探索高版本 JDK 下 JNDI 漏洞的利用方法
https://tttang.com/archive/1405/
不完美的条件竞争JNDI漏洞利用链发现过程
https://tttang.com/archive/1409/
利用 VMWare Workspace One Access 的 SSRF 漏洞泄露管理员身份 JWT
https://blog.assetnote.io/2022/01/17/workspace-one-access-ssrf/
云盘box双因素短信认证绕过
https://www.varonis.com/blog/box-mfa-bypass-sms
InternetDB API:快速端口扫描和漏洞扫描
https://internetdb.shodan.io
基于 PyRDP 工具从 RDP 流量中截获 RDP NetNTLMv2 Hash
https://www.gosecure.net/blog/2022/01/17/capturing-rdp-netntlmv2-hashes-attack-details-and-a-technical-how-to-guide/
从Linux系统实现DCSync攻击
https://www.n00py.io/2022/01/adding-dcsync-permissions-from-linux/
Safari 15: IndexedDB API可导致用户网络行为被追踪,甚至个人身份泄漏
https://fingerprintjs.com/blog/indexeddb-api-browser-vulnerability-safari-15/
利用计算机账户实现持久化
https://pentestlab.blog/2022/01/17/domain-persistence-machine-account/
ReverseRDP_RCE:恶意RDP服务端,连接后静默反向RCE客户端
https://github.com/klinix5/ReverseRDP_RCE
Linux权限提升脑图
https://twitter.com/0xConda/status/1484147709636485123
脆弱Lambda云函数导致的代码执行
https://sysdig.com/blog/exploit-mitigate-aws-lambdas-mitre/
Project Ares Injector:基于C/C++实现的Transacted Hollowing注入器
https://github.com/Cerbersec/Ares
SharpGhosting:C#实现的Process Ghosting注入器
https://github.com/Wra7h/SharpGhosting
pe2shc-to-cdb:将shellcode转换为cdb脚本,利用cdb.exe免杀执行
https://github.com/mrd0x/pe2shc-to-cdb
LOLBAS:利用Explorer.exe可下载payload
https://twitter.com/mrd0x/status/1484030333330862085
LOLBAS:Setup.exe实现持久化
https://twitter.com/Hexacorn/status/1482484486994640896
LOLBAS: F-secure签名的卸载软件FsUninstallationTool.exe 可执行Lua脚本
https://twitter.com/nas_bench/status/1483523204597571591
ASP.NET Ajax 框架 Ajax.NET Professional 被发现 RCE 漏洞
https://mogwailabs.de/en/blog/2022/01/vulnerability-spotlight-rce-in-ajax.net-professional/
CVE-2022-21661:WordPress WP_Query SQL 注入漏洞的分析
https://www.zerodayinitiative.com/blog/2022/1/18/cve-2021-21661-exposing-database-info-via-wordpress-sql-injection
CVE-2021-43297:Apache Dubbo Hessian2 异常处理时反序列化
https://github.com/MrLion7/Lmap
CVE-2021-44790:Apache HTTP Server mod_lua模块缓冲区溢出漏洞分析
https://mp.weixin.qq.com/s/VjSpJW-1sYM1BwDPQZDqFA
SolarWinds Serv-U CVE-2021-35211 漏洞EXP构造
https://bishopfox.com/blog/exploit-for-cve-2021-35211
CVE-2021-22204:GitLab RCE之exiftool代码执行漏洞深入分析(二)
http://blog.topsec.com.cn/cve-2021-22204-gitlab-rce%e4%b9%8bexiftool%e4%bb%a3%e7%a0%81%e6%89%a7%e8%a1%8c%e6%bc%8f%e6%b4%9e%e6%b7%b1%e5%85%a5%e5%88%86%e6%9e%90%ef%bc%88%e4%ba%8c%ef%bc%89/
CVE-2022-21893: Windows远程桌面漏洞可导致普通用户访问其他用户的文件系统,并可查看修改其他用户的粘贴板信息
https://www.cyberark.com/resources/threat-research-blog/attacking-rdp-from-inside
CVE-2021-44049:安全软件CyberArk导致的本地权限提升漏洞
https://hencohen10.medium.com/cyberark-endpoint-manager-local-privilege-escalation-cve-2021-44049-67cd5e62c3d2
Zoom zero-click漏洞分析
https://googleprojectzero.blogspot.com/2022/01/zooming-in-on-zero-click-exploits.html
趋势科技Deep Security Agent Linux 版本 root 提权漏洞 Poc
https://github.com/modzero/MZ-21-02-Trendmicro
宏基电脑在 Windows 系统安装的 Acer Care Center 被发现本地提权漏洞
https://aptw.tf/2022/01/20/acer-care-center-privesc.html
CVE-2022-0185:Linux fs_context.c Heap buffer overflow 导致的提权漏洞,目前只有demo
https://www.openwall.com/lists/oss-security/2022/01/18/7
https://github.com/Crusaders-of-Rust/CVE-2022-0185
研究员 Axel Souchet 开源了一个支持多平台的 ROP gadget 搜索工具
https://github.com/0vercl0k/rp
现代浏览器安全分析
https://arxiv.org/pdf/2112.15561.pdf
VirusTotal Hacking: 利用VirusTotal收集敏感信息
https://www.safebreach.com/blog/2022/the-perfect-cyber-crime/
从思科电话系统获取账户哈希
https://www.trustedsec.com/blog/seeyoucm-thief-exploiting-common-misconfigurations-in-cisco-phone-systems/
Windows驱动程序逆向工程与漏洞发现
https://voidsec.com/windows-drivers-reverse-engineering-methodology/
M01N Team
聚焦高级攻防对抗热点技术
绿盟科技蓝军技术研究战队
原文始发于微信公众号(M01N Team):每周蓝军技术推送(2021.1.15-1.21)