1.(CVE-2016-0752):rails 动态render到RCE

https://nvisium.com/blog/2016/01/26/rails-dynamic-render-to-rce-cve-2016-0752/

2.win10 通过dolby's dax2_api服务到systm权限

http://x42.obscurechannel.com/?p=263

3.我如何通过条件竞争漏洞hack Medium的

https://medium.com/@cablej/how-i-hacked-medium-s-top-stories-b0215da01bc9#.yf40dnsvv

4.phpbb的csrf漏洞

https://www.landaire.net/blog/finding-a-csrf-vulnerability-in-phpbb/

5.精细化的网络扫描正在崛起(Debian NTP服务扫描私有IP范围时的漏洞)

http://netpatterns.blogspot.com/2016/01/the-rising-sophistication-of-network.html

6.android adb debug服务远程payload执行

https://www.exploit-db.com/exploits/39328/

7.实践windows代码和驱动签名

http://www.davidegrayson.com/signing/

8.BoutDuTunnel :在http请求里建立虚拟隧道连接

https://github.com/sailro/Bdtunnel

9.通过点击一个连接crash掉你iphone和mac浏览器

https://nakedsecurity.sophos.com/2016/01/26/dont-share-the-link-that-crashes/

10.恶意的chrome扩展监视你的上网行为

https://blog.malwarebytes.org/online-security/2016/01/rogue-google-chrome-extension-spies-on-you/

11.foxit reader uaf远程代码执行漏洞通告

http://www.zerodayinitiative.com/advisories/ZDI-16-027/

12.buffalo nas(Linkstation 420)设备 远程shutdown漏洞

http://www.securityfocus.com/archive/1/537356

13.dropcam逆向工程第三部分

http://blog.includesecurity.com/2014/08/Reverse-Engineering-Dropcam-Lua-Bytecode.html

14.Manalyze:静态分析PE的工具

https://github.com/JusticeRage/Manalyze

15.osquery 101:入门

http://sroberts.github.io/2016/01/26/osquery-101/

16.NCC Group发布的网络风险安全指南(NxDs)

https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2016/january/cyber-risk-and-security-guidance-for-non-executive-directors-nxds/

17.Windows exploitation in 2015

http://www.welivesecurity.com/2016/01/26/windows-exploitation-in-2015/

18.hacking Zsun wifi SD读卡器

https://wiki.hackerspace.pl/projects:zsun-wifi-card-reader

19.被攻击者滥用的windows命令

http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html

20.使用低成本的ESP8266模块为树莓派Zero构建快速的WIFI

https://hackaday.io/project/9300-esp-12f-raspberry-pi-gpio-sdio-wifi