PT姿勢:
1.記一次眾測(從XSS到二次SQL注射) by 0h1in9e
2.android客戶端測試checklist by kindsjay
3.ios客戶端測試checklist by kindsjay
4.UTF-8非最短形式及編碼安全問題 by LandGrey
5.Exploiting Misconfigured Apache server-status Instances with server-status_PWN by Mazin Ahmed
防禦姿勢:
1.美團點評業務風控系統構建經驗 by 義哲
2.MASCAT: Stopping Microarchitectural Attacks Before Execution by Gorka Irazoqui、Thomas Eisenbarth、Berk Sunar
3.Hardening Windows 10 with zero-day exploit mitigations by msft-mmpc
4.Google Infrastructure Security Design Overview by Google Cloud
惡意軟體分析:
1.Finfisher rootkit analysis by Artem
逆向分析:
1.內核調試入門教程 by vvalien1;翻譯:shan66
漏洞分析:
1.MS16-137:LSASS遠程拒絕服務漏洞分析 by Nicolas Economou;翻譯:shan66
基礎概念教學:
1.macOS軟件安全系列-軟件內幕篇 by 非蟲
2.A practical guide to RFID badge copying by Sasja Reynaert
工具:
1.BinProxy - A proxy for arbitrary TCP connections by NCC Group Plc
2.nao - dead code eliminator plugin for IDA pro by tkmru
沒有留言:
張貼留言