漏洞 Vulnerability CVE-2020-13765 ：QEMU 加载已注册ROM时越界访问漏洞 https://seclists.org/oss-sec/2020/q2/164?utm_source=dlvr.it&utm_medium=twitter CVE-2020-9484：Apache Tomcat 反序列化RCE漏洞的分析和利用 https://www.redtimmy.com/java-hacking/apache-tomcat-rce-by-deserialization-cve-2020-9484-write-up-and-exploit/ iOS 13.5.1 修复了CVE-2020-9859漏洞，但可能造成内存泄露 https://www.synacktiv.com/posts/exploit/the-fix-for-cve-2020-9859-and-the-lightspeed-vulnerability.html GNU glibc ARMv7 memcpy() 内存破坏漏洞 https://talosintelligence.com/vulnerability_reports/TALOS-2020-1019 用友NC远程命令执行漏洞通告 https://mp.weixin.qq.com/s/eF1v4iYE4T_NqmztM3i6TA CVE-2020-6109：Zoom客户端 4.6.10 处理giphy消息时存在路径遍历漏洞 https://talosintelligence.com/vulnerability_reports/TALOS-2020-1055 CVE-2020-6110：Zoom 客户端 4.6.10共享代码功能存在路径遍历漏洞 https://talosintelligence.com/vulnerability_reports/TALOS-2020-1056 恶意软件 Malware PEBBLEDASH：LAZARUS APT 中的恶意软件分析 https://malwarenailed.blogspot.com/2020/06/peebledash-lazarus-hiddencobra-rat.html 分析无文件恶意软件自加载技术 https://danusminimus.github.io/Analyzing-Modern-Malware-Techniques-Part-1/ 发现与Higaisa APT相关的新LNK攻击 https://blog.malwarebytes.com/threat-analysis/2020/06/higaisa/ 安全研究 Security Research 模拟攻击椭圆曲线加密算法的项目 https://github.com/orangecertcc/ecdummy 滥用进程 Tokens 分析 Part 2 https://medium.com/@seemant.bisht24/understanding-and-abusing-access-tokens-part-ii-b9069f432962 滥用进程 Tokens 分析 Part 1 https://medium.com/@seemant.bisht24/understanding-and-abusing-process-tokens-part-i-ee51671f2cfa 如何设计一个基带调试器 https://twitter.com/Synacktiv/status/1268474134939553792 Chrome 沙箱逃逸资料搜集 https://github.com/allpaca/chrome-sbx-db 在Windows中使用系统调用来执行Shellcode注入 https://www.solomonsklash.io/syscalls-for-shellcode-injection.html Apache Tomcat + MongoDB Poc和writeup https://github.com/pyn3rd/Apache-Tomcat-MongoDB-Remote-Code-Execution 安全工具 Security Tools TinyInst：P0开源的一个轻量级的动态检测库 https://github.com/googleprojectzero/TinyInst GitMonitor：用于扫描Github，根据规则查找泄漏的敏感信息 https://www.kitploit.com/2020/06/gitmonitor-github-scanning-system-to.html Docker-OSX：在docker中运行macOS https://github.com/sickcodes/Docker-OSX