漏洞相关
1、Next.js and the corrupt middleware: the authorizing artifact
https://zhero-web-sec.github.io/research-and-things/nextjs-and-the-corrupt-middleware
https://github.com/aydinnyunus/CVE-2025-29927
2、IngressNightmare: 9.8 Critical Unauthenticated Remote Code Execution Vulnerabilities in Ingress NGINX
https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities
https://github.com/sandumjacob/IngressNightmare-POCs/tree/main
3、CVE-2025-30208-EXP
https://github.com/ThumpBo/CVE-2025-30208-EXP
Vite开发服务器任意文件读取漏洞(CVE-2025-30208)
红队技术
1、Bypassing Detections with Command-Line Obfuscation
https://www.wietzebeukema.nl/blog/bypassing-detections-with-command-line-obfuscation
https://argfuscator.net/
2、Talk To Your Malware – Integrating AI Capability in an Open-Source C2 Agent
https://gosecure.ai/blog/2025/03/21/talk-to-your-malware-integrating-ai-capability-in-an-open-source-c2-agent/
3、Rust for Malware Development
https://bishopfox.com/blog/rust-for-malware-development
4、Understanding Windows Kernel Pool Memory
https://whiteknightlabs.com/2025/03/24/understanding-windows-kernel-pool-memory/
5、What not to do with on prem virtualization
https://therealunicornsecurity.github.io/What-not-to-do-with-vms/
6、Stealing RunAs Credentials While Bypassing EDR Detection
https://www.youtube.com/watch?v=RrepKk6-DLE
7、Do You Own Your Permissions, or Do Your Permissions Own You?
https://specterops.io/blog/2025/03/26/do-you-own-your-permissions-or-do-your-permissions-own-you/?_gl=1*17m7l92*_up*MQ..*_ga*MTQ1ODMxMDM3NC4xNzQzMDA2MDQ2*_ga_53SGLN9EBJ*MTc0MzAwNjA0NS4xLjAuMTc0MzAwNjA0NS4wLjAuMA..
8、Webinar - Windows Client Privilege Escalation
https://www.youtube.com/watch?v=EG2Mbw2DVnU
9、Microsoft Trusted Signing service abused to code-sign malware
https://www.bleepingcomputer.com/news/security/microsoft-trusted-signing-service-abused-to-code-sign-malware/
10、Fileless lateral movement with trapped COM objects
https://www.ibm.com/think/news/fileless-lateral-movement-trapped-com-objects
https://github.com/susMdT/ForsHops
蓝队技术
1、Windows tokens for defending off the land
https://github.com/thinkst/defending-off-the-land
2、ATT&CK Evaluations Library
https://attackevals.github.io/ael/
工具类
1、Ultimate-RAT-Collection
https://github.com/Cryakl/Ultimate-RAT-Collection
2、Astral-PE
https://github.com/DosX-dev/Astral-PE
Astral-PE is a low-level mutator (headers obfuscator) for native Windows PE files (x32/x64)
3、privacy_check
https://github.com/winezer0/PrivacyCheck
直接兼容HAE规则的静态配置文件敏感信息提取(代码审计)工具
其他类
1、
推荐站内搜索:最好用的开发软件、免费开源系统、渗透测试工具云盘下载、最新渗透测试资料、最新黑客工具下载……
还没有评论,来说两句吧...