每周蓝军技术推送（2024.7.13-7.19）

https://securityonline.info/cve-2024-40725-cve-2024-40898-apache-http-server-flaws-put-millions-of-websites-at-risk/

https://github.com/Sprocket-Security/gigaproxy

https://0xv1n.github.io/posts/sessionenumeration/

https://cicada-8.medium.com/process-injection-is-dead-long-live-ihxhelppaneserver-af8f20431b5d

https://github.com/CICADA8-Research/IHxExec

https://syntax-err0r.github.io/Silently_Install_Chrome_Extension.html

https://www.cobaltstrike.com/blog/cobalt-strike-410-through-the-beacongate

https://www.sentinelone.com/labs/fin7-reboot-cybercrime-gang-enhances-ops-with-new-edr-bypasses-and-automated-attacks/

https://wpscan.com/blog/unauthenticated-privilege-escalation-in-profile-builder-plugin/

https://gist.github.com/bolhasec/9d40dfb4c304189d5ef433b1594feeea

https://blog.doyensec.com/2024/07/18/custom-actions.html

https://github.com/mbadanoiu/CVE-2024-22274

https://blog.chebuya.com/posts/server-side-request-forgery-on-havoc-c2/

https://frycos.github.io/vulns4free/2024/07/10/dynamics-ups-and-downs.html

https://github.com/rzte/pdf-exploit

https://dayzerosec.com/blog/2024/07/11/getting-started-2024.html

https://arxiv.org/pdf/2402.08567v2

https://embracethered.com/blog/posts/2024/chatgpt-persistent-denial-of-service/

https://www.wiz.io/blog/sapwned-sap-ai-vulnerabilities-ai-security

https://portswigger.net/research/fickle-pdfs-exploiting-browser-rendering-discrepancies

https://www.youtube.com/watch?v=QbOzNxiUHzA

https://x.com/Xaaavier_8613/status/1814192758560870430

https://mashable.com/article/windows-bsod-crash-crowdstrike-update-worldwide-outage

https://www.bbc.com/news/live/cnk4jdwp49et