漏洞 Vulnerability Apache Shiro Padding Oracle导致远程代码执行漏洞预警 https://www.anquanke.com/post/id/192921 恶意软件 Malware Office宏、逃避和恶意的自我引用 https://blog.rapid7.com/2019/11/14/we-dont-want-white-font-office-macros-evasion-and-malicious-self-reference/ 安全研究 Security Research nccgroup在poc2019的议题 https://www.nccgroup.trust/globalassets/poc2019/cve_2018_8611_windows_ktm_exploitation_poc2019.pdf 使用radare2逆向ios swift程序 https://grepharder.github.io/blog/0x01_intro_to_reversing_ios_swift_apps_with_radare2.html 自己动手制作一个过保护调试器 https://www.freebuf.com/articles/system/218884.html 利用英特尔的管理引擎——第1部分 https://kakaroto.homelinux.net/2019/11/exploiting-intels-management-engine-part-1-understanding-pts-txe-poc/ 利用英特尔的管理引擎——第2部分 https://kakaroto.homelinux.net/2019/11/exploiting-intels-management-engine-part-2-enabling-red-jtag-unlock-on-intel-me-11-x-intel-sa-00086/ Qualcomm TrustZone Apps Fuzzing https://research.checkpoint.com/the-road-to-qualcomm-trustzone-apps-fuzzing/ CVE-2019-1405 and CVE-2019-1322的POC https://github.com/apt69/COMahawk mediaserverd中的整数溢出导致iOS sandbox escape https://bugs.chromium.org/p/project-zero/issues/detail?id=1922 安全工具 Security Tools 基于ChangeServiceConfigA运行命令的无文件横向移动工具 https://github.com/Mr-Un1k0d3r/SCShell uEmu的修改版本，用于开发和分析代码重用攻击的payload https://github.com/DSecurity/crauEmu