1.通过中间人攻击无密码hacking mssql
https://blog.anitian.com/hacking-microsoft-sql-server-without-a-password/
2.Security Onion的命令注入漏洞
https://techanarchy.net/2016/02/security-onion-command-injection-vulnerability/
3.两个离线的uxss chrome漏洞的故事
http://ceukelai.re/a-tale-of-two-offline-chrome-uxss-vulns/
4.Dridex僵尸网络被黑,用来派发Avira杀毒软件
https://blog.avira.com/dridex_serves_avira/
5.赛门铁克证书颁发机构的域验证漏洞
https://www.agwa.name/blog/post/domain_validation_vulnerability_in_symantec_ca
6.WSUS中间人攻击武器化
7.绕过IOS的越狱检测
https://www.notsosecure.com/2016/02/05/bypassing-jailbreak-detection-ios/
8.MINIBOX:双向沙箱用于x86本地代码
https://www.usenix.org/system/files/conference/atc14/atc14-paper-li_yanlin.pdf
9.通过ndis5.x进行权限提升
http://anti-reversing.com/Downloads/Sec_Research/NDI5aster.pdf
10.恶意软件图书馆:收集从1980-1990年的家庭计算机病毒
https://archive.org/details/malwaremuseum&tab=about
11.RAT WARS 2.0: 通过javascript进行屏幕控制检测技术
http://blog.mindedsecurity.com/2016/02/rat-wars-20-advanced-techniques-for.html
12.卡巴报告:从超过1000的商业站点被黑,敏感信息被盗,给我们的启示
http://go.kaspersky.com/CyberespionageSpReport.html
13.chrome不在阻止呈现css脚本注入
14.geohot在USENIX Enigma 2016安全会议的视频Timeless Debugging