1.IOS远程热补丁的风险和好处
https://www.fireeye.com/blog/threat-research/2016/01/hot_or_not_the_bene.html
2.由avicoder重新排版后的AlephOne的经典文章Smashing the Stack for Fun & Profit
https://avicoder.me/2016/02/01/smashsatck-revived/
3.android反向工程框架Lobotomy 1.2发行
https://github.com/LifeForm-Labs/lobotomy/releases/tag/1.2
4.使用bettercap和sparkle更新实现针对osx的大量pwn
5.评估Oralce E-Business suite 11i (条件竞争漏洞)
http://www.davidlitchfield.com/AssessingOraclee-BusinessSuite11i.pdf
6.osx中的一些脆弱应用程序
https://vulnsec.com/2016/osx-apps-vulnerabilities/
7.mutillidae 2.6.35发行:更新BEEF的帮助文档
http://sourceforge.net/projects/mutillidae/files/
8.在线APK反编译网站
http://www.javadecompilers.com/apk
9.针对一些外国VPN提供商的隐私比较视图
10.在Android 5.x上真实世界的Stagefright利用笔记
11.反向工程在线游戏
http://0xbaadf00dsec.blogspot.in/2016/01/reverse-engineering-online-games.html
12.DFIR(数字取证和事件响应)新手入门
http://sroberts.github.io/2016/01/11/introduction-to-dfir-the-beginning/
13.绕过XSS过滤器
http://www.sjoerdlangkemper.nl/2016/01/29/circumventing-xss-filters/
14.一个burpsuite插件用来检测网站弱csp策略
https://github.com/moloch–/CSP-Bypass
15.Bindead :二进制静态分析工具
https://bitbucket.org/mihaila/bindead/wiki/Home
16.从linux到windows:新的跨平台后门家族被发现
17.木马隐藏在google play games
https://www.grahamcluley.com/2016/01/android-trojan-steganography/
18.恶意office文件捆绑kaside和dridex后门
http://research.zscaler.com/2016/01/malicious-office-files-dropping-kasidet.html
19.Antiy实验室发布的CVE-2015-8651分析
http://www.antiy.net/p/an-analysis-on-the-principle-of-cve-2015-8651/
20.openssl在Diffie-Hellman协议中重复使用不安全的素数
http://www.kb.cert.org/vuls/id/257823
21.隐藏在tor后门的apache服务,能够通过status页面泄露敏感信息
http://www.dailydot.com/politics/apache-server-status-tor/
22.使用bro分析rdp流量
https://speakerdeck.com/jshlbrd/analyzing-rdp-traffic-with-bro
23.硬件和固件攻击:防护,检测和响应
https://code.facebook.com/posts/182707188759117
24.各种脚本语言的一句话开启http服务的checksheet