漏洞 Vulnerability Microsoft UPnP-本地权限提升Metasploit漏洞模块 https://www.exploit-db.com/exploits/47805?utm_source=dlvr.it&utm_medium=twitter 安全研究 Security Research 谈高效漏洞挖掘之Fuzzing的艺术 https://www.freebuf.com/vuls/221129.html 利用SIGROP漏洞滥用信号量 https://sec.alexflor.es/post/minipwn/ 如何编写自己的自定义protobuf变异器 https://bshastry.github.io/2019/12/27/Custom-Proto-Mutation.html 36c3：长亭分享突破ESXi的会议录像 https://media.ccc.de/v/36c3-10505-the_great_escape_of_esxi WIN32K.SYS中通过索引彩色面板进行的本地特权升级 https://www.zerodayinitiative.com/blog/2019/12/16/local-privilege-escalation-in-win32ksys-through-indexed-color-palettes 安全工具 Security Tools crawlergo：0Kee Team 开源的用于收集 URL 入口的爬虫 https://github.com/0Kee-Team/crawlergo PHP-Fuzzer – 基于代码覆盖反馈信息 Fuzz PHP libraries https://github.com/nikic/PHP-Fuzzer git-vuln-finder：从git commit消息中查找潜在的软件漏洞 https://github.com/cve-search/git-vuln-finder windows、linux、osx的x86/x64 Opcode 计算器 https://github.com/horsicq/XOpcodeCalc