漏洞 Vulnerability CVE-2019-16920：漏洞分析|D-Link路由器远程代码执行高危漏洞 https://www.fortinet.com/blog/threat-research/d-link-routers-found-vulnerable-rce.html CVE-2019-8697：MACOS系统通过磁盘管理程序提权 https://www.zerodayinitiative.com/blog/2019/10/3/cve-2019-8697-macos-system-escalation-via-disk-management 微软补丁日：十月更新 https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/28ef0a64-489c-e911-a994-000d3a33c573 CVE-2019-17132：vBulletin <= 5.5.4远程代码执行漏洞 exp http://karmainsecurity.com/pocs/CVE-2019-17132 Joomla 3.4.6-RCE复现 https://mp.weixin.qq.com/s/jqKdJDoFuZeY70nnqY7RNw 安全工具 Security Tools FATT——从Pcap文件和实时网络流量中提取网络元数据和指纹的脚本工具 https://www.kitploit.com/2019/10/fatt-script-for-extracting-network.html Detect-It-Easy——壳检查工具，2.05版本发布 https://github.com/horsicq/Detect-It-Easy ida python脚本编写指南 pdf版（共两页） https://github.com/inforion/idapython-cheatsheet/releases/tag/pdf 安全报告 Security Report 卡巴斯基对响应分析上半年的总结 https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2019/10/08090718/MDR_report_H1_2019_eng_final.pdf 安全资讯 Security Information CVE-2019-16263：旧Twitter API令数百万的iOS用户易受到中间人攻击 https://threatpost.com/vulnerable-twitter-api-leaves-millions-open-to-attack/148945/?utm_source=twitter&utm_medium=social&utm_campaign=us_threatpost_zt0106&utm_content=sm-post&utm_term=us_twitter__zt0106_sm-post_social_threatpost 安全研究 Security Research 从HackMD存储型XSS到RCE利用分析 https://5alt.me/2019/10/HackMD%20Stored%20XSS%20and%20HackMD%20Desktop%20RCE/ Android 应用程序渗透指南 https://nightowl131.github.io/AAPG/ Adobe Reader调试符号的相关技巧——P0 https://googleprojectzero.blogspot.com/2019/10/the-story-of-adobe-reader-symbols.html Flare-on 6 2019 Writeups 题解 https://malwareunicorn.org/workshops/flareon6_2019.html linux kernel 控制流完整性研究——Paper http://www.alunos.dcc.fc.up.pt/~up201407890/Thesis.pdf 恶意软件 Malware 来自TransparentTribe APT组织的窃密 https://mp.weixin.qq.com/s/iQJ9dXsEzKQ10meChpNPQQ 恶意软件Emotet分析——VB 2019 Slide https://www.virusbulletin.com/uploads/pdf/conference_slides/2019/VB2019-Nagy.pdf 针对Linux系统新型Golang勒索软件的分析 https://www.fortinet.com/blog/threat-research/new-golang-ransomware-targeting-linux-systems.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+fortinet%2Fblog%2Fthreat-research+%28Fortinet+Threat+Research+Blog%29