安全工具 Security Tools Sandcastle-AWS S3 Bucket枚举的Python脚本 https://www.kitploit.com/2020/04/sandcastle-python-script-for-aws-s3.html Frida API Fuzzer-用于API内存中的fuzzing https://github.com/andreafioraldi/frida-fuzzer 安全事件 Security Incident Firefox74.0.1解决了两个0day的漏洞 https://securityaffairs.co/wordpress/101045/security/firefox-74-0-1-two-zero-days.html 以冠状病毒为主题的新活动在全球范围内传播Lokibot https://securityaffairs.co/wordpress/101058/malware/coronavirus-campaign-who-lokibot.html 安全资讯 Security Information 黑客侵入GoDaddy雇员的帐户，从而破坏了Escrow.com https://www.hackread.com/hackers-deface-escrow-com-hacking-godaddy-employees/ ugs允许黑客劫持并激活Mac和iPhone摄像头 https://www.hackread.com/bugs-hackers-hijack-mac-iphone-cameras/ 安全研究 Security Research CVE-2020-0796 Windows SMBv3 LPE Exploit POC 分析 https://paper.seebug.org/1164/ 利用Grandstream和DrayTek设备为新的骗局DDoS僵尸网络供电 https://unit42.paloaltonetworks.com/new-hoaxcalls-ddos-botnet/ 安装NetWire RAT的恶意垃圾邮件活动 https://unit42.paloaltonetworks.com/guloader-installing-netwire-rat/ CVE-2020-3947:VMWARE WORKSTATION DHCP组件中的无其他使用漏洞 https://www.thezdi.com/blog/2020/4/1/cve-2020-3947-use-after-free-vulnerability-in-the-vmware-workstation-dhcp-component 安全报告 Security Report XSS WAF&像boss一样绕过字符限制 https://medium.com/bugbountywriteup/xss-waf-character-limitation-bypass-like-a-boss-2c788647c229