漏洞 Vulnerability iOS上默认的Mail应用程序MobileMail / Maild 0-click漏洞分析 https://blog.zecops.com/vulnerabilities/youve-got-0-click-mail/ Microsoft Teams中的帐户接管漏洞，利用恶意的GIF可导致子域接管 https://www.cyberark.com/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams/ Open-AudIT v3.3.1 远程命令执行漏洞分析 (CVE-2020-12078) https://shells.systems/open-audit-v3-3-1-remote-command-execution-cve-2020-12078/ CVE-2019-2215：android内核binder漏洞利用exp，绕过 DAC + SELinux + Knox/RKP https://github.com/chompie1337/s8_2019_2215_poc/ 安全工具 Security Tools fs-fuzzer：文件系统fuzz框架 https://github.com/0xricksanchez/fs-fuzzer LARRYCHATTER：模仿APT-29制作的通过Twitter隐藏C2的工具 https://github.com/slaeryan/LARRYCHATTER 安全资讯 Security Information 之前Github公开的L33terman6000/CVE-2020–0796 假利用脚本，作者声称为蜜罐实验，并做了解释 https://medium.com/@curtbraz/exploiting-the-exploiters-46fd0d620fd8 安全研究 Security Research HITB 会议演讲议题线上视频Day1~2——Youtube https://www.youtube.com/results?search_query=HITB+Lockdown+Livestream+Day nmap 常用命令top32 https://www.cyberciti.biz/networking/nmap-command-examples-tutorials/ hitb 会议公开部分议题的Slide https://conference.hitb.org/hitblockdown/materials/ Patchguard 对虚拟机环境检测分析 Part1-2 https://revers.engineering/patchguard-detection-of-hypervisor-based-instrospection-p1/ Windows 10 x64上的内存分页介绍 https://connormcgarr.github.io/paging/ CVE-2018-8611：Windows 内核事务管理器（KTM）条件竞争漏洞提权分析 Part 1/5 https://research.nccgroup.com/2020/04/27/cve-2018-8611-exploiting-windows-ktm-part-1-5-introduction/ VirtualBox USB 模块堆越界读写，或可造成虚拟机逃逸 https://paper.seebug.org/1188/ Java反序列化系列 ysoserial Hibernate1 https://mp.weixin.qq.com/s/O1ay4BHiyPBkotNIgDQ6Kg 恶意软件 Malware Nazar APT 分析，内附演讲视频 https://www.epicturla.com/blog/the-lost-nazar MMCore针对南亚地区的攻击活动分析 https://www.freebuf.com/articles/network/234483.html LeetHozer Botnet分析报告 https://blog.netlab.360.com/the-leethozer-botnet/