每周蓝军技术推送（2022.6.4-6.10）

https://github.com/GhostPack/DeepPass

https://sadc0d3r.medium.com/2fa-bypass-due-to-unauthorized-2fa-disabling-via-x-csrf-2ddc167f2d2a

https://tttang.com/archive/1620/

https://www.cyberark.com/resources/threat-research-blog/extracting-clear-text-credentials-directly-from-chromium-s-memory

https://jfrog.com/blog/npm-package-hijacking-through-domain-takeover-how-bad-is-this-new-attack/

https://www.xmind.net/m/5dypm8/

https://skelsec.medium.com/lsass-needs-an-iv-57b7333d50d8

https://github.com/nickvourd/COM-Hunter

https://github.com/boku7/BokuLoader

https://github.com/S3cur3Th1sSh1t/Nim_DInvoke

https://github.com/Idov31/Nidhogg

https://github.com/mattifestation/AntimalwareBlight

https://twitter.com/nas_bench/status/1534916659676422152

https://twitter.com/nas_bench/status/1534915321856917506

https://www.valhallaresearch.net/post/embedding-python-malware

https://synthesis.to/presentations/recon22_next_gen.pdf

https://attackerkb.com/topics/BH1D56ZEhs/cve-2022-26134/rapid7-analysis?referrer=notificationEmail

https://github.com/vulhub/vulhub/tree/master/confluence/CVE-2022-26134

https://twitter.com/phithon_xg/status/1533381232590958592

https://mp.weixin.qq.com/s/nCMtSD7QH8ai6fpurJBXTg

https://github.com/tr3ee/CVE-2022-23222

https://www.zerodayinitiative.com/blog/2022/6/7/cve-2022-26937-microsoft-windows-network-file-system-nlm-portmap-stack-buffer-overflow

https://www.zerodayinitiative.com/blog/2022/6/1/is-exploiting-a-null-pointer-deref-for-lpe-just-a-pipe-dream

https://www.sstic.org/2022/presentation/fuzzing_microsofts_rdp_client_using_virtual_channels/

https://bitbucket.org/Pirates-of-Silicon-Hills/voightkampff/src/master/

https://securelist.com/router-security-2021/106711/

https://www.youtube.com/watch?v=v–rVT4RsCE