今日重点：

1.又一家做侦查的产品，试用一下

https://detectify.com/

2.Blackrota, a heavily obfuscated backdoor written in Go 360出品

https://blog.netlab.360.com/blackrota-an-obfuscated-backdoor-written-in-go-en/

漏洞挖掘资料

1.How Can Someone Can Hack Your Phone Without Touching It? 
https://latesthackingnews.com/2020/11/23/how-can-someone-can-hack-your-phone-without-touching-it/

2.Xerror – Fully Automated Pentesting Tool

https://www.kitploit.com/2020/11/xerror-fully-automated-pentesting-tool.html?utm_source=dlvr.it&utm_medium=twitter

3.param-miner: burp插件

https://github.com/PortSwigger/param-miner

4.Finding DOMXSS with DevTools | Untrusted Types

5.Rampant CNAME misconfiguration leaves thousands of organizations open to subdomain takeover attacks – research

https://portswigger.net/daily-swig/rampant-cname-misconfiguration-leaves-thousands-of-organizations-open-to-subdomain-takeover-attacks-nbsp-research