Swords and Shields – a Study of Mobile Game Hacks and Existing Defenses
http://www.securitygossip.com/blog/2016/12/29/2016-12-29/

JSM Bypass via createClassLoader
http://paper.seebug.org/168/

Be Careful with Python's New-Style String Format
http://lucumr.pocoo.org/2016/12/29/careful-with-str-format/

[webapps] - Zend Framework / zend-mail < 2.4.11 - Remote Code Execution
https://www.exploit-db.com/exploits/40979/?rss

基于taskmgr的应用层进程隐藏技术
http://www.mottoin.com/94800.html

格式化字符串漏洞实验
https://github.com/shiyanlou/seedlab/blob/master/formatstring.md

PHP htaccess injection cheat sheet
https://github.com/sektioneins/pcc/wiki/PHP-htaccess-injection-cheat-sheet

Linux MySQL Udf 提权
http://www.91ri.org/16540.html

Powershell tricks::Hide Process by kd.exe
http://www.mottoin.com/94910.html

Apache mod_session_crypto模块中的Padding Oracle漏洞分析
http://bobao.360.cn/learning/detail/3365.html

快捷方式:一种钓鱼攻击的新姿势
http://bobao.360.cn/learning/detail/3366.html

mitmAP - Simple Tool to Create a Fake AP and Sniff Data
http://www.kitploit.com/2017/01/mitmap-simple-tool-to-create-fake-ap.html

awesome-threat-intelligence
http://www.mottoin.com/94947.html

DOOM:分布式任务分发IP端口漏洞扫描器
http://www.mottoin.com/94946.html

DSCRETE: Automatic Rendering of Forensic Information From Memory Images via Application Logic Reuse
http://www.securitygossip.com/blog/2017/01/03/2017-01-03/

Really, POSIX? Really? memset() isn't async-signal-safe?
http://boston.conman.org/2016/12/17.1

WEB2PY 反序列化的安全問題-CVE-2016-3957
http://devco.re/blog/2017/01/03/web2py-unserialize-code-execution-CVE-2016-3957/

PentesterLab 的 Padding Oracle 漏洞靶机测试
http://www.mottoin.com/94991.html

Invoke-TheHash:执行WMI和SMB命令的PowerShell脚本
http://www.mottoin.com/94990.html

日请求过亿的Web系统PHP7升级实践
http://geek.csdn.net/news/detail/77849

Automated All-in-One OS Command Injection and Exploitation Tool.
http://www.commixproject.com/