长亭百川云 - 文章详情

第十七周/20220124 红队推送

凌晨一点零三分

47

2024-07-13

【特别推荐】

云环境潜在威胁分析——AWS Lamda

https://sysdig.com/blog/exploit-mitigate-aws-lambdas-mitre/

Project Zero - Zoom安全性分析

https://googleprojectzero.blogspot.com/2022/01/zooming-in-on-zero-click-exploits.html

红队文章

大型JAVA项目审查工具编写思考

https://www.synacktiv.com/en/publications/captain-hook-how-not-to-look-for-vulnerabilities-in-java-applications.html

用OLETOOLS进行恶意宏分析

https://infosecwriteups.com/maldoc101-malicious-macros-analysis-with-oletools-8be3cda84544

JNDI漏洞利用探索

https://mp.weixin.qq.com/s/I-5S45gsVbi9O9oJNhO\_FQ

干货 | 最全的Weblogic漏洞复现笔记

https://mp.weixin.qq.com/s/pb0GGzku4tYX6acYOrtOxQ

Linux痕迹清除

https://mp.weixin.qq.com/s/mz4Bb-vtk3wlHApYWHiyJA

Tomcat下JNDI高版本绕过浅析

https://mp.weixin.qq.com/s/gBuKDjRfnbJDv6TG5F6q3w

远程开启3389及添加用户总结

https://mp.weixin.qq.com/s/LqJLjrKWzfqOWK8CE5JuJA

 

红队工具

StopDefender

https://github.com/lab52io/StopDefender

pip-audit:审计本地Python环境

https://github.com/trailofbits/pip-audit

Yasso:内网辅助渗透测试工具

https://securityonline.info/yasso-intranet-assisted-penetration-toolset/

Volana:Shell命令混淆工具

https://github.com/ariary/volana

reFlutter:应用逆向分析

https://github.com/ptswarm/reFlutter

漏洞研究

Worktime 10.20 Build 4967 Unquoted Service Path

https://cxsecurity.com/issue/WLB-2022010079

SB Admin Cross Site Request Forgery / SQL Injection

https://cxsecurity.com/issue/WLB-2022010081

Chaos Ransomware Builder 4 Insecure Permissions

https://cxsecurity.com/issue/WLB-2022010083

AgentTesla Builder Web Panel / SQL Injection

https://cxsecurity.com/issue/WLB-2022010085

Developed by : Muhammad Jamil - SQL Injection

https://cxsecurity.com/issue/WLB-2022010086

Win32.MarsStealer Web Panel / Unauthenticated Remote Data Deletion

https://cxsecurity.com/issue/WLB-2022010087

Win32.MarsStealer Web Panel / Unauthenticated Remote Information Disclosure

https://cxsecurity.com/issue/WLB-2022010088

Worktime 10.20 Build 4967 DLL Hijacking

https://cxsecurity.com/issue/WLB-2022010090

Nyron 1.0 SQL Injection

https://cxsecurity.com/issue/WLB-2022010091

Simple Chatbot Application 1.0 SQL Injection

https://cxsecurity.com/issue/WLB-2022010092

Simple Chatbot Application 1.0 Shell Upload

https://cxsecurity.com/issue/WLB-2022010093

Creston Web Interface 1.0.0.2159 Credential Disclosure

https://cxsecurity.com/issue/WLB-2022010094

SalonERP 3.0.1 sql SQL Injection (Authenticated)

https://cxsecurity.com/issue/WLB-2022010096

Landa Driving School Management System 2.0.1 Arbitrary File Upload

https://cxsecurity.com/issue/WLB-2022010097

WordPress PluginWP Visitor Statistics 4.7 SQL Injection

https://cxsecurity.com/issue/WLB-2022010098

Picaporte Design- Sql Injection Vulnerability

https://cxsecurity.com/issue/WLB-2022010099

Archeevo 5.0 Local File Inclusion

https://cxsecurity.com/issue/WLB-2022010100


更多互动可点击阅读原文

相关推荐
关注或联系我们
添加百川云公众号,移动管理云安全产品
咨询热线:
4000-327-707
百川公众号
百川公众号
百川云客服
百川云客服

Copyright ©2024 北京长亭科技有限公司
icon
京ICP备 2024055124号-2