漏洞 Vulnerability 2020-10 补丁日: SAP多个产品高危漏洞安全风险通告 https://mp.weixin.qq.com/s/GvbOJfKVJ7rQAEhWIaU_UA CVE-2020-9746-Adobe Flash Player中一个严重的远程代码执行漏洞 https://helpx.adobe.com/security/products/flash-player/apsb20-58.html CVE-2020-16952-Microsoft SharePoint Server DataFormWebPart RCE 漏洞 PoC https://srcincite.io/advisories/src-2020-0022/ 安全研究 Security Research QEMU KVM学习笔记 https://github.com/yifengyou/learn-kvm 深入浅出MacOS的可执行文件格式MachO https://evilpan.com/2020/09/06/macho-inside-out/ Windows 版本 Firefox 浏览器 Mozilla Maintenance 服务 SYSTEM 本地提权漏洞的分析 https://blog.mozilla.org/attack-and-defense/2020/10/12/guest-blog-post-rollback-attack/ 安全报告 Security Report 柠檬鸭Lemon Duck僵尸网络（挖矿）分析 https://blog.talosintelligence.com/2020/10/lemon-duck-brings-cryptocurrency-miners.html 火眼:一个以经济利益为动机的高级威胁Fin11 https://www.fireeye.com/blog/threat-research/2020/10/fin11-email-campaigns-precursor-for-ransomware-data-theft.html 安全工具 Security Tools 基于C＃的异步密码喷涂工具SharpHose https://github.com/ustayready/SharpHose F-Secure发布基于LDAP实现的c2 https://labs.f-secure.com/blog/introducing-ldap-c2-for-c3/