1、Grub2 认证绕过0DAY
http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html
2、fireye远程利用分析
http://googleprojectzero.blogspot.tw/2015/12/fireeye-exploitation-project-zeros.html
3、DeepSec 2015安全会议PPT
https://deepsec.net/docs/Slides/2015/
4、Linux逃逸新技术
https://www.sentinelone.com/blog/breaking-and-evading/
5、CVE-2015-8000:bind严重远程漏洞
https://kb.isc.org/article/AA-01317/
6、Android.ZBot银行木马使用“web注入“技术偷敏感数据
http://news.drweb.com/show/?i=9754&lng=en&c=5
7、揭秘利用PowerShell的数据窃取活动
http://www.fireeye.com/blog/threat-research/2015/12/uncovering_activepower.html
8、fileless攻击日趋复杂,检测技术面临挑战
https://blogs.mcafee.com/mcafee-labs/detecting-undetectable-growing-sophistication-fileless-attacks/
9、#BadWinmail: outlook企业杀手攻击,演示视频在https://www.youtube.com/watch?v=ngWVbcLDPm8&feature=youtu.be
https://sites.google.com/site/zerodayresearch/BadWinmail.pdf?attredirects=0
10、libreOffice多个远程代码执行漏洞
http://www.securityfocus.com/bid/77486
11、一些蜜罐系统收集
http://www.kitploit.com/2015/12/collection-of-awesome-honeypots.html?
12、分析ps4安全和破解进度
https://cturt.github.io/ps4.html
13、IDAPython入门辅导
https://leanpub.com/IDAPython-Book
14、Joomla 1.5 – 3.4.5对象注入RCE
https://www.exploit-db.com/exploits/38977/
15、Loki:简单的IOC和事件响应扫描器
https://github.com/Neo23x0/Loki
16、TCP注入攻击检测技术
https://lists.torproject.org/pipermail/tor-relays/2015-December/008307.html
17、odt2txt:转换openDocument文本到plaintext,便于做diff的工具
https://github.com/dstosberg/odt2txt/
18、ZDI-15-639:execl远程代码执行0day