长亭百川云 - 文章详情

第十六周/20220117 红队推送

凌晨一点零三分

59

2024-07-13

红队文章

Wordpress core 5.8.2 SQL Injection  (CVE-2022–21661) 漏洞分析与复现

https://cognn.medium.com/sql-injection-in-wordpress-core-zdi-can-15541-a451c492897

CVE-2021-41577:EVGA Precision X1 从MITM 到 RCE

https://rhinosecuritylabs.com/research/cve-2021-41577-evga-precision-x1/?\_\_cf\_chl\_f\_tk=34KsHs4f0TNCt.F\_wOk8fEP9V5sEWBKHyWYuOjQdhE8-1642417390-0-gaNycGzNB70

CVE-2021-20038 (SonicWall SSL VPN) 深入分析

https://www.reddit.com/r/netsec/comments/s1dtx2/writing\_an\_exploit\_for\_cve202120038\_sonicwall\_ssl/

NTLM Theft 提权小技巧

https://www.hackingarticles.in/multiple-files-to-capture-ntlm-hashes-ntlm-theft/

Bypassing AV/EDR with Nim

https://www.securityartwork.es/2022/01/12/bypassing-av-edr-with-nim/

Exploit Kits vs. Google Chrome

https://www.reddit.com/r/netsec/comments/s2bae8/exploit\_kits\_vs\_google\_chrome/

红队工具

冰镜:基于iMonitorSDK的开源终端行为监控分析软件

https://github.com/wecooperate/iMonitor

Ivy:A payload creation framework for the execution of arbitrary VBA (macro) source code in memory.

https://github.com/optiv/Ivy

Registry Spy:开源跨平台 Windows 注册表查看器

https://github.com/andyjsmith/Registry-Spy/

HazProne:一个云渗透框架

https://github.com/stafordtituss/HazProne

Wifi-Framework:一个便于进行Wifi环境模拟测试的Wifi框架

https://github.com/domienschepers/wifi-framework/tree/master/setup

漏洞研究

Microsoft Windows SMB Direct Session Takeover

https://cxsecurity.com/issue/WLB-2022010047

openSIS Student Information System 8.0 SQL Injection

https://cxsecurity.com/issue/WLB-2022010048

Microsoft Windows 11- 'Jolt2.c' Denial of Service (MS00-029)

https://cxsecurity.com/issue/WLB-2022010049

sixdaysworks - Sql Injection Vulnerability

https://cxsecurity.com/issue/WLB-2022010050

CoreFTP Server Build 725 Directory Traversal

https://cxsecurity.com/issue/WLB-2022010051

VUPlayer 2.49 Buffer Overflow

https://cxsecurity.com/issue/WLB-2022010052

Online Railway Reservation System 1.0 Cross Site Scripting

https://cxsecurity.com/issue/WLB-2022010053

Online Railway Reservation System 1.0 SQL Injection

https://cxsecurity.com/issue/WLB-2022010054

Open-AudIT Community 4.2.0 Cross Site Scripting

https://cxsecurity.com/issue/WLB-2022010055

Movie Rating System 1.0 Broken Access Control (Admin Account Creation) (Unauthenticated)

https://cxsecurity.com/issue/WLB-2022010056

Microsoft Windows Defender / Detection Bypass

https://cxsecurity.com/issue/WLB-2022010058

Arva Web Developer - Blind Sql Injection Vulnerability

https://cxsecurity.com/issue/WLB-2022010057

Microsoft Windows .Reg File Dialog Spoof / Mitigation Bypass

https://cxsecurity.com/issue/WLB-2022010059

Backdoor.Win32.Controlit.10 / Unauthenticated Remote Command Execution

https://cxsecurity.com/issue/WLB-2022010060

Microsoft Windows 11 - 'afd.sys' Local Kernel Denial of Service

https://cxsecurity.com/issue/WLB-2022010061

Crestron HD-MD4X2-4K-E 1.0.0.2159 Credential Disclosure

https://cxsecurity.com/issue/WLB-2022010064

Log4Shell HTTP Header Injection

https://cxsecurity.com/issue/WLB-2022010065

Agile Web Solutions - Sql Injection Vulnerability

https://cxsecurity.com/issue/WLB-2022010066

WordPress Core 5.8.2 - 'WP_Query' SQL Injection

https://cxsecurity.com/issue/WLB-2022010068

WordPress Frontend Uploader 1.3.2 Cross Site Scripting

https://cxsecurity.com/issue/WLB-2022010072

EDSA Designs - Sql Injection Vulnerability

https://cxsecurity.com/issue/WLB-2022010069

MARKS DESIGN - Sql Injection Vulnerability

https://cxsecurity.com/issue/WLB-2022010070

SonicWall SMA 100 Series Authenticated Command Injection

https://cxsecurity.com/issue/WLB-2022010073

Web Canvas - Sql Injection Vulnerability

https://cxsecurity.com/issue/WLB-2022010075

da Grazioli Design - Sql Injection Vulnerability

https://cxsecurity.com/issue/WLB-2022010077

HTTP Commander 3.1.9 Cross Site Scripting

https://cxsecurity.com/issue/WLB-2022010078

点个在看你最好看


更多互动可点击阅读原文

相关推荐
关注或联系我们
添加百川云公众号,移动管理云安全产品
咨询热线:
4000-327-707
百川公众号
百川公众号
百川云客服
百川云客服

Copyright ©2024 北京长亭科技有限公司
icon
京ICP备 2024055124号-2