一些不错的技术文章 2015-04-03

杀戮 (有事请 at 大号园长) | 2015-04-03 18:36

report

Open Crypto Audit Project TrueCrypt LINK

Android Security 2014 Year in Review LINK

web:

The story of a pentester recruitment LINK

Scriptless attacks via CSS LINK

hacking wordpress LINK

Critical vulnerabilities in JSON Web Token libraries LINK

Website Malware – The SWF iFrame Injector Evolves LINK

二进制:

SQLite prepared statement use-after-free – [A local PHP exploit] LINK

Research Spotlight: FreeSentry Mitigating use-after-free Vulnerabilities LINK

advanced pdf tricks LINK

Finding Holes LINK

移动:

Pawn Storm: Malware on iOS devices? LINK

Instrumenting Android Applications with Frida LINK

A timeline of mobile botnets LINK

other

Using the docker command to root the host LINK

PS: 利用docker特性获取权限

How to own any windows network with group policy hijacking attacks LINK

PS: 内网相关,这家实验室的都是干货。

THE SAD STATE OF SMTP ENCRYPTION LINK

PS: 加密

Recovering deleted records from an SQLite database (updated) LINK

PS: 从sqlite中恢复数据

poweliks command line confusion LINK

Detection, analysis and display of attacks using Honeypots LINK

PS: 基于蜜罐的数据分析

Optical Delusions: A Study of Malicious QR Codes in the Wild LINK

PS: 恶意二维码

Enough With the Salts: Updates on Secure Password Schemes LINK

PS: 加密

会议

SyScan 2015

Hacking With Pictures LINK

Modern Binary Exploitation LINK

PS:大量二进制干货