漏洞 Vulnerability CVE-2019-2215：Android 提权漏洞分析，附提权poc https://hernan.de/blog/2019/10/15/tailoring-cve-2019-2215-to-achieve-root/ CVE-2019-17093：Avast Antivirus / AVG Antivirus – DLL预加载到PPL，实现admin->system https://safebreach.com/Post/Avast-Antivirus-AVG-Antivirus-DLL-Preloading-into-PPL-and-Potential-Abuses 恶意软件 Malware BlackBerry Cylance 对海莲花 Payload Loader 图片隐写技术的分析 https://s7d2.scene7.com/is/content/cylance/prod/cylance-web/en-us/resources/knowledge-center/resource-library/white-papers/OceanLotus-Steganography-Malware-Analysis-White-Paper.pdf 恶意软件PoisonFrog DNS隧道通信部分的分析 https://ironnet.com/blog/chirp-of-the-poisonfrog/ 俄罗斯APT组织Turla（WaterBug）最新活动 https://www.symantec.com/blogs/threat-intelligence/waterbug-espionage-governments Winnti Group Microsoft SQL Server后门“skip-2.0” (APT41) https://blog.eset.ie/2019/10/21/winnti-groups-skip%E2%80%912-0-a-microsoft-sql-server-backdoor/ Winnti武器库——Paper https://www.welivesecurity.com/wp-content/uploads/2019/10/ESET_Winnti.pdf 安全研究 Security Research PWNAGOTCHI 1.0.0：对WIFI进行攻击的一款有趣工具，介绍以及如何利用 https://www.evilsocket.net/2019/10/19/Weaponizing-and-Gamifying-AI-for-WiFi-Hacking-Presenting-Pwnagotchi-1-0-0/ OSDFCon19会议关于 Linux 操作系统取证分析的议题 ——Slide https://github.com/ashemery/LinuxForensics QEMU 虚拟机逃逸相关的漏洞资料整理 https://github.com/ray-cp/vm-escape Sans关于信息安全各个方向的paper，部分提供免费下载 https://www.sans.org/reading-room LibreOffice 在文件转换时产生的漏洞分析 https://buer.haus/2019/10/18/a-tale-of-exploitation-in-spreadsheet-file-conversions/ 在便宜的FPGA板上编译CPU https://www.thanassis.space/myowncpu.html CppCon 2019议题分享：当代的C++逆向工程——Youtube https://www.youtube.com/watch?v=ZJpvdl_VpSM 安全工具 Security Tools 通过编写脚本和定制化扩展丰富 Ghidra 的功能——Slide https://gitlab.com/digital.polyglot/presentations/raw/84a718695d4cbff0d0720dacc14da20f34cbfc76/2019%20Jailbreak%20Sec%20Extending%20Ghidra.pdf?inline=false ByePg：对异常挂钩对抗PatchGuard以及原理分析 https://blog.can.ac/2019/10/19/byepg-defeating-patchguard-using-exception-hooking/