长亭百川云 - 文章详情

第十九周/20220412 红队推送

凌晨一点零三分

74

2024-07-13

红队文章

源码层面梳理Java RMI交互流程
https://tttang.com/archive/1530/

Smarty 最新 SSTI 总结

https://xz.aliyun.com/t/11108

基于资源的约束性委派

https://www.cnblogs.com/sup3rman/p/16114572.html

APC注入以及几种实现方式

https://xz.aliyun.com/t/11153

Android netlink&svc 获取 Mac方法深入分析
https://bbs.pediy.com/thread-271698.htm

滥用任意文件删除来提升权限和其他技巧
https://www.zerodayinitiative.com/blog/2022/3/16/abusing-arbitrary-file-deletes-to-escalate-privilege-and-other-great-tricks

红队工具

一款SRC密码生成工具

https://github.com/ort4u/PwdBUD

伪造Myslq服务端,并利用Mysql逻辑漏洞来获取客户端的任意文件反击攻击者
https://github.com/BeichenDream/MysqlT

可用于渗透和红队快速打点的快速漏洞检测工具

https://github.com/tr0uble-mAker/POC-bomber

An interactive cheat sheet

https://github.com/WADComs/WADComs.github.io

Wholeaked - A File-Sharing Tool That Allows You To Find The Responsible Person In Case Of A Leakage

http://www.kitploit.com/2022/04/wholeaked-file-sharing-tool-that-allows.html

Uncover - quickly discover exposed hosts on the internet

https://www.kitploit.com/2022/04/uncover-quickly-discover-exposed-hosts.html

漏洞研究

对CVE-2022-0609恶意样本的部分分析(chrome在野0day)
https://xz.aliyun.com/t/11121

MacOS SUHelper 权限提升漏洞:深入了解 CVE-2022-22639
https://www.trendmicro.com/en\_us/research/22/d/macos-suhelper-root-privilege-escalation-vulnerability-a-deep-di.html

通过变量覆盖挖PHPMyWind前台RCE(CNVD-2022-24937 )

https://www.freebuf.com/vuls/326936.html

Spring4Shell – CVE-2022-22965(环境搭建及利用思考)
https://www.secpulse.com/archives/176618.html

相关推荐
关注或联系我们
添加百川云公众号,移动管理云安全产品
咨询热线:
4000-327-707
百川公众号
百川公众号
百川云客服
百川云客服

Copyright ©2024 北京长亭科技有限公司
icon
京ICP备 2024055124号-2