【特别推荐】
云环境潜在威胁分析——AWS Lamda
https://sysdig.com/blog/exploit-mitigate-aws-lambdas-mitre/
Project Zero - Zoom安全性分析
https://googleprojectzero.blogspot.com/2022/01/zooming-in-on-zero-click-exploits.html
红队文章
大型JAVA项目审查工具编写思考
用OLETOOLS进行恶意宏分析
https://infosecwriteups.com/maldoc101-malicious-macros-analysis-with-oletools-8be3cda84544
JNDI漏洞利用探索
https://mp.weixin.qq.com/s/I-5S45gsVbi9O9oJNhO\_FQ
干货 | 最全的Weblogic漏洞复现笔记
https://mp.weixin.qq.com/s/pb0GGzku4tYX6acYOrtOxQ
Linux痕迹清除
https://mp.weixin.qq.com/s/mz4Bb-vtk3wlHApYWHiyJA
Tomcat下JNDI高版本绕过浅析
https://mp.weixin.qq.com/s/gBuKDjRfnbJDv6TG5F6q3w
远程开启3389及添加用户总结
https://mp.weixin.qq.com/s/LqJLjrKWzfqOWK8CE5JuJA
红队工具
StopDefender
https://github.com/lab52io/StopDefender
pip-audit:审计本地Python环境
https://github.com/trailofbits/pip-audit
Yasso:内网辅助渗透测试工具
https://securityonline.info/yasso-intranet-assisted-penetration-toolset/
Volana:Shell命令混淆工具
https://github.com/ariary/volana
reFlutter:应用逆向分析
https://github.com/ptswarm/reFlutter
漏洞研究
Worktime 10.20 Build 4967 Unquoted Service Path
https://cxsecurity.com/issue/WLB-2022010079
SB Admin Cross Site Request Forgery / SQL Injection
https://cxsecurity.com/issue/WLB-2022010081
Chaos Ransomware Builder 4 Insecure Permissions
https://cxsecurity.com/issue/WLB-2022010083
AgentTesla Builder Web Panel / SQL Injection
https://cxsecurity.com/issue/WLB-2022010085
Developed by : Muhammad Jamil - SQL Injection
https://cxsecurity.com/issue/WLB-2022010086
Win32.MarsStealer Web Panel / Unauthenticated Remote Data Deletion
https://cxsecurity.com/issue/WLB-2022010087
Win32.MarsStealer Web Panel / Unauthenticated Remote Information Disclosure
https://cxsecurity.com/issue/WLB-2022010088
Worktime 10.20 Build 4967 DLL Hijacking
https://cxsecurity.com/issue/WLB-2022010090
Nyron 1.0 SQL Injection
https://cxsecurity.com/issue/WLB-2022010091
Simple Chatbot Application 1.0 SQL Injection
https://cxsecurity.com/issue/WLB-2022010092
Simple Chatbot Application 1.0 Shell Upload
https://cxsecurity.com/issue/WLB-2022010093
Creston Web Interface 1.0.0.2159 Credential Disclosure
https://cxsecurity.com/issue/WLB-2022010094
SalonERP 3.0.1 sql SQL Injection (Authenticated)
https://cxsecurity.com/issue/WLB-2022010096
Landa Driving School Management System 2.0.1 Arbitrary File Upload
https://cxsecurity.com/issue/WLB-2022010097
WordPress PluginWP Visitor Statistics 4.7 SQL Injection
https://cxsecurity.com/issue/WLB-2022010098
Picaporte Design- Sql Injection Vulnerability
https://cxsecurity.com/issue/WLB-2022010099
Archeevo 5.0 Local File Inclusion
https://cxsecurity.com/issue/WLB-2022010100
更多互动可点击阅读原文
