第十七周/20220124 红队推送

admin 2022年1月24日19:53:33安全闲碎评论34 views2569字阅读8分33秒阅读模式


第十七周/20220124 红队推送
第十七周/20220124 红队推送

【特别推荐】

第十七周/20220124 红队推送

云环境潜在威胁分析——AWS Lamda

https://sysdig.com/blog/exploit-mitigate-aws-lambdas-mitre/


Project Zero - Zoom安全性分析

https://googleprojectzero.blogspot.com/2022/01/zooming-in-on-zero-click-exploits.html



第十七周/20220124 红队推送
红队文章
第十七周/20220124 红队推送



大型JAVA项目审查工具编写思考

https://www.synacktiv.com/en/publications/captain-hook-how-not-to-look-for-vulnerabilities-in-java-applications.html


用OLETOOLS进行恶意宏分析

https://infosecwriteups.com/maldoc101-malicious-macros-analysis-with-oletools-8be3cda84544

JNDI漏洞利用探索

https://mp.weixin.qq.com/s/I-5S45gsVbi9O9oJNhO_FQ


干货 | 最全的Weblogic漏洞复现笔记

https://mp.weixin.qq.com/s/pb0GGzku4tYX6acYOrtOxQ


Linux痕迹清除

https://mp.weixin.qq.com/s/mz4Bb-vtk3wlHApYWHiyJA


Tomcat下JNDI高版本绕过浅析

https://mp.weixin.qq.com/s/gBuKDjRfnbJDv6TG5F6q3w


远程开启3389及添加用户总结

https://mp.weixin.qq.com/s/LqJLjrKWzfqOWK8CE5JuJA

 










第十七周/20220124 红队推送
红队工具
第十七周/20220124 红队推送



StopDefender

https://github.com/lab52io/StopDefender


pip-audit:审计本地Python环境

https://github.com/trailofbits/pip-audit


Yasso:内网辅助渗透测试工具

https://securityonline.info/yasso-intranet-assisted-penetration-toolset/


Volana:Shell命令混淆工具

https://github.com/ariary/volana


reFlutter:应用逆向分析

https://github.com/ptswarm/reFlutter











第十七周/20220124 红队推送
漏洞研究
第十七周/20220124 红队推送



Worktime 10.20 Build 4967 Unquoted Service Path

https://cxsecurity.com/issue/WLB-2022010079


SB Admin Cross Site Request Forgery / SQL Injection

https://cxsecurity.com/issue/WLB-2022010081


Chaos Ransomware Builder 4 Insecure Permissions

https://cxsecurity.com/issue/WLB-2022010083


AgentTesla Builder Web Panel / SQL Injection

https://cxsecurity.com/issue/WLB-2022010085


Developed by : Muhammad Jamil - SQL Injection

https://cxsecurity.com/issue/WLB-2022010086


Win32.MarsStealer Web Panel / Unauthenticated Remote Data Deletion

https://cxsecurity.com/issue/WLB-2022010087


Win32.MarsStealer Web Panel / Unauthenticated Remote Information Disclosure

https://cxsecurity.com/issue/WLB-2022010088


Worktime 10.20 Build 4967 DLL Hijacking

https://cxsecurity.com/issue/WLB-2022010090


Nyron 1.0 SQL Injection

https://cxsecurity.com/issue/WLB-2022010091


Simple Chatbot Application 1.0 SQL Injection

https://cxsecurity.com/issue/WLB-2022010092


Simple Chatbot Application 1.0 Shell Upload

https://cxsecurity.com/issue/WLB-2022010093


Creston Web Interface 1.0.0.2159 Credential Disclosure

https://cxsecurity.com/issue/WLB-2022010094


SalonERP 3.0.1 sql SQL Injection (Authenticated)

https://cxsecurity.com/issue/WLB-2022010096


Landa Driving School Management System 2.0.1 Arbitrary File Upload

https://cxsecurity.com/issue/WLB-2022010097


WordPress PluginWP Visitor Statistics 4.7 SQL Injection

https://cxsecurity.com/issue/WLB-2022010098


Picaporte Design- Sql Injection Vulnerability

https://cxsecurity.com/issue/WLB-2022010099


Archeevo 5.0 Local File Inclusion

https://cxsecurity.com/issue/WLB-2022010100












更多互动可点击阅读原文

原文始发于微信公众号(凌晨一点零三分):第十七周/20220124 红队推送

特别标注: 本站(CN-SEC.COM)所有文章仅供技术研究,若将其信息做其他用途,由用户承担全部法律及连带责任,本站不承担任何法律及连带责任,请遵守中华人民共和国安全法.
  • 我的微信
  • 微信扫一扫
  • weinxin
  • 我的微信公众号
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2022年1月24日19:53:33
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                  第十七周/20220124 红队推送 http://cn-sec.com/archives/751671.html

发表评论

匿名网友 填写信息

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: