-ransomware-back.html
数据泄露消息:
有人泄露了2016年3月18月前的17.media的数据库,数据比较杂,没有暗网卖的那份数据格式规整,其中包含邮箱的有1995016条,含有QQ邮箱的有974184条,含有126/163邮箱的有175257条,使用IOS手机的用户有1234068条,使用android手机的用户有760947条