漏洞 Vulnerability CVE-2020-1730：libssh拒绝服务漏洞 https://www.libssh.org/security/advisories/CVE-2020-1730.txt CVE-2020-10882: TP-Link 命令注入漏洞通告 https://cert.360.cn/warning/detail?id=ea0df6b0ad71ae8540e9582ff74b7a60 Symantec Web Gateway 5.0.2.8远程代码执行漏洞 https://twitter.com/wugeej/status/1248052787302170626 安全工具 Security Tools sandboxie开源了 https://www.sandboxie.com/ RetDec v4.0发布了 https://engineering.avast.io/retdec-v4-0-is-out/ Chromepass – 破解Chrome保存密码的工具 https://www.kitploit.com/2020/04/chromepass-hacking-chrome-saved.html Eavesarp – 分析ARP请求以识别相互通信的主机和陈旧的网络地址配置 https://www.kitploit.com/2020/04/eavesarp-analyze-arp-requests-to.html 安全资讯 Security Information google的新书Building Secure and Reliable Systems https://www.google.com.hk/books/edition/Building_Secure_and_Reliable_Systems/Kn7UxwEACAAJ?hl=en 安全研究 Security Research 一种ETW bypass方式 https://modexp.wordpress.com/2020/04/08/red-teams-etw/ 对利用COVID-19的APT活动的总结 https://blog.malwarebytes.com/threat-analysis/2020/04/apts-and-covid-19-how-advanced-persistent-threats-use-the-coronavirus-as-a-lure/ 恶意软件 Malware 对2020年3月流行的恶意代码和漏洞利用的总结 https://blog.checkpoint.com/2020/04/09/march-2020s-most-wanted-malware-dridex-banking-trojan-ranks-on-top-malware-list-for-first-time/