第十六周/20220117 红队推送
2022-1-17 21:21:41 Author: mp.weixin.qq.com(查看原文) 阅读量:8 收藏

红队文章

Wordpress core 5.8.2 SQL Injection  (CVE-2022–21661) 漏洞分析与复现

https://cognn.medium.com/sql-injection-in-wordpress-core-zdi-can-15541-a451c492897

CVE-2021-41577:EVGA Precision X1 从MITM 到 RCE

https://rhinosecuritylabs.com/research/cve-2021-41577-evga-precision-x1/?__cf_chl_f_tk=34KsHs4f0TNCt.F_wOk8fEP9V5sEWBKHyWYuOjQdhE8-1642417390-0-gaNycGzNB70

CVE-2021-20038 (SonicWall SSL VPN) 深入分析

https://www.reddit.com/r/netsec/comments/s1dtx2/writing_an_exploit_for_cve202120038_sonicwall_ssl/

NTLM Theft 提权小技巧

https://www.hackingarticles.in/multiple-files-to-capture-ntlm-hashes-ntlm-theft/

Bypassing AV/EDR with Nim

https://www.securityartwork.es/2022/01/12/bypassing-av-edr-with-nim/

Exploit Kits vs. Google Chrome

https://www.reddit.com/r/netsec/comments/s2bae8/exploit_kits_vs_google_chrome/

红队工具

冰镜:基于iMonitorSDK的开源终端行为监控分析软件

https://github.com/wecooperate/iMonitor

Ivy:A payload creation framework for the execution of arbitrary VBA (macro) source code in memory.

https://github.com/optiv/Ivy

Registry Spy:开源跨平台 Windows 注册表查看器

https://github.com/andyjsmith/Registry-Spy/

HazProne:一个云渗透框架

https://github.com/stafordtituss/HazProne

Wifi-Framework:一个便于进行Wifi环境模拟测试的Wifi框架

https://github.com/domienschepers/wifi-framework/tree/master/setup

漏洞研究

Microsoft Windows SMB Direct Session Takeover

https://cxsecurity.com/issue/WLB-2022010047

openSIS Student Information System 8.0 SQL Injection

https://cxsecurity.com/issue/WLB-2022010048

Microsoft Windows 11- 'Jolt2.c' Denial of Service (MS00-029)

https://cxsecurity.com/issue/WLB-2022010049

sixdaysworks - Sql Injection Vulnerability

https://cxsecurity.com/issue/WLB-2022010050

CoreFTP Server Build 725 Directory Traversal

https://cxsecurity.com/issue/WLB-2022010051

VUPlayer 2.49 Buffer Overflow

https://cxsecurity.com/issue/WLB-2022010052

Online Railway Reservation System 1.0 Cross Site Scripting

https://cxsecurity.com/issue/WLB-2022010053

Online Railway Reservation System 1.0 SQL Injection

https://cxsecurity.com/issue/WLB-2022010054

Open-AudIT Community 4.2.0 Cross Site Scripting

https://cxsecurity.com/issue/WLB-2022010055

Movie Rating System 1.0 Broken Access Control (Admin Account Creation) (Unauthenticated)

https://cxsecurity.com/issue/WLB-2022010056

Microsoft Windows Defender / Detection Bypass

https://cxsecurity.com/issue/WLB-2022010058

Arva Web Developer - Blind Sql Injection Vulnerability

https://cxsecurity.com/issue/WLB-2022010057

Microsoft Windows .Reg File Dialog Spoof / Mitigation Bypass

https://cxsecurity.com/issue/WLB-2022010059

Backdoor.Win32.Controlit.10 / Unauthenticated Remote Command Execution

https://cxsecurity.com/issue/WLB-2022010060

Microsoft Windows 11 - 'afd.sys' Local Kernel Denial of Service

https://cxsecurity.com/issue/WLB-2022010061

Crestron HD-MD4X2-4K-E 1.0.0.2159 Credential Disclosure

https://cxsecurity.com/issue/WLB-2022010064

Log4Shell HTTP Header Injection

https://cxsecurity.com/issue/WLB-2022010065

Agile Web Solutions - Sql Injection Vulnerability

https://cxsecurity.com/issue/WLB-2022010066

WordPress Core 5.8.2 - 'WP_Query' SQL Injection

https://cxsecurity.com/issue/WLB-2022010068

WordPress Frontend Uploader 1.3.2 Cross Site Scripting

https://cxsecurity.com/issue/WLB-2022010072

EDSA Designs - Sql Injection Vulnerability

https://cxsecurity.com/issue/WLB-2022010069

MARKS DESIGN - Sql Injection Vulnerability

https://cxsecurity.com/issue/WLB-2022010070

SonicWall SMA 100 Series Authenticated Command Injection

https://cxsecurity.com/issue/WLB-2022010073

Web Canvas - Sql Injection Vulnerability

https://cxsecurity.com/issue/WLB-2022010075

da Grazioli Design - Sql Injection Vulnerability

https://cxsecurity.com/issue/WLB-2022010077

HTTP Commander 3.1.9 Cross Site Scripting

https://cxsecurity.com/issue/WLB-2022010078

点个在看你最好看


更多互动可点击阅读原文


文章来源: https://mp.weixin.qq.com/s?__biz=MzIxMjI0Mzk0OQ==&mid=2247484270&idx=1&sn=0edfd7fec8f90a09c9b19d2b28ed6e5c&chksm=974847eca03fcefa02ee23db20045a8268fef943a21405464fb61b7132189fdc58daf47ec161&scene=58&subscene=0#rd
如有侵权请联系:admin#unsafe.sh