每周蓝军技术推送（2021.1.1-1.7）

https://twitter.com/0gtweet/status/1477342919094939654

https://github.com/gtworek/PSBits/blob/master/VirtualAccounts/TrustedInstallerCmd2.c

https://pentestlab.blog/2022/01/04/domain-persistence-adminsdholder/

https://github.com/pwn1sher/WMEye

https://blog.tneitzel.eu/posts/01-attacking-java-rmi-via-ssrf/

https://research.nccgroup.com/2021/12/29/tool-release-shouganaiyo-loader-a-tool-to-force-jvm-attaches/

https://cloudbrothers.info/en/azure-persistence-azure-policy-guest-configuration/#include-arc-connected-servers

https://www.netspi.com/blog/technical/web-application-penetration-testing/azure-sas-tokens/

https://twitter.com/lkarlslund/status/1478780584818356230

https://improsec.com/tech-blog/staging-cobalt-strike-with-mtls-using-caddy

https://mrd0x.com/phishing-o365-spoofed-cloud-attachments/

https://gist.github.com/sbasu7241/5dd8c278762c6305b4b2009d44d60c13

https://github.com/kyleavery/inject-assembly

https://dazzyddos.github.io/posts/Remote-Process-Enumeration-with-WTS-Set-Of-APIs/

https://twitter.com/mrd0x/status/1478234484881436672

https://twitter.com/bohops/status/1478196067334295557

https://twitter.com/0gtweet/status/1477925112561209344

https://twitter.com/mrd0x/status/1479094189048713219

https://icyguider.github.io/2022/01/03/Convert-CSharp-Tools-To-PowerShell.html

https://www.mcafee.com/blogs/enterprise/mcafee-enterprise-atr/technical-analysis-of-cve-2021-1732/

https://www.fortinet.com/blog/threat-research/cve-2021-42278-cve-2021-42287-from-user-to-domain-admin-60-seconds

https://github.com/eelyvy/log4jshell-pdf

https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console/

https://www.zerodayinitiative.com/blog/2022/1/5/the-top-5-bugs-submitted-in-2021

https://github.com/bit4woo/Fiora