漏洞 Vulnerability CVE-2020-0601 POC披露 https://github.com/ollypwn/CVE-2020-0601 微软修复了google和360发现的IE 0day漏洞 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200001 Bitbucket服务与数据中心远程代码执行漏洞通告 https://cert.360.cn/warning/detail?id=1995fc76b8497f230325a0ce9940bcb5 CVE-2020-5398 Spring MVC/Spring WebFlux header导致的RFD攻击风险通告 https://cert.360.cn/warning/detail?id=bfa768766a9381fa38071c5375f8fac4 安全工具 Security Tools Macho-O文件分析工具 https://h3adsh0tzz.com/projects/macho-toolset/ Lsassy – 从Lsass远程提取凭证 http://feedproxy.google.com/~r/PentestTools/~3/Mfhkp5fW17U/lsassy-extract-credentials-from-lsass.html AntiCheat-Testing-Framework – 测试反欺骗的框架 http://feedproxy.google.com/~r/PentestTools/~3/MoEg1J7w6pk/anticheat-testing-framework-framework.html 安全报告 Security Report android企业安全白皮书 https://static.googleusercontent.com/media/www.android.com/en//static/2016/pdfs/enterprise/Android_Enterprise_Security_White_Paper_2019.pdf 极验2019交互安全行业研究报告 https://www.freebuf.com/articles/paper/225621.html 安全资讯 Security Information 外挂盯上支付宝：集福神器、蚂蚁森林外挂泛滥 https://www.freebuf.com/articles/terminal/225652.html 即使没有安装补丁chrome现在也能针对CryptoAPI漏洞进行防护 https://www.bleepingcomputer.com/news/security/google-chrome-adds-protection-for-nsas-windows-cryptoapi-flaw/ 安全研究 Security Research 基于DNS的数据泄露开源测试工具篇 https://www.freebuf.com/sectool/224233.html CVE-2020-0609/CVE-2020-0610 RDP漏洞简要分析 https://www.kryptoslogic.com/blog/2020/01/rdp-to-rce-when-fragmentation-goes-wrong/ 恶意软件 Malware 针对在有效数字证书内植入远控木马病毒分析报告 https://www.freebuf.com/articles/paper/224147.html JhoneRAT:针对中东国家的基于云的python编写的RAT http://feedproxy.google.com/~r/feedburner/Talos/~3/fMfUYeBuaWE/jhonerat.html