第八周/20211122红队推送

【漏洞研究】

Azure Active Directory 信息泄露漏洞（CVE-2021-42306）

https://msrc-blog.microsoft.com/2021/11/17/guidance-for-azure-active-directory-ad-keycredential-property-information-disclosure-in-application-and-service-principal-apis/

Netgear SOHO设备 预身份验证缓冲区溢出漏洞（CVE-2021-34991）

https://securityaffairs.co/wordpress/124716/security/netgear-cve-2021-34991-soho-devices.html?utm\_source=feedly&utm\_medium=rss&utm\_campaign=netgear-cve-2021-34991-soho-devices

Apache ShenYu 身份验证绕过漏洞 (CVE-2021-37580)

https://nosec.org/home/detail/4906.html

Ionic Identity Vault PIN锁定绕过（CVE-2021-44033）

https://seclists.org/fulldisclosure/2021/Nov/41

【红队工具】

模拟浏览器点击的登入框爆破工具

https://github.com/kracer127/SeBruteGUI

免杀小小工具集

https://github.com/akkuman/toolset

spring框架多线程漏洞扫描

https://github.com/YanMu2020/SpringScan

关于安全狗和云锁的自动化绕过脚本

https://github.com/pureqh/bypasswaf

利用fofa搜索socks5开放代理进行代理池轮切的工具

https://github.com/Liang2580/rotateproxy/tree/2.0

【红队文章】

spring boot Fat Jar 任意写文件漏洞到稳定 RCE 利用技巧

https://github.com/LandGrey/spring-boot-upload-file-lead-to-rce-tricks

利用5G核心网络漏洞

https://research.nccgroup.com/2021/11/16/exploit-the-fuzz-exploiting-vulnerabilities-in-5g-core-networks/

A Story of an Blind RCE

https://www.p1boom.com/2021/11/a-story-of-epic-blind-remote-code.html

红队技巧-逆向调用规避探测（视频）

https://www.youtube.com/watch?v=Uba3SQH2jNE

论域持久化之黄金票据

https://pentestlab.blog/2021/11/15/golden-certificate/

利用Ladon实现C2免杀所有杀软

http://k8gege.org/p/Ladon\_rat.html

---

更多详情请查看原文