ESET发布新的TeslaCrypt恶意勒索软件解密工具

http://www.welivesecurity.com/2016/05/18/eset-releases-decryptor-recent-variants-teslacrypt-ransomware/

CVE-2016-1886漏洞分析: SETFKEY FreeBSD kernel vulnerability

http://cturt.github.io/SETFKEY.html

修复marked包中的XSS漏洞

https://snyk.io/blog/marked-xss-vulnerability/

渗透整个Julia集群

https://blog.cylance.com/compromising-an-entire-julia-cluster

Falco介绍:开源,基于sysdig行为安全的

http://www.sysdig.org/falco/

TeslaCrypt关闭并发行解密私钥

http://www.bleepingcomputer.com/news/security/teslacrypt-shuts-down-and-releases-master-decryption-key/

恶意软件隐藏宏的新招数

https://blogs.technet.microsoft.com/mmpc/2016/05/17/malicious-macro-using-a-sneaky-new-trick/

EhTrace:跟踪windows二进制执行的工具

https://github.com/K2/EhTrace/

Checkpoint 访问 Nuclear僵尸网络源码,了解其架构

http://blog.checkpoint.com/2016/05/17/inside-nuclears-core-unraveling-a-ransomware-as-a-service-infrastructure/

在Nano服务器上运行Python & Django

https://blogs.technet.microsoft.com/nanoserver/2016/05/17/python-django-on-nano-server/

Cobalt Strike 3.3发行

http://blog.cobaltstrike.com/2016/05/18/cobalt-strike-3-3-now-with-less-powershell-exe/

ProtoFuzz: A Protobuf Fuzzer

http://blog.trailofbits.com/2016/05/18/protofuzz-a-protobuf-fuzzer/

使用flash和base tag绕过xss审计

http://mksben.l0.cm/2016/05/xssauditor-bypass-flash-basetag.html

分析Juniper DUal EC后门事件

https://eprint.iacr.org/2016/376.pdf