安全研究 Security Research Auth0身份验证API中的JWT绕过 https://insomniasec.com/blog/auth0-jwt-validation-bypass 静态分析 Windows 内核驱动的方法总结 https://posts.specterops.io/methodology-for-static-reverse-engineering-of-windows-kernel-drivers-3115b2efed83 如何从DevOps转型为DevSecOps探讨 https://searchsecurity.techtarget.com/tip/Shifting-security-left-How-to-pivot-from-DevOps-to-DevSecOps 关于 Unicorn CPU 模拟器在 Fuzz 领域应用的分析 http://eternalsakura13.com/2020/03/18/unicorn_learn/ 在EXE中调用任意函数 https://blog.vastart.dev/2020/04/calling-arbitrary-functions-in-exes.html OffensiveCon议题：Adventures on hunting for Safari Sandbox Escapes https://github.com/externalist/presentations/tree/master/2019%20OffensiveCon 安全工具 Security Tools VulnFanatic：用于安全研究的Binary Ninja插件 https://github.com/Martyx00/VulnFanatic InQL：用于对GraphQL进行安全测试的burp插件 https://github.com/doyensec/inql Struts2-RCE：用于检测Struts2漏洞的burp插件 https://github.com/prakharathreya/Struts2-RCE 安全资讯 Security Information Rapid7的Metasploit团队推出的最新漏洞的知识库AttackerKB https://www.securityweek.com/meet-attackerkb-rapid7s-crowdsourced-vulnerability-knowledge-base