漏洞 Vulnerability MS Windows OLE 远程代码执行漏洞(CVE-2020-1281) https://github.com/guhe120/Windows-EoP/tree/master/CVE-2020-1281 Roundcube mail 3 Xss https://lorexxar.cn/2020/06/10/roundcube-mail-xss/ CVE-2020-5410 Spring Cloud Config目录穿越漏洞 https://xz.aliyun.com/t/7877 Netgear 0-day 影响了79个设备和758个固件 https://blog.grimm-co.com/2020/06/soho-device-exploitation.html?m=1 安全工具 Security Tools 一款使用Golang开发且适用于攻防演习内网横向信息收集的高并发网络扫描、服务探测工具。 https://github.com/Adminisme/ServerScan 用Python 3编写的HTTP请求走私/不同步测试工具 https://github.com/defparam/smuggler 安全报告 Security Report 2020年Q1垃圾和钓鱼邮件报告 https://www.freebuf.com/articles/network/238382.html 安全资讯 Security Information Earth Empusa的网络钓鱼攻击揭示了新的Android间谍软件ActionSpy https://blog.trendmicro.com/trendlabs-security-intelligence/new-android-spyware-actionspy-revealed-via-phishing-attacks-from-earth-empusa/ 新的移动互联网协议漏洞使黑客瞄准4G/5G用户 https://positive-tech.com/storage/articles/gtp-2020/threat-vector-gtp-2020-eng.pdf 美将修改禁令允许在 5G 标准制定方面与华为合作 https://www.solidot.org/story?sid=64672 安全研究 Security Research 谷歌、亚马逊、微软云上攻防备忘录 https://github.com/dafthack/CloudPentestCheatsheets 在浏览器中粘贴任意内容的风险（Chromium、Firefox、Safari、Google Docs、Gmail、TinyMCE、CKEditor和其他浏览器中的错误) https://research.securitum.com/the-curious-case-of-copy-paste/ 用C ++ 解析PE 绕过AV / EDR API hook https://www.solomonsklash.io/pe-parsing-defeating-hooking.html