https://code-white.com/blog/leaking-objrefs-to-exploit-http-dotnet-remoting/

https://swarm.ptsecurity.com/source-code-disclosure-in-asp-net-apps/

https://posts.specterops.io/adcs-esc14-abuse-technique-333a004dc2b9

https://github.com/Semperis/SilverSamlForger

https://doubleagent.net/telecommunications/backdoor/gtp/2024/02/27/GTPDOOR-COVERT-TELCO-BACKDOOR

https://pentestlab.blog/2024/03/04/persistence-visual-studio-code-extensions/

https://eversinc33.com/posts/kernel-mode-keylogging/

https://redsiege.com/blog/2024/03/dumping-lsass-like-its-2019/

https://www.aon.com/en/insights/cyber-labs/duality-part-1

https://github.com/nickvourd/Windows-Local-Privilege-Escalation-Cookbook

https://stmxcsr.com/micro/rundll-parse-args.html

https://www.m4p1e.com/2024/03/01/CVE-2023-3824/

https://www.atredis.com/blog/2024/2/9/scrutinizing-the-scrutinizer

https://jhftss.github.io/CVE-2023-42942-xpcroleaccountd-Root-Privilege-Escalation/ 

https://blog.nviso.eu/2024/03/01/covert-tls-n-day-backdoors-sparkcockpit-sparktar/

https://www.netspi.com/blog/technical/cloud-penetration-testing/extracting-sensitive-information-from-azure-batch-service/

https://hakin9.org/nebula-cloud-c2-framework-which-offers-reconnaissance-enumeration-exploitation-post-exploitation-on-aws/

https://trustedsec.com/blog/weaponization-of-token-theft-a-red-team-perspective

https://github.com/StavC/ComPromptMized

https://drive.google.com/file/d/1pYUm6XnKbe-TJsQt2H0jw9VbT_dO6Skk/view

https://hadess.io/web-llm-attacks/

https://twitter.com/ChaoweiX/status/1765491575574970494

https://twitter.com/hacker_/status/1764404327526154484

https://redcanary.com/resources/guides/threat-detection-report-coming-soon/

https://geospy.ai/

往期推荐