漏洞 Vulnerability Intel CPU NetCAT漏洞：开启DDIO和远程 DMA特性的CPU可以实现远程侧信道攻击 https://www.vusec.net/projects/netcat/ CVE-2019-1253：Windows AppX Deployment Server权限提升和DoS漏洞，作者公布了删除特权文件的exploit https://github.com/rogue-kdc/CVE-2019-1253 微软补丁日: RDP Client/Excel/SharePoint 远程代码执行漏洞预警 https://cert.360.cn/warning/detail?id=fdeb11a31634bdc7ce1be4c6ea175315 在处理TTF字体时，Microsoft DirectWrite 在 sfac_GetSbitBitmap函数越界读漏洞——P0 https://bugs.chromium.org/p/project-zero/issues/detail?id=1878 安全工具 Security Tools 通过AFL-Unicorn Fuzz内核 https://github.com/fgsect/unicorefuzz 安全事件 Security Incident Chrome 77发布安全更新，包括52个安全补丁 https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html 恶意软件 Malware 恶意软件Ryuk会窃取军事机密和财务档案 https://www.bleepingcomputer.com/news/security/ryuk-related-malware-steals-confidential-military-financial-files/ 安全研究 Security Research 使用简单的漏洞建模来发现易受攻击的提权代码模式 https://www.fortinet.com/blog/threat-research/another-local-privilege-escalation-lpe-vulnerability.html macOS的红队攻击技术 https://lockboxx.blogspot.com/2019/09/macos-red-teaming-208-macos-att.html hyper-v的详细研究 https://hvinternals.blogspot.com/2019/09/hyper-v-memory-internals-guest-os-memory-access.html 渗透测试指南资源搜集 https://github.com/Voorivex/pentest-guide Bug bounty 2012至2019年的writeups https://pentester.land/list-of-bug-bounty-writeups.html 如何攻击VM工作进程——MSRC出品 https://msrc-blog.microsoft.com/2019/09/11/attacking-the-vm-worker-process/ Palo Alto GlobalProtect上PreAuth RCE漏洞的利用编写 Part II https://www.securifera.com/blog/2019/09/10/preauth-rce-on-palo-alto-globalprotect-part-ii-cve-2019-1579/