每周蓝军技术推送（2024.1.6-1.12）

https://github.com/xnl-h4ck3r/GAP-Burp-Extension

https://github.com/chainreactors/gogo

https://practicalsecurityanalytics.com/how-to-leverage-internal-proxies-for-lateral-movement-firewall-evasion-and-trust-exploitation/

https://github.com/kyleavery/pendulum

https://github.com/Workingdaturah/Payload-Generator

https://github.com/DebugPrivilege/InsightEngineering/blob/main/Debugging%20Case%20Studies/Debug%20Case%20Study%3A%20SharePoint%20Pre-Auth%20Code%20Injection%20RCE%20chain%20CVE-2023-29357%20%26%20CVE-2023-24955/README.md

https://www.volexity.com/blog/2024/01/10/active-exploitation-of-two-zero-day-vulnerabilities-in-ivanti-connect-secure-vpn/

https://github.com/0x33c0unt/CVE-2024-21633

https://www.synacktiv.com/advisories/remote-code-execution-on-cisco-access-point-wap371-firmware-1307

https://github.com/swarmsecurity/swarm

https://www.netspi.com/blog/technical/cloud-penetration-testing/automating-managed-identity-token-extraction-in-azure-container-registries/

https://unit42.paloaltonetworks.com/google-kubernetes-engine-privilege-escalation-fluentbit-anthos/

https://medium.com/r3d-buck3t/red-teaming-in-cloud-leverage-azure-frontdoor-cdn-for-c2-redirectors-79dd9ca98178

https://github.com/0xNslabs/CanaryTokenScanner

https://www.trellix.com/about/newsroom/stories/research/saints-turned-evil/

https://github.com/Mozilla-Ocho/llamafile

https://hacks.mozilla.org/2023/11/introducing-llamafile/

https://github.com/Portkey-AI/gateway

https://blog.aquasec.com/2024-cybersecurity-trends-ai-cloud-and-threat-intelligence

https://www.mcafee.com/blogs/internet-security/6-cybersecurity-predictions-for-2024-staying-ahead-of-the-latest-hacks-and-attacks/

https://yaratoolkit.securitybreak.io/