漏洞 Vulnerability Citrix Endpoint Management 多个高危漏洞通告 https://cert.360.cn/warning/detail?id=c90721afed448a76134344672230c3ae CVE-2019-0230:Apache Struts2远程代码执行漏洞通告 https://cert.360.cn/warning/detail?id=d2b39f48fd31f3b36cc957f23d4777af 安全工具 Security Tools Windows GDI fuzzer https://github.com/math1as/Windows-GDI-fuzzer Aurora：用于自动静态分析AFL fuzz出的Crash崩溃成因 https://github.com/RUB-SysSec/aurora ArcHeap：自动探测堆可利用的地方 https://github.com/sslab-gatech/ArcHeap 安全资讯 Security Information 【即将上线】ISC 2020网络空间测绘论坛：关注数字时代资产威胁与安全 https://mp.weixin.qq.com/s/TdohRaBgrWcI1yK9bUm_5Q 安全研究 Security Research USENIX Security ’20 会议各议题资料放出 https://www.usenix.org/conference/usenixsecurity20/technical-sessions 如何在WordPress 插件中挖掘SQL注入和CSRF https://medium.com/tenable-techblog/hunting-for-sql-injections-sqlis-and-cross-site-request-forgeries-csrfs-in-wordpress-plugins-632dafc9cd2f Fuzzing sockets part 2: 目标->FreeRDP https://securitylab.github.com/research/fuzzing-sockets-FreeRDP MMS Exploit Part 5:绕过Android 随机化，进行RCE https://googleprojectzero.blogspot.com/2020/08/mms-exploit-part-5-defeating-aslr-getting-rce.html eBPF学习网站 https://ebpf.io/ DEFCON 28 上关于破解特斯拉 Model3的Slide https://www.slideshare.net/Kevin2600/hacking-tesla-model3-nfc-relay-revisited xss payload 大全 https://portswigger.net/web-security/cross-site-scripting/cheat-sheet 恶意软件 Malware 与APT ReconHellcat 相关的BlackWater 恶意软件分析 https://quointelligence.eu/2020/08/blackwater-malware-leveraging-beirut-tragedy-in-new-targeted-campaign/ 银行木马Mekotio 分析 https://www.welivesecurity.com/2020/08/13/mekotio-these-arent-the-security-updates-youre-looking-for/ APT lazarus /Dream-Job 组织 分析 https://github.com/blackorbird/APT_REPORT/blob/master/lazarus/Dream-Job-Campaign.pdf