第十八周/20220404 红队推送

【特别推荐】

FORCEDENTRY: Sandbox Escape

https://googleprojectzero.blogspot.com/2022/03/forcedentry-sandbox-escape.html

红队文章

俄罗斯APT TURLA后门TINYTURLA分步分析

https://cybergeeks.tech/a-step-by-step-analysis-of-the-russian-apt-turla-backdoor-called-tinyturla/

BITB: 一种新生的网络钓鱼方法

https://infosecwriteups.com/browser-in-the-browser-bitb-a-new-born-phishing-methodology-81687c586f1b

GitHub Cache Poisoning

https://scribesecurity.com/github-cache-poisoning/

漏洞随笔：通过 Jet Protocol 任意提款漏洞浅谈 PDA 与 Anchor 账号验证

https://mp.weixin.qq.com/s/Hxvaz8u21p94ChxCshIftA

域渗透之完全绕开安全组件
https://xz.aliyun.com/t/11096

使用codeql自动挖掘Java反序列化gadget
https://tttang.com/archive/1511/

Cobalt Strike - CDN隐匿
https://www.freebuf.com/articles/web/326383.html

Android netlink&svc 获取 Mac方法深入分析
https://mp.weixin.qq.com/s/qz8WXyKPvdqFp04Fti02IA

红队工具

Privid: A Privacy-Preserving Surveillance Video Analytics System

https://thehackernews.com/2022/03/privid-privacy-preserving-surveillance.html

ABC-Code Execution for Veeam

https://www.mdsec.co.uk/2022/03/abc-code-execution-for-veeam/

ggshield: Detect secret in source code, scan your repo for leaks

https://securityonline.info/ggshield-detect-secret-in-source-code-scan-your-repo-for-leaks/

直观展示网站资产的浏览器插件

https://github.com/0x727/Space\_view

IPvSeeYou 地理位置查找工具

https://github.com/6int/IPvSeeYou

Android netlink&svc 获取 Mac方法深入分析

https://mp.weixin.qq.com/s/qz8WXyKPvdqFp04Fti02IA

漏洞研究

Backdoor.Win32.Avstral.e / Unauthenticated Remote Command Execution

https://cxsecurity.com/issue/WLB-2022030124

Iolite Softwares - Sql Injection Vulnerability

https://cxsecurity.com/issue/WLB-2022030125

Medical Hub Directory Site 1.0 Local File Inclusion

https://cxsecurity.com/issue/WLB-2022030129

CSZ CMS 1.2.9 SQL Injection

https://cxsecurity.com/issue/WLB-2022030130

Joomla! 4.1.0 Zip Slip File Overwrite / Path Traversal

https://cxsecurity.com/issue/WLB-2022030132

WordPress Easy Cookie Policy 1.6.2 Cross Site Scripting

https://cxsecurity.com/issue/WLB-2022030131

PostgreSQL 11.7 Remote Code Execution

https://cxsecurity.com/issue/WLB-2022030133

Message System 1.0 SQL Injection

https://cxsecurity.com/issue/WLB-2022030135

EG Free AntiVirus 2020 Privilege Escalation / Unquoted Service Path

https://cxsecurity.com/issue/WLB-2022030136

Spoofer 1.4.6 Privilege Escalation / Unquoted Service Path

https://cxsecurity.com/issue/WLB-2022030137

IdeaRE RefTree Path Traversal

https://cxsecurity.com/issue/WLB-2022030138

IdeaRE RefTree Shell Upload

https://cxsecurity.com/issue/WLB-2022030139

Atom CMS 1.0.2 Shell Upload

https://cxsecurity.com/issue/WLB-2022030140

Kramer VIAware 2.5.0719.1034 Remote Code Execution

https://cxsecurity.com/issue/WLB-2022030141

Spring Cloud Function SpEL Injection

https://cxsecurity.com/issue/WLB-2022030142

WordPress Video-Synchro-PDF 1.7.4 Local File Inclusion

https://cxsecurity.com/issue/WLB-2022040002

Medical Hub Directory Site 1.0 SQL Injection

https://cxsecurity.com/issue/WLB-2022040003