漏洞 Vulnerability CVE-2019-0090: 英特尔CSME子系统访问控制漏洞 https://nvd.nist.gov/vuln/detail/CVE-2019-0090 CNVD-2020-16102:D-Link DIR-825和TRENDnet TEW-632BRP命令注入漏洞 https://www.cnvd.org.cn/flaw/show/CNVD-2020-16102 ASUS GiftBox Desktop服务权限提升漏洞 https://cxsecurity.com/issue/WLB-2020030036 安全工具 Security Tools Proton Framework: 渗透框架 https://www.kitploit.com/2020/03/proton-framework-windows-post.html Evil SSDP: 利用SSDP多播捕获windows认证信息工具 https://www.kitploit.com/2020/03/evil-ssdp-spoof-ssdp-replies-and-create.html 安全报告 Security Report CVE-2020-2555: Oracle Coherence&WebLogic反序列化远程代码执行分析 https://cert.360.cn/report/detail?id=15b04e663cc63500a05abde22266b2ee 安全事件 Security Incident FACTUM杂志遭受网络攻击 https://www.qurium.org/press-releases/revista-factum-suffered-week-long-cyber-attacks-for-denouncing-corruption-by-the-president-of-el-salvador/ 安全资讯 Security Information AMD处理器存在漏洞易遭受侧信道攻击 https://thehackernews.com/2020/03/amd-processors-vulnerability.html WAGO公司产品中存在的多个漏洞 https://blog.talosintelligence.com/2020/03/wago-vulnerability-spotlight-march-2020.html 安全研究 Security Research RMI 工作原理及反序列化知识学习 https://xz.aliyun.com/t/7334 使用 Dom Clobbering 扩展 XSS https://xz.aliyun.com/t/7329 php自定义恶意扩展so编写过程 https://xz.aliyun.com/t/7330