第十七周/20220124 红队推送

admin
admin
admin
101400
文章
87
评论
2022年1月24日19:53:33评论74 views字数 2569阅读8分33秒阅读模式


第十七周/20220124 红队推送
第十七周/20220124 红队推送

【特别推荐】

第十七周/20220124 红队推送

云环境潜在威胁分析——AWS Lamda

https://sysdig.com/blog/exploit-mitigate-aws-lambdas-mitre/


Project Zero - Zoom安全性分析

https://googleprojectzero.blogspot.com/2022/01/zooming-in-on-zero-click-exploits.html



第十七周/20220124 红队推送
红队文章
第十七周/20220124 红队推送



大型JAVA项目审查工具编写思考

https://www.synacktiv.com/en/publications/captain-hook-how-not-to-look-for-vulnerabilities-in-java-applications.html


用OLETOOLS进行恶意宏分析

https://infosecwriteups.com/maldoc101-malicious-macros-analysis-with-oletools-8be3cda84544

JNDI漏洞利用探索

https://mp.weixin.qq.com/s/I-5S45gsVbi9O9oJNhO_FQ


干货 | 最全的Weblogic漏洞复现笔记

https://mp.weixin.qq.com/s/pb0GGzku4tYX6acYOrtOxQ


Linux痕迹清除

https://mp.weixin.qq.com/s/mz4Bb-vtk3wlHApYWHiyJA


Tomcat下JNDI高版本绕过浅析

https://mp.weixin.qq.com/s/gBuKDjRfnbJDv6TG5F6q3w


远程开启3389及添加用户总结

https://mp.weixin.qq.com/s/LqJLjrKWzfqOWK8CE5JuJA

 










第十七周/20220124 红队推送
红队工具
第十七周/20220124 红队推送



StopDefender

https://github.com/lab52io/StopDefender


pip-audit:审计本地Python环境

https://github.com/trailofbits/pip-audit


Yasso:内网辅助渗透测试工具

https://securityonline.info/yasso-intranet-assisted-penetration-toolset/


Volana:Shell命令混淆工具

https://github.com/ariary/volana


reFlutter:应用逆向分析

https://github.com/ptswarm/reFlutter











第十七周/20220124 红队推送
漏洞研究
第十七周/20220124 红队推送



Worktime 10.20 Build 4967 Unquoted Service Path

https://cxsecurity.com/issue/WLB-2022010079


SB Admin Cross Site Request Forgery / SQL Injection

https://cxsecurity.com/issue/WLB-2022010081


Chaos Ransomware Builder 4 Insecure Permissions

https://cxsecurity.com/issue/WLB-2022010083


AgentTesla Builder Web Panel / SQL Injection

https://cxsecurity.com/issue/WLB-2022010085


Developed by : Muhammad Jamil - SQL Injection

https://cxsecurity.com/issue/WLB-2022010086


Win32.MarsStealer Web Panel / Unauthenticated Remote Data Deletion

https://cxsecurity.com/issue/WLB-2022010087


Win32.MarsStealer Web Panel / Unauthenticated Remote Information Disclosure

https://cxsecurity.com/issue/WLB-2022010088


Worktime 10.20 Build 4967 DLL Hijacking

https://cxsecurity.com/issue/WLB-2022010090


Nyron 1.0 SQL Injection

https://cxsecurity.com/issue/WLB-2022010091


Simple Chatbot Application 1.0 SQL Injection

https://cxsecurity.com/issue/WLB-2022010092


Simple Chatbot Application 1.0 Shell Upload

https://cxsecurity.com/issue/WLB-2022010093


Creston Web Interface 1.0.0.2159 Credential Disclosure

https://cxsecurity.com/issue/WLB-2022010094


SalonERP 3.0.1 sql SQL Injection (Authenticated)

https://cxsecurity.com/issue/WLB-2022010096


Landa Driving School Management System 2.0.1 Arbitrary File Upload

https://cxsecurity.com/issue/WLB-2022010097


WordPress PluginWP Visitor Statistics 4.7 SQL Injection

https://cxsecurity.com/issue/WLB-2022010098


Picaporte Design- Sql Injection Vulnerability

https://cxsecurity.com/issue/WLB-2022010099


Archeevo 5.0 Local File Inclusion

https://cxsecurity.com/issue/WLB-2022010100











更多互动可点击阅读原文

原文始发于微信公众号(凌晨一点零三分):第十七周/20220124 红队推送

  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2022年1月24日19:53:33
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   第十七周/20220124 红队推送https://cn-sec.com/archives/751671.html

发表评论

匿名网友 填写信息