漏洞 Vulnerability CVE-2020-35606 Webmin命令执行漏洞 https://www.pentest.com.tr/exploits/Webmin-1962-PU-Escape-Bypass-Remote-Command-Execution.html 禅道项目管理系统( ZenTaoPMS )高危漏洞分析与利用 https://paper.seebug.org/1435/ WP Admin Panel身份验证绕过和RCE https://ssd-disclosure.com/ssd-advisory-auth-bypass-and-rce-in-infinite-wp-admin-panel/ 安全事件 Security Incident 黑客论坛上泄露了270K Ledger所有者的实际地址 https://www.bleepingcomputer.com/news/security/physical-addresses-of-270k-ledger-owners-leaked-on-hacker-forum/ 安全研究 Security Research 用DNS进行网络度量和安全分析 https://mp.weixin.qq.com/s/P1dS0vDSerWkTsmIQuSKPw SolarWinds第二个后门 https://www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/ 防范未修复的Kubernetes中间人漏洞 https://unit42.paloaltonetworks.com/cve-2020-8554/ CVE-2020-17144漏洞分析与武器化 http://www.zcgonvh.com/post/analysis_of_CVE-2020-17144_and_to_weaponizing.html 一个CS马伪装下的loader样本分析 https://www.sec-in.com/article/582 流量分析与日志溯源的个人理解 https://mp.weixin.qq.com/s?__biz=MzAwMjA5OTY5Ng==&mid=2247491985&idx=1&sn=48aaba71ed7c51f6ebd40dd6c44569cf