长亭百川云 - 文章详情

第九周/20211129红队推送

凌晨一点零三分

50

2024-07-13

【特别推荐】

=============

XLL技术分析:能否为Office文件钓鱼破局?

https://yoroi.company/research/office-documents-may-the-xll-technique-change-the-threat-landscape-in-2022/

【漏洞研究】

Apache JSPWiki 任意文件删除漏洞(CVE-2021-44140)

https://cve.report/CVE-2021-44140

所有Windows版本均受影响,Cisco Talos发现一个高危提权漏洞

https://www.cnbeta.com/articles/tech/1207121.htm

TP-Link TL-XVR1800L 设备零日漏洞

https://securityaffairs.co/wordpress/125016/hacking/0-day-tp-link-wi-fi-6.html?utm\_source=feedly&utm\_medium=rss&utm\_campaign=0-day-tp-link-wi-fi-6

漏洞发掘者WP:CVE-2021-43557(Apache APISIX)

https://xvnpw.github.io/posts/cve\_2021\_43557\_apache\_apisix\_path\_traversal\_in\_request\_uri\_variable/

Popping iOS <=14.7 with IOMFB(CVE-2021-30807)

https://jsherman212.github.io/2021/11/28/popping\_ios14\_with\_iomfb.html

Poc&Patch:Exchange RCE(CVE-2021-42321)

https://www.bleepingcomputer.com/news/security/exploit-released-for-microsoft-exchange-rce-bug-patch-now/

【红队工具】

适用于红队演习的各种EDR相关信息

https://github.com/Mr-Un1k0d3r/EDRs/

4-ZERO-3:Tool to bypass 403/401

https://github.com/Dheerajmadhukar/4-ZERO-3

Katana:Python Tool For google Hacking

https://github.com/TebbaaX/Katana

不用写代码的图形化爬虫平台

https://github.com/ssssssss-team/spider-flow

汽车安全测试工具集

https://github.com/firmianay/Vehicle-Security-Toolkit

【红队文章】

WP:HackTheBox - Union

https://0xdf.gitlab.io/2021/11/22/htb-union.html

使用JADX和Frida进行Andriod应用逆向

https://httptoolkit.tech/blog/android-reverse-engineering/

从APPLE.COM的XSS发现到构建POC获取PII

https://zseano.medium.com/finding-xss-on-apple-com-and-building-a-proof-of-concept-to-leak-your-pii-information-d7bc93cff2df

2021信息安全挑战赛Writeup完整版

https://spaceraccoon.dev/the-infosecurity-challenge-2021-full-writeup-battle-royale-for-30k


更多详情请查看原文

相关推荐
关注或联系我们
添加百川云公众号,移动管理云安全产品
咨询热线:
4000-327-707
百川公众号
百川公众号
百川云客服
百川云客服

Copyright ©2024 北京长亭科技有限公司
icon
京ICP备 2024055124号-2