漏洞 Vulnerability Cisco Webex Network Recording Player和Cisco Webex Player存在任意代码执行漏洞 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-webex-player 安全资讯 Security Information 卡巴斯基确定2017年影子经纪人泄漏中提到的神秘APT https://www.zdnet.com/article/kaspersky-identifies-mysterious-apt-mentioned-in-2017-shadow-brokers-leak/ 安全研究 Security Research CVE-2019-12527：Squid缓冲区溢出漏洞利用分析 https://cert.360.cn/report/detail?id=0c5d2571c8910f242945f9532b6a404c 绕过GitHub的OAuth流程 https://blog.teddykatz.com/2019/11/05/github-oauth-bypass.html VMWare ESXi and Workstation Uninitialized Variable RCE（CVE-2018-6981）漏洞分析 https://github.com/badd1e/Disclosures/tree/master/CVE-2018-6981_VMWare_ESXi 绕过AngularJS绑定HTML https://portswigger.net/research/bypassing-angularjs-bind-html 内核利用实践：绕过KPTI和SMEP https://github.com/pr0cf5/kernel-exploit-practice/tree/master/bypass-smep Chakra漏洞调试笔记5-CVE-2019-0861复现 https://www.anquanke.com/post/id/190533 SVG攻击面剖析 https://www.fortinet.com/blog/threat-research/scalable-vector-graphics-attack-surface-anatomy.html 通过RDP虚拟通道建立命令和控制会话 https://ijustwannared.team/2019/11/07/c2-over-rdp-virtual-channels/ 攻击和破坏Docker容器和Kubernetes集群 https://speakerdeck.com/madhuakula/breaking-and-pwning-docker-containers-and-kubernetes-clusters-all-day-devops-2019