漏洞 Vulnerability CVE-2020-8871：通过VGA设备在Parallels Desktop 提权 https://www.zerodayinitiative.com/blog/2020/5/20/cve-2020-8871-privilege-escalation-in-parallels-desktop-via-vga-device 安全工具 Security Tools ligolo：用于渗透时反向隧道连接工具 https://github.com/sysdream/ligolo 安全报告 Security Report zoom end-to-end 加密介绍白皮书 https://github.com/zoom/zoom-e2e-whitepaper/blob/master/zoom_e2e.pdf 安全研究 Security Research 利用 Safe-Linking来消除 malloc() 函数被漏洞利用 https://research.checkpoint.com/2020/safe-linking-eliminating-a-20-year-old-malloc-exploit-primitive/ PRTG Network Monitor 两个漏洞的发现过程 https://sensepost.com/blog/2020/being-stubborn-pays-off-pt.-2-tale-of-two-0days-on-prtg-network-monitor/ 持久化驻留技术 – COM 劫持 https://pentestlab.blog/2020/05/20/persistence-com-hijacking/ Google Cloud Deployment Manager RCE漏洞分析 https://www.ezequiel.tech/2020/05/rce-in-cloud-dm.html Windows 错误报告服务中的任意文件删除漏洞分析 https://github.com/guhe120/Windows-EoP/blob/master/CVE-2020-1021/writeup.docx Defcon CTF Qualifier 2020 Cursed和Blursed的题解 https://mem2019.github.io/jekyll/update/2020/05/22/Defcon-Cursed-Blursed.html CVE-2005-1513：Qmail远程代码执行漏洞分析，现在可利用 https://packetstormsecurity.com/files/157805/QSA-qmail.txt Vulnhub-CTF-Writeups https://github.com/Ignitetechnologies/Vulnhub-CTF-Writeups 如何解压HP 固件更新包 https://jsof-tech.com/unpacking-hp-firmware-updates-part-1/ Password Spraying 攻击指南 https://www.hackingarticles.in/comprehensive-guide-on-password-spraying-attack/ 恶意软件 Malware AgentTesla新变体分析 https://www.freebuf.com/articles/network/234356.html 如何使用趋势科技的Rootkit Remover安装Rootkit https://billdemirkapi.me/How-to-use-Trend-Micro-Rootkit-Remover-to-Install-a-Rootkit/ 模拟Zloader木马的服务端，伪造C2 https://github.com/felixweyne/imaginaryC2/tree/master/examples/use-case-9-zloader