第二十周/20220418 红队推送
2022-4-18 23:45:55 Author: mp.weixin.qq.com(查看原文) 阅读量:3 收藏

红队文章

保护CS:GO - Writing a Mutation Engine and breaking Aimware

https://back.engineering/13/04/2022/

iOS Hacking - 新手指南2022

https://martabyte.github.io/ios/hacking/2022/03/13/ios-hacking-en.html

记项目快速定位.net漏洞点小技巧

https://xz.aliyun.com/t/11185

Step-by-step guide to reverse an APK protected with DexGuard using Jadx

https://blog.lexfo.fr/dexguard.html

公有云 IP 重用威胁和防御方法分析https://arxiv.org/pdf/2204.05122.pdf

使用 IFRAME 陷阱持久化 XSS

https://www.trustedsec.com/blog/persisting-xss-with-iframe-traps/

红队工具

EvilSelenium - A Tool That Weaponizes Selenium To Attack Chromium Based Browsers

http://www.kitploit.com/2022/04/evilselenium-tool-that-weaponizes.html

同时进行子域名到IP到端口的多合一深度扫描工具

https://github.com/Esc4iCEscEsc/skanuvaty

枚举域内 Windows 主机上支持的杀软及其排除项的 Python 脚本

https://github.com/chdav/TallGrass

Medusa:一个好用的登录暴破工具

https://www.hackingarticles.in/a-detailed-guide-on-medusa/

借助Win-PS2EXE项目编写cna脚本

https://github.com/cseroad/bypassAV

漏洞研究

CVE-2022-29072 通过7-zip提权和命令执行

https://github.com/kagancapar/CVE-2022-29072

CVE-2022-1329-WordPress-Elementor-3.6.0-3.6.1-3.6.2-Remote-Code-Execution-Exploit

https://github.com/AkuCyberSec/CVE-2022-1329-WordPress-Elementor-3.6.0-3.6.1-3.6.2-Remote-Code-Execution-Exploit

CVE-2021-31805 RCE 复现/分析

https://mp.weixin.qq.com/s/e2zC0gXBg4vgnNMQ7A1gcg

CVE-2022-26809 RCE in the RPC Library Exploit

https://github.com/websecnl/CVE-2022-26809

关于Spring framework RCE(CVE-2022-22965)的一些问题思考

https://www.freebuf.com/vuls/327457.html

CVE-2022-22954 VMware Workspace ONE Access Freemarker Server-side Template Injection

https://github.com/sherlocksecurity/VMware-CVE-2022-22954

CVE-2022-0995 Linux kernel 观测队列子系统堆溢出漏洞分析

https://xz.aliyun.com/t/11168


文章来源: https://mp.weixin.qq.com/s?__biz=MzIxMjI0Mzk0OQ==&mid=2247485604&idx=1&sn=a077d73cca2654d44ba2f1af089ab69c&chksm=97484c26a03fc5303a7ba7daeccd5f101218b3d6041aa7a30f18b3c1420dcabfa10e8e72496c&scene=58&subscene=0#rd
如有侵权请联系:admin#unsafe.sh