第十九周/20220412 红队推送
红队文章
源码层面梳理Java RMI交互流程
https://tttang.com/archive/1530/
Smarty 最新 SSTI 总结
基于资源的约束性委派
https://www.cnblogs.com/sup3rman/p/16114572.html
APC注入以及几种实现方式
Android netlink&svc 获取 Mac方法深入分析
https://bbs.pediy.com/thread-271698.htm
滥用任意文件删除来提升权限和其他技巧
https://www.zerodayinitiative.com/blog/2022/3/16/abusing-arbitrary-file-deletes-to-escalate-privilege-and-other-great-tricks
红队工具
一款SRC密码生成工具
https://github.com/ort4u/PwdBUD
伪造Myslq服务端,并利用Mysql逻辑漏洞来获取客户端的任意文件反击攻击者
https://github.com/BeichenDream/MysqlT
可用于渗透和红队快速打点的快速漏洞检测工具
https://github.com/tr0uble-mAker/POC-bomber
An interactive cheat sheet
https://github.com/WADComs/WADComs.github.io
Wholeaked - A File-Sharing Tool That Allows You To Find The Responsible Person In Case Of A Leakage
http://www.kitploit.com/2022/04/wholeaked-file-sharing-tool-that-allows.html
Uncover - quickly discover exposed hosts on the internet
https://www.kitploit.com/2022/04/uncover-quickly-discover-exposed-hosts.html
漏洞研究
对CVE-2022-0609恶意样本的部分分析(chrome在野0day)
https://xz.aliyun.com/t/11121
MacOS SUHelper 权限提升漏洞:深入了解 CVE-2022-22639
https://www.trendmicro.com/en\_us/research/22/d/macos-suhelper-root-privilege-escalation-vulnerability-a-deep-di.html
通过变量覆盖挖PHPMyWind前台RCE(CNVD-2022-24937 )
https://www.freebuf.com/vuls/326936.html
Spring4Shell – CVE-2022-22965(环境搭建及利用思考)
https://www.secpulse.com/archives/176618.html
