2016/12/25 資安晨摘

PT姿勢：

1.Hacking the Hackers by Ian French

2.Penetration Testers’ Guide to Windows 10 Privacy & Security by Andrew DoumaFollow

挖洞姿勢：

1.微軟漏洞中國第一人黃正——如何用正確姿勢挖掘瀏覽器漏洞 by 雷鋒網_史中

漏洞分析：

1.CSP Is Dead, Long Live CSP! On the Insecurity of Whitelists and the Future of Content Security Policy by Lukas Weichselbaum、Michele Spagnuolo、Sebastian Lekies、Artur Janc

惡意軟體分析：

1.WINDOWS MANAGEMENTINSTRUMENTATION (WMI)OFFENSE, DEFENSE,AND FORENSICS by William Ballenthin、Matt Graeber、Claudiu Teodorescu

概念教學：

1.談談HSTS超級Cookie by 隱形人真忙

2.VUzzer: Application-aware Evolutionary Fuzzing by Sanjay Rawat、Vivek Jain、Ashish Kumar、Lucian Cojocar、Cristiano Giuffrida、Herbert Bos

3.一種新型的XSSI攻擊向量 by Dennis Goodlett；翻譯 shan66

POC：

1.Bypassing CSP script nonces via the browser cache by Sebastian Lekies

工具：

1.pentestEr_Fully-automatic-scanner by RASSec

2.barf-project by programa-stic

3.CANToolz aka YACHT (Yet Another Car Hacking Tool) by haxf4rall

4.Maybe – See What A Program Does Before Installing by haxf4rall