恶意软件 Malware COVID-19相关的钓鱼攻击 https://unit42.paloaltonetworks.com/silverterrier-covid-19-themed-business-email-compromise/ 关于MAZE勒索病毒相关的TTP分析 http://www.fireeye.com/blog/threat-research/2020/05/tactics-techniques-procedures-associated-with-maze-ransomware-incidents.html 安全研究 Security Research 逆向VxWorks OS路由器 http://blog.quarkslab.com/reverse-engineering-a-vxworks-os-based-router.html 浅尝ECC之NCCIP attack https://www.anquanke.com/post/id/204397 回顾XStream反序列化漏洞 https://www.anquanke.com/post/id/204314 Naikon APT:网络间谍活动重新启动 https://research.checkpoint.com/2020/naikon-apt-cyber-espionage-reloaded/ j00ru发现的三星手机多个零交互RCE漏洞 https://bugs.chromium.org/p/project-zero/issues/detail?id=2002 古老的.NET漏洞-安全透明编译表达式(CVE-2013-0073) https://www.tiraniddo.dev/2020/05/old-net-vulnerability-5-security.html win32kfull.sys增加的一个Assert是怎么导致一个内核漏洞的 https://www.thezdi.com/blog/2020/5/7/how-a-deceptive-assert-caused-a-critical-windows-kernel-vulnerability Google对跨Android设备的谷歌两步验证代码的可移植性介绍 http://feedproxy.google.com/~r/GoogleOnlineSecurityBlog/~3/Kzum4njTIcs/introducing-portability-of-google.html Issue 2029: Linux 5.6: IORING_OP_MADVISE races with coredumping https://bugs.chromium.org/p/project-zero/issues/detail?id=2029 安全工具 Security Tools PowerSploit – PowerShell后渗透框架 https://www.kitploit.com/2020/05/powersploit-powershell-post.html HiveJack – 从已控制的主机转储Windows凭据 https://www.kitploit.com/2020/05/hivejack-this-tool-can-be-used-during.html 安全资讯 Security Information zoom收购了keybase https://techcrunch.com/2020/05/07/zoom-acquires-keybase-to-get-end-to-end-encryption-expertise/ bitdefender发布gogoogle勒索病毒解密工具 https://labs.bitdefender.com/2020/05/gogoogle-decryption-tool/ 黑客自称黑了微软的github账号并获得了500GB的数据，不过真实性可能不高 https://www.bleepingcomputer.com/news/security/microsofts-github-account-allegedly-hacked-500gb-stolen/