【特别推荐】
A Year in Review of 0-days Used In-the-Wild in 2021
https://googleprojectzero.blogspot.com/2022/04/the-more-you-know-more-you-know-you.html
红队工具
Framework for Kerberos relaying
https://github.com/cube0x0/KrbRelay
A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon for Linux logs
https://github.com/wagga40/Zircolite
The all-in-one Red Team extension for Web Pentester
https://github.com/LasCC/Hack-Tools
Terminal JSON viewer
https://github.com/antonmedv/fx
Striping CDN IPs from a list of IP Addresses
https://github.com/j3ssie/cdnstrip
SpringExploit
https://github.com/SummerSec/SpringExploit
红队文章
Writing a Linux Kernel Remote in 2022
https://blog.immunityinc.com/p/writing-a-linux-kernel-remote-in-2022/
双向认证APP自吐证书密码与抓包
https://www.secpulse.com/archives/177572.html
weevely的webshell分析以及冰蝎/蚁剑免杀-PHP版
浅析不同情况下docker的逃逸方法
https://zone.huoxian.cn/d/1092-docker
PE文件结构从初识到简单shellcode注入
https://tttang.com/archive/1553/
tomcat 流程及组件浅析
https://xz.aliyun.com/t/11213
漏洞研究
JBoss EAP/AS <= 6.* RCE - A little bit beyond \xAC\xED
https://jspin.re/jboss-eap-as-6-rce-a-little-bit-beyond-xac-xed/
腾达AC9 V15.03.2.21_cn栈溢出分析
https://mp.weixin.qq.com/s/ks5f_3lmTL1cAjDN6jDyXw
Exploit Multi Language-Pharmacy Management System v1.0 SQL注入漏洞
https://sploitus.com/exploit?id=1337DAY-ID-37651&utm\_source=rss&utm\_medium=rss
WSO2 RCE (CVE-2022-29464) exploit and writeup
https://github.com/hakivvi/CVE-2022-29464
nginx-ldap-auth之user注入漏洞
https://www.povcfe.site/posts/nginx-ldap-auth/
Tapestry4 RCE分析
https://xz.aliyun.com/t/11226