安全报告 Security Report G-Bot僵尸网络与Apocalypse RAT远控木马分析报告 https://mp.weixin.qq.com/s/eEGMOpFeHb_rnV_JO1ojFg 安全事件 Security Incident 境外黑产团伙也复工，针对国内相关单位发起钓鱼攻击 https://www.freebuf.com/articles/system/229983.html 恶意软件 Malware MacOS恶意软件Shlayer分析 https://www.freebuf.com/articles/network/227482.html RobbinHood勒索软件另辟渠道，通过驱动漏洞干翻杀毒软件 https://www.freebuf.com/articles/system/228338.html 安全资讯 Security Information 在论坛上发布的免费工具中存在NjRAT https://www.peerlyst.com/posts/hacker-wars-njrat-hides-in-free-hacking-tools-published-on-underground-forums-soc-prime?utm_source=twitter&utm_medium=social&utm_content=peerlyst_post&utm_campaign=peerlyst_shared_post 黑客在野利用了两个趋势科技的0day https://www.zdnet.com/article/two-trend-micro-zero-days-exploited-in-the-wild-by-hackers/ 大多数勒索软件攻击发生在夜间或周末 https://www.zdnet.com/article/most-ransomware-attacks-take-place-during-the-night-or-the-weekend/ 安卓app测试入门（第一部分） https://blog.securitybreached.org/2020/03/17/getting-started-in-android-apps-pentesting/ 安全研究 Security Research 根据图标差异跟踪恶意软件活动 https://www.bromium.com/spot-the-difference-tracking-malware-campaigns-using-visually-similar-images/ Apache Tomcat 从文件包含到RCE漏洞原理深入分析 https://www.anquanke.com/post/id/200630 如何利用已断开的链接进行劫持 https://edoverflow.com/2017/broken-link-hijacking/ RFI巧用WebDAV绕过URL包含限制Getshell https://www.anquanke.com/post/id/201060 对《巫师3》的渲染进行逆向 https://astralcode.blogspot.com/2018/11/reverse-engineering-rendering-of.html?utm_source=dlvr.it&utm_medium=twitter 分析SUID二进制文件到越权执行命令 https://blog.grimm-co.com/post/analyzing-suid-binaries/