https://trustedsec.com/blog/dirdevil-hiding-code-and-content-within-folder-structures

https://adepts.of0x.cc/vba-rwx-addendum/

https://adepts.of0x.cc/vba-hijack-pointers-rwa/

https://github.com/HadessCS/Awesome-Privilege-Escalation

https://sensepost.com/blog/2024/dumping-lsa-secrets-a-story-about-task-decorrelation/

https://www.alteredsecurity.com/post/when-the-hunter-becomes-the-hunted-using-custom-callbacks-to-disable-edrs

https://mp.weixin.qq.com/s/KjUcZKyS78QhVCDzjAvU9g

https://research.checkpoint.com/2024/exploring-compiled-v8-javascript-usage-in-malware/

https://research.checkpoint.com/2024/resurrecting-internet-explorer-threat-actors-using-zero-day-tricks-in-internet-shortcut-file-to-lure-victims-cve-2024-38112/

https://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC

https://blog.morphisec.com/cve-2024-38021-microsoft-outlook-moniker-rce-vulnerability

https://github.com/Mr-r00t11/CVE-2024-37081

https://0reg.dev/blog/evernote-rce

https://www.elastic.co/security-labs/false-file-immutability

https://github.com/mdsecresearch/Publications/blob/master/presentations/MDSec%20-%20Now%20youre%20not%20thinking%20with%20portals.pdf

https://github.com/emiliensocchi/azurehound-queries

https://www.uber.com/en-HK/blog/genai-gateway/

https://www.linkedin.com/pulse/llm-security-using-automated-tools-vulnerability-scans-rutam-bhagat-zailc/

https://www.unite.ai/markllm-an-open-source-toolkit-for-llm-watermarking/

https://posts.specterops.io/like-shooting-phish-in-a-barrel-926c1905bb4b

https://santandersecurityresearch.github.io/blog/sshing_the_masses.html

https://adnanthekhan.com/2024/07/02/roguepuppet-a-critical-puppet-forge-supply-chain-vulnerability/

https://www.xintra.org/blog/lateral-movement-entraid-cross-tenant-synchronization

https://www.snailload.com/

https://www.youtube.com/playlist?list=PLJK0fZNGiFU_Zh8PkjCws_Rw_8WdWKyd7

往期推荐