安全工具 Security Tools LDAPFragger：用于在内部网络渗透测试中的AD域控制LDAP协议执行脚本 https://blog.fox-it.com/2020/03/19/ldapfragger-command-and-control-over-ldap-attributes/ 安全研究 Security Research 基于JMX协议攻击方式总结 https://www.anquanke.com/post/id/200682 JNDI with LDAP https://www.anquanke.com/post/id/201181 浅谈DDoS攻防对抗中的AI实践 https://security.tencent.com/index.php/blog/msg/144 CVE-2019-1169：win32k 空指针解引用漏洞的分析 https://versprite.com/blog/security-research/cve-2019-1169-vulnerability-windows/ 使用postMessage和WebSocket-reconnect入侵Slack窃取用户令牌 https://labs.detectify.com/2017/02/28/hacking-slack-using-postmessage-and-websocket-reconnect-to-steal-your-precious-token/ macOS中的audit_token_t实现及使用分析 https://knight.sc/reverse%20engineering/2020/03/20/audit-tokens-explained.html 绕过导致SQL注入的电子邮件过滤器 https://medium.com/@dimazarno/bypassing-email-filter-which-leads-to-sql-injection-e57bcbfc6b17 利用不安全的Host Path Volume突破Kubernetes的命名空间限制-Part1 https://blog.appsecco.com/kubernetes-namespace-breakout-using-insecure-host-path-volume-part-1-b382f2a6e216 利用不安全的Host Path Volume突破Kubernetes的命名空间限制-Part2 https://blog.appsecco.com/prevent-hostpath-based-kubernetes-attacks-with-pod-security-policies-2f8646df6761 安全事件 Security Incident Mukashi：针对Zyxel NAS设备的新型Mirai IoT僵尸网络变体 https://thehackernews.com/2020/03/zyxel-mukashi-mirai-iot-botnet.html