漏洞 Vulnerability
CVE-2020-29583: zyxel 默认凭据漏洞通告
https://cert.360.cn/warning/detail?id=1d768a890f84923e68418ac7d89dd330
Zend Framework远程执行代码漏洞
安全工具 Security Tools
SysWhispers2:利用系统命令逃逸AV/EDR检测
https://securityonline.info/syswhispers2-av-edr-evasion-via-direct-system-calls/
PHP-Parser:用php编写的php语法解析器
https://github.com/nikic/PHP-Parser
安全资讯 Security Information
日本川崎航空公司客户数据泄露
https://threatpost.com/japanese-aerospace-firm-kawasaki-warns-of-data-breach/162642/
安全研究 Security Research
Dridex银行木马的前世今生
https://research.checkpoint.com/2021/stopping-serial-killer-catching-the-next-strike/
Palo Alto 对近些年 DNS 历史漏洞的整理分析
https://unit42.paloaltonetworks.com/dns-vulnerabilities/
通过pDNS寻找SUNBURST后门的受害者
https://www.netresec.com/?page=Blog&month=2021-01&post=Finding-Targeted-SUNBURST-Victims-with-pDNS
一种新的滥用缓存秘钥规范化的缓存投毒技术
https://iustin24.github.io/Cache-Key-Normalization-Denial-of-Service/?cb=1
Awesome CobaltStrike Defence 资料整理
https://github.com/MichaelKoczwara/Awesome-CobaltStrike-Defence
(完)