技术类:

docker 1.12快速入门

https://zwischenzugs.wordpress.com/2016/06/23/a-quick-tour-of-docker-1-12/

2016年导致被黑客脱裤的常用技术

http://www.aim.ph/blog/top-causes-data-breach-2016/

WordPress: 4.5.3  补丁更新

http://permalink.gmane.org/gmane.comp.security.oss.general/19833?utm_source=twitterfeed&utm_medium=twitter

渗透测试 VS 红队攻击

https://community.rapid7.com/community/infosec/blog/2016/06/23/penetration-testing-vs-red-teaming-the-age-old-debate-of-pirates-vs-ninja-continues

使用burpsuite新建一个登陆宏

http://fvaahe.com/creating-a-login-macro-for-burp-suite/

著名Nuclear Exploit Kit 关闭了

http://blog.checkpoint.com/2016/06/23/the-infamous-nuclear-exploit-kit-shuts-down/

通过swagger参数注入实现远程代码执行 (CVE-2016-5641)

https://community.rapid7.com/community/infosec/blog/2016/06/23/r7-2016-06-remote-code-execution-via-swagger-parameter-injection-cve-2016-5641

Ethical Hacking + 顶级黑客工具快速指南

https://www.checkmarx.com/2016/05/16/quick-guide-ethical-hacking-top-hacking-tools/?utm_content=buffer46122&utm_medium=social&utm_source=buffer&utm_campaign=buffer

从rop到lop绕过控制流

https://marcoramilli.blogspot.com.es/2016/06/from-rop-to-lop-bypassing-control-flow.html

当你的账号被黑后,如何控制损失扩大

https://heimdalsecurity.com/blog/account-hacked-heres-control-damages/?utm_content=buffera9e28&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer

为什么DNC黑客"Guccifer 2.0"说这些?(一直有评论怀疑是俄政府在幕后支持这个黑客或者是为了转移注意力)

https://motherboard.vice.com/read/why-does-dnc-hacker-guccifer-20-talk-like-this

非常好的针对uber bug的writeup,从前期侦察到列举到exploit到pivot到proof

https://labs.integrity.pt/articles/uber-hacking-how-we-found-out-who-you-are-where-you-are-and-where-you-went/

certigo:命令行下验证不同格式证书文件的开源工具

https://github.com/square/certigo

MSsql盲注指南

http://infoseczone.net/mssql-blind-sql-injection-tutorial-step-step/

后门工厂BDF的预处理使用以及编写指南

http://secureallthethings.blogspot.in/2016/06/bdf-preprocessor-and-going-forward.html

python 编写的XSS/SQLi 开源爬虫

https://github.com/DanMcInerney/xsscrapy

火眼实验室发布的可以从恶意软件中提取混淆字符串的工具,相关文章在https://www.fireeye.com/blog/threat-research/2016/06/automatically-extracting-obfuscated-strings.html

https://github.com/fireeye/flare-floss/

针对cve-2016-0189的补丁分析

http://theori.io/research/cve-2016-0189

监视和调优linux网络栈

http://blog.packagecloud.io/eng/2016/06/22/monitoring-tuning-linux-networking-stack-receiving-data/

硬件辅助的Rootkits与指令(ARM版)

http://pages.endgame.com/rs/627-YBU-612/images/hardware-assisted-rootkits-ARM_spisak.pdf

资讯类:

黑客窃取数百万印度航空旅客的里程数

http://www.infosecurity-magazine.com/news/hackers-millions-of-air-india/

GozNym银行木马重定向攻击美国用户

http://news.softpedia.com/news/goznym-banking-trojan-hits-the-us-with-redirection-attacks-505552.shtml