【红队文章】
- 实用的 GRAPHQL 攻击面
https://securitycafe.ro/2021/10/01/practical-graphql-attack-vectors/
【红队工具】
- azureOutlookC2: Azure Outlook Command & Control (C2)
https://securityonline.info/azureoutlookc2-azure-outlook-command-control-c2/
- Pentester 攻击框架
https://www.hackingarticles.in/mssql-for-pentester-command-execution-with-extended-stored-procedures/
- Violent Fungus C2:命令控制软件套件
**https://securityonline.info/violent-fungus-c2-command-and-control-c2-software-suite/**
- pwncat:木马反弹工具
https://www.kitploit.com/2021/10/pwncat-fancy-reverse-and-bind-shell.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+PentestTools+(PenTest+Tools)
- Alan后渗透开发框架v4.0
https://antonioparata.blogspot.com/2021/09/alan-post-exploitation-framework-v40.html#
- vCenter SAML 登录工具
https://github.com/horizon3ai/vcenter_saml_login
- ImpulsiveDLLHijack:自动化DLL劫持发现和利用框架
https://securityonline.info/impulsivedllhijack-automates-the-process-of-discovering-and-exploiting-dll-hijacks/
- kdigger:Kubernetes 的上下文发现工具
https://blog.quarkslab.com/kdigger-a-context-discovery-tool-for-kubernetes.html
【漏洞研究】
- 通过 java 突破 Chrome 沙箱
https://securitylab.github.com/research/chrome_sbx_java/
- CVE-2021-1810 Gatekeeper绕过分析
https://labs.f-secure.com/blog/analysis-of-cve-2021-1810-gatekeeper-bypass/
- Adobe Acrobat Reader DC 堆缓冲区溢出漏洞分析
https://blog.exodusintel.com/2021/10/04/analysis-of-a-heap-buffer-overflow-vulnerability-in-adobe-acrobat-reader-dc-2/?utm_source=feedly&utm_medium=rss&utm_campaign=analysis-of-a-heap-buffer-overflow-vulnerability-in-adobe-acrobat-reader-dc-2
- Phrack 70
http://phrack.org/issues/70/1.html
- CVE-2021-26420:SharePoint Server 远程代码执行漏洞
https://www.zerodayinitiative.com/blog/2021/10/5/cve-2021-26420-remote-code-execution-in-sharepoint-via-workflow-compilation
- Apache2.4.50 CVE-2021-41773 cve-2021-42013 复现
https://www.o2oxy.cn/3740.html
推荐站内搜索:最好用的开发软件、免费开源系统、渗透测试工具云盘下载、最新渗透测试资料、最新黑客工具下载……
还没有评论,来说两句吧...