漏洞 Vulnerability CVE-2019-11484：Ubuntu Whoopsie整数溢出漏洞分析 https://securitylab.github.com/research/ubuntu-whoopsie-CVE-2019-11484 飛鴿傳書 – 紅隊演練中的數位擄鴿——DEVCORE https://devco.re/blog/2019/12/23/how-binary-dog-survives-in-web-world/ Apache Log4j SocketServer反序列化漏洞（CVE-2019-17571）风险提示 https://mp.weixin.qq.com/s/HKF-7LhFYFztJvSLS03V-g CVE-2019-19844：django通过密码重置表单进行帐户劫持漏洞PoC https://github.com/ryu22e/django_cve_2019_19844_poc/ CVE-2019-13272：linux 内核PTRACE_TRACEME 本地提权Poc，适配aarch64平台 https://github.com/jiayy/android_vuln_poc-exp/tree/master/EXP-CVE-2019-13272-aarch64 安全工具 Security Tools rebirth：iOS实用的越狱框架，支持iOS11 – 11.3.1版本 https://github.com/hackerhouse-opensource/rebirth 安全报告 Security Report CTF赛事设计指南 https://docs.google.com/document/d/1QBhColOjT8vVeyQxM1qNE-pczqeNSJiWOEiZQF2SSh8/preview 趋势科技对2020年的安全行业预测 https://documents.trendmicro.com/assets/rpt/rpt-the-new-norm-trend-micro-security-predictions-for-2020.pdf 安全研究 Security Research 利用Cutter patch 二进制文件的五种方法——Writeup https://www.megabeets.net/5-ways-to-patch-binaries-with-cutter/ 分析如何在Abis HD6000+ SMART 投影机中找到WAN远程代码执行漏洞 https://labs.f-secure.com/blog/hackin-around-the-christmas-tree 逆向分析Windows 的Handles， Callbacks和ObjectTypes——Part 1 https://rayanfam.com/topics/reversing-windows-internals-part1/ Microsoft Edge (Chromium) 新标签页XSS 到 RCE 漏洞分析 https://leucosite.com/Edge-Chromium-EoP-RCE/ RWCTF 2018 VMWare逃逸Writeup——Part1 https://nafod.net/blog/2019/12/21/station-escape-vmware-pwn.html 利用Intel PT追踪SMM（ring-2）的代码 https://sysenter-eip.github.io/intel_pt_smm 自动探测堆漏洞利用技术——Paper https://arxiv.org/pdf/1903.00503.pdf Exploit Spring Boot Actuator 之 Spring Cloud Env 学习笔记 https://mp.weixin.qq.com/s/rGRHb5IteCDAO6IMCwst3A 恶意软件 Malware 穷源溯流：KONNI APT组织伪装韩国Android聊天应用的攻击活动剖析 https://ti.qianxin.com/blog/articles/analysis-of-konni-apt-organization-attack-activities-disguised-as-korean-android-chat-application/ 阿联酋社交应用 ToTok 被曝监控用户 https://objective-see.com/blog/blog_0x52.html Gafgyt家族物联网僵尸网络家族分析 https://www.freebuf.com/articles/others-articles/222677.html