【漏洞研究】
Azure Active Directory 信息泄露漏洞(CVE-2021-42306)
https://msrc-blog.microsoft.com/2021/11/17/guidance-for-azure-active-directory-ad-keycredential-property-information-disclosure-in-application-and-service-principal-apis/
Netgear SOHO设备 预身份验证缓冲区溢出漏洞(CVE-2021-34991)
https://securityaffairs.co/wordpress/124716/security/netgear-cve-2021-34991-soho-devices.html?utm_source=feedly&utm_medium=rss&utm_campaign=netgear-cve-2021-34991-soho-devices
Apache ShenYu 身份验证绕过漏洞 (CVE-2021-37580)
https://nosec.org/home/detail/4906.html
Ionic Identity Vault PIN锁定绕过(CVE-2021-44033)
https://seclists.org/fulldisclosure/2021/Nov/41
【红队工具】
模拟浏览器点击的登入框爆破工具
https://github.com/kracer127/SeBruteGUI
免杀小小工具集
https://github.com/akkuman/toolset
spring框架多线程漏洞扫描
https://github.com/YanMu2020/SpringScan
关于安全狗和云锁的自动化绕过脚本
https://github.com/pureqh/bypasswaf
利用fofa搜索socks5开放代理进行代理池轮切的工具
https://github.com/Liang2580/rotateproxy/tree/2.0
【红队文章】
spring boot Fat Jar 任意写文件漏洞到稳定 RCE 利用技巧
https://github.com/LandGrey/spring-boot-upload-file-lead-to-rce-tricks
利用5G核心网络漏洞
https://research.nccgroup.com/2021/11/16/exploit-the-fuzz-exploiting-vulnerabilities-in-5g-core-networks/
A Story of an Blind RCE
https://www.p1boom.com/2021/11/a-story-of-epic-blind-remote-code.html
红队技巧-逆向调用规避探测(视频)
https://www.youtube.com/watch?v=Uba3SQH2jNE
论域持久化之黄金票据
https://pentestlab.blog/2021/11/15/golden-certificate/
利用Ladon实现C2免杀所有杀软
http://k8gege.org/p/Ladon_rat.html
更多详情请查看原文
原文始发于微信公众号(凌晨一点零三分):第八周/20211122红队推送
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论