漏洞 Vulnerability CVE-2020-1571 Windows安装程序特权提升 https://github.com/klinix5/Windows-Setup-EoP Apache Solr信息泄露漏洞 https://www.openwall.com/lists/oss-security/2020/08/15/1 恶意软件 Malware XCSSET Mac间谍软件通过Xcode Projects传播 https://securityaffairs.co/wordpress/107162/malware/xcsset-mac-malware.html 安全研究 Security Research 红队新思路：利用Windows调试框架在.NET进程内直接调用.NET方法 https://mp.weixin.qq.com/s/zz-sU6hz1GBatPj0yHUWdA 基于网络欺骗与浏览器指纹的WEB攻击溯源 https://www.freebuf.com/articles/web/245585.html 在Thymeleaf中利用SSTI https://www.acunetix.com/blog/web-security-zone/exploiting-ssti-in-thymeleaf/ 对PHP环境的攻击 https://srcincite.io/assets/out-of-hand-attacks-against-php-environments.pdf 安全工具 Security Tools 护网自动化脚本 https://mp.weixin.qq.com/s/uHNx28XFZ5M6KwykMC4Jsg IoT-PT：渗透物联网设备的虚拟环境 https://securityonline.info/pentesting-iot-devices/