【特别推荐】
FORCEDENTRY: Sandbox Escape
https://googleprojectzero.blogspot.com/2022/03/forcedentry-sandbox-escape.html
红队文章
俄罗斯APT TURLA后门TINYTURLA分步分析
https://cybergeeks.tech/a-step-by-step-analysis-of-the-russian-apt-turla-backdoor-called-tinyturla/
BITB: 一种新生的网络钓鱼方法
https://infosecwriteups.com/browser-in-the-browser-bitb-a-new-born-phishing-methodology-81687c586f1b
GitHub Cache Poisoning
https://scribesecurity.com/github-cache-poisoning/
漏洞随笔:通过 Jet Protocol 任意提款漏洞浅谈 PDA 与 Anchor 账号验证
https://mp.weixin.qq.com/s/Hxvaz8u21p94ChxCshIftA
域渗透之完全绕开安全组件
https://xz.aliyun.com/t/11096
使用codeql自动挖掘Java反序列化gadget
https://tttang.com/archive/1511/
Cobalt Strike - CDN隐匿
https://www.freebuf.com/articles/web/326383.html
Android netlink&svc 获取 Mac方法深入分析
https://mp.weixin.qq.com/s/qz8WXyKPvdqFp04Fti02IA
红队工具
Privid: A Privacy-Preserving Surveillance Video Analytics System
https://thehackernews.com/2022/03/privid-privacy-preserving-surveillance.html
ABC-Code Execution for Veeam
https://www.mdsec.co.uk/2022/03/abc-code-execution-for-veeam/
ggshield: Detect secret in source code, scan your repo for leaks
https://securityonline.info/ggshield-detect-secret-in-source-code-scan-your-repo-for-leaks/
直观展示网站资产的浏览器插件
https://github.com/0x727/Space\_view
IPvSeeYou 地理位置查找工具
https://github.com/6int/IPvSeeYou
Android netlink&svc 获取 Mac方法深入分析
https://mp.weixin.qq.com/s/qz8WXyKPvdqFp04Fti02IA
漏洞研究
Backdoor.Win32.Avstral.e / Unauthenticated Remote Command Execution
https://cxsecurity.com/issue/WLB-2022030124
Iolite Softwares - Sql Injection Vulnerability
https://cxsecurity.com/issue/WLB-2022030125
Medical Hub Directory Site 1.0 Local File Inclusion
https://cxsecurity.com/issue/WLB-2022030129
CSZ CMS 1.2.9 SQL Injection
https://cxsecurity.com/issue/WLB-2022030130
Joomla! 4.1.0 Zip Slip File Overwrite / Path Traversal
https://cxsecurity.com/issue/WLB-2022030132
WordPress Easy Cookie Policy 1.6.2 Cross Site Scripting
https://cxsecurity.com/issue/WLB-2022030131
PostgreSQL 11.7 Remote Code Execution
https://cxsecurity.com/issue/WLB-2022030133
Message System 1.0 SQL Injection
https://cxsecurity.com/issue/WLB-2022030135
EG Free AntiVirus 2020 Privilege Escalation / Unquoted Service Path
https://cxsecurity.com/issue/WLB-2022030136
Spoofer 1.4.6 Privilege Escalation / Unquoted Service Path
https://cxsecurity.com/issue/WLB-2022030137
IdeaRE RefTree Path Traversal
https://cxsecurity.com/issue/WLB-2022030138
IdeaRE RefTree Shell Upload
https://cxsecurity.com/issue/WLB-2022030139
Atom CMS 1.0.2 Shell Upload
https://cxsecurity.com/issue/WLB-2022030140
Kramer VIAware 2.5.0719.1034 Remote Code Execution
https://cxsecurity.com/issue/WLB-2022030141
Spring Cloud Function SpEL Injection
https://cxsecurity.com/issue/WLB-2022030142
WordPress Video-Synchro-PDF 1.7.4 Local File Inclusion
https://cxsecurity.com/issue/WLB-2022040002
Medical Hub Directory Site 1.0 SQL Injection