漏洞 Vulnerability Visual Studio Code本地代码执行漏洞(CVE-2019-1414) https://www.anquanke.com/post/id/190323 安全工具 Security Tools Donut-用于生成位置无关的Shellcode，可从内存中加载Windows有效载荷 https://www.kitploit.com/2019/11/donut-generates-x86-x64-or-amd64x86.html 安全报告 Security Report Titanium: Platinum组织再次出击 https://securelist.com/titanium-the-platinum-group-strikes-again/94961/ 安全事件 Security Incident 修复远程Windows内核载荷以绕过Meltdown KVA Shadow https://zerosum0x0.blogspot.com/2019/11/fixing-remote-windows-kernel-payloads-meltdown.html Windows内网协议学习Kerberos篇之TGSREQ& TGSREP https://www.anquanke.com/post/id/190625 HTTP参数传递类型差异产生的攻击面 https://xz.aliyun.com/t/6686 制作EFI模拟器和交互式调试器 https://reverse.put.as/2019/10/29/crafting-an-efi-emulator/ Linux pwn从入门到熟练（三） https://mp.weixin.qq.com/s/JcQMNnICi9w7UPnwOnHkaA Charles的一次破解之旅 https://mp.weixin.qq.com/s/yPUCpA4rou6sm6eotjUiiw 分块传输绕WAF详解 https://mp.weixin.qq.com/s/mb3lRxr6396ENmAjcRd-iA 恶意软件 Malware APT34 DNS隧道恶意软件分析 https://ironnet.com/blog/a-glimpse-into-glimpse/ 安全资讯 Security Information Pwn2Own Tokyo 2019 -Day2：专家攻破三星Galaxy S10和Xiaomi Mi9手机以及TP-Link AC1750路由器 https://securityaffairs.co/wordpress/93566/hacking/pwn2own-tokyo-2019-day2.html