技术类:

蠕虫通过ftp和http扩散

https://www.guardicore.com/2016/06/the-photominer-campaign/

postgres中间人攻击

https://thusoy.com/2016/mitming-postgres

MS15-106漏洞利用第二部分: JScript ArrayBuffer.slice Memory Disclosure (CVE-2015-6053)

https://blog.coresecurity.com/2016/06/14/exploiting-internet-explorers-ms15-106-part-ii-jscript-arraybuffer-slice-memory-disclosure-cve-2015-6053/

Bears in the Midst: Intrusion into the Democratic National Committee

https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/

websocket历险:认证/授权

https://blog.stratumsecurity.com/2016/06/13/websockets-auth/

HTTP Evader:自动防火墙和IDS逃逸测试,分析浏览器行为

http://forums.juniper.net/t5/Security-Incident-Response/HTTP-Evader-Automate-Firewall-and-IDS-Evasion-Tests-Analyse/ba-p/293098

渗透测试之路:为什么要参加IACRB培训和认证

http://resources.infosecinstitute.com/on-the-road-to-pen-testing-why-iacrb-training-and-certification/

CrackMapExec工具的wiki更新

https://github.com/byt3bl33d3r/CrackMapExec/wiki

ritm: ruby编写的中间人劫持代理

https://github.com/argos83/ritm

flash 0day (CVE-2016-4171) 被用于在野攻击

http://wccftech.com/flash-zero-day-vulnerability-exploited-in-the-wild/

重温在PNG IDAT 块中的xss payloads

http://www.adamlogue.com/revisiting-xss-payloads-in-png-idat-chunks/

zCrypt欺诈勒索软件分析

https://blog.malwarebytes.org/threat-analysis/2016/06/zcrypt-ransomware/

How to become the sole owner of your PC.pdf [禁止Intel ME]

https://github.com/ptresearch/me-disablement/blob/master/How%20to%20become%20the%20sole%20owner%20of%20your%20PC.pdf

发现珍珠:fuzzing ClamAV

https://foxglovesecurity.com/2016/06/13/finding-pearls-fuzzing-clamav/

来自phdays'16会议的ppt: hacking web apps基础教程

https://github.com/cyberpunkych/ph2016

家庭自动化系统的安全性

https://www.ernw.de/download/ERNW_Newsletter_49_SecurityOfHomeAutomationSystems_signed.pdf

导入nmap的扫描结果进nessus

http://securityblog.gr/3457/import-nmap-results-into-nessus/

Linux Kernel ROP – Ropping your way to # (Part 1)

https://www.trustwave.com/Resources/SpiderLabs-Blog/Linux-Kernel-ROP—Ropping-your-way-to—(Part-1)/

解码Angler Exploit Kit

https://pcsxcetrasupport3.wordpress.com/2016/06/11/decoding-angler-exploit-kit/

跟踪地球间谍卫星

http://m.nextgov.com/defense/2016/06/tracking-earths-secret-spy-satellites/129027/?oref=m-ng-river

资讯类:

洛克希德·马丁公司公布内部安全威胁检测的解决方案

http://www.prnewswire.com/news-releases/lockheed-martin-commercial-cyber-announces-insider-threat-detection-solution-with-interset-300283340.html

三星修复驱动更新工具的另一个设备接管问题

http://news.softpedia.com/news/samsung-fixes-another-device-takeover-issue-in-its-driver-update-tool-505207.shtml

Vawtrack银行木马v2版最近被发现

http://news.softpedia.com/news/vawtrack-banking-trojan-is-alive-and-well-v2-recently-discovered-505198.shtml

减少人才缺口,确保未来:思科推出千万网络安全奖学金

http://blogs.cisco.com/security/cisco-10-million-cybersecurity-scholarship

Telegram声明:黑客发现一种方式来发送大量的垃圾消息

http://www.theregister.co.uk/2016/06/14/telegram_crammed_hackers_find_way_to_send_massive_messages/

黑客从汽车,技术,体育论坛中偷取4500万账号

http://www.zdnet.com/article/hacker-steals-45-million-accounts-from-hundreds-of-verticalscope-car-tech-sports-forums/#ftag=RSSbaffb68

Sixgill 爬行暗网数据,预测网络犯罪

http://techcrunch.com/2016/06/14/sixgill/

DeRay Mckesson的twitter账户被黑,密码是他的名字加4位数字

https://nakedsecurity.sophos.com/2016/06/14/deray-mckessons-twitter-account-hacked-with-just-his-name-and-four-digits/

开源的网络安全linux内核扩展

https://n0where.net/open-source-cybersecurity-linux-kernel-extension-zentables­-addons/

数据泄露消息:

navratnabooking.com 网站数据泄露,包含手机号,邮箱,家庭地址

www.golferscard.ae网站数据泄露,包含手机号,邮箱,家庭地址,性别,出生日期,邮编