第八周/20211122红队推送

  • A+
所属分类:安全文章

【漏洞研究】

Azure Active Directory 信息泄露漏洞(CVE-2021-42306)

https://msrc-blog.microsoft.com/2021/11/17/guidance-for-azure-active-directory-ad-keycredential-property-information-disclosure-in-application-and-service-principal-apis/


Netgear SOHO设备 预身份验证缓冲区溢出漏洞(CVE-2021-34991)

https://securityaffairs.co/wordpress/124716/security/netgear-cve-2021-34991-soho-devices.html?utm_source=feedly&utm_medium=rss&utm_campaign=netgear-cve-2021-34991-soho-devices


Apache ShenYu 身份验证绕过漏洞 (CVE-2021-37580)

https://nosec.org/home/detail/4906.html


Ionic Identity Vault PIN锁定绕过(CVE-2021-44033)

https://seclists.org/fulldisclosure/2021/Nov/41



【红队工具】

模拟浏览器点击的登入框爆破工具

https://github.com/kracer127/SeBruteGUI


免杀小小工具集

https://github.com/akkuman/toolset


spring框架多线程漏洞扫描

https://github.com/YanMu2020/SpringScan


关于安全狗和云锁的自动化绕过脚本

https://github.com/pureqh/bypasswaf


利用fofa搜索socks5开放代理进行代理池轮切的工具

https://github.com/Liang2580/rotateproxy/tree/2.0



【红队文章】

spring boot Fat Jar 任意写文件漏洞到稳定 RCE 利用技巧

https://github.com/LandGrey/spring-boot-upload-file-lead-to-rce-tricks


利用5G核心网络漏洞

https://research.nccgroup.com/2021/11/16/exploit-the-fuzz-exploiting-vulnerabilities-in-5g-core-networks/


A Story of an Blind RCE

https://www.p1boom.com/2021/11/a-story-of-epic-blind-remote-code.html


红队技巧-逆向调用规避探测(视频)

https://www.youtube.com/watch?v=Uba3SQH2jNE


论域持久化之黄金票据

https://pentestlab.blog/2021/11/15/golden-certificate/


利用Ladon实现C2免杀所有杀软

http://k8gege.org/p/Ladon_rat.html



更多详情请查看原文

原文始发于微信公众号(凌晨一点零三分):第八周/20211122红队推送

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: