漏洞 Vulnerability 疑似VMWare Tools的沙箱逃逸0day poc https://github.com/SandboxEscaper/chasingpolarbears/tree/master/vmwarebug CVE-2019-19604：Git submodule update 命令执行漏洞 https://gitlab.com/gitlab-com/gl-security/disclosures/blob/master/003_git_submodule/advisory.md CVE-2019-18935：在Telerik UI中通过不安全的反序列化执行远程代码 https://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui 安全研究 Security Research ProjectZero: 从.NET调用本地Windows RPC服务器 https://googleprojectzero.blogspot.com/2019/12/calling-local-windows-rpc-servers-from.html Red Team 电子书集合 https://redteams.net/bookshelf Botconf 2019：Android 恶意软件静态分析 https://maxkersten.nl/wp-content/uploads/2019/12/StaticAndroidMalwareAnalysisWorkshop-Botconf2019.pdf CVE-2019-9812：利用 Firefox 浏览器 Sync 同步功能的逻辑漏洞逃逸沙箱 https://www.thezdi.com/blog/2019/12/15/syncing-out-of-the-firefox-sandbox HTTP请求走私+ IDOR https://hipotermia.pw/bb/http-desync-idor Windows 10 低碎片堆（LFH）的研究 Paper https://github.com/peleghd/Windows-10-Exploitation/blob/master/Low_Fragmentation_Heap_(LFH)_Exploitation_-_Windows_10_Userspace_by_Saar_Amar.pdf 安全工具 Security Tools PEExplorerV2：开源 PE 文件静态分析工具 https://github.com/zodiacon/PEExplorerV2