CTF导航 CTF导航

每日安全动态推送(07-06)

渗透技巧 2年前 (2022) admin
609 0 0
Tencent Security Xuanwu Lab Daily News


• GitHub – Orange-Cyberdefense/GOAD: game of active directory:
https://github.com/Orange-Cyberdefense/GOAD

   ・ GOAD – Active Directory 渗透测试实验环境 – Jett


• 2271 – project-zero – Project Zero – Monorail:
https://bugs.chromium.org/p/project-zero/issues/detail?id=2271

   ・ Issue 2271: Windows: Kerberos Redirected Logon Buffer EoP – Jett


• One I/O Ring to Rule Them All: A Full Read/Write Exploit Primitive on Windows 11 – Winsider Seminars & Solutions Inc.:
https://windows-internals.com/one-i-o-ring-to-rule-them-all-a-full-read-write-exploit-primitive-on-windows-11/

   ・ 将 Windows 11 的内存写漏洞转化成完全内存读写能力 – Jett


• Brute Ratel C4 Red Teaming Tool Being Abused by Malicious Actors:
https://unit42.paloaltonetworks.com/brute-ratel-c4-tool/

   ・ 红队测试工具 Brute Ratel C4 被 APT 攻击者滥用 – Jett


• WMI Internals Part 1. Understanding the Basics | by Jonathan Johnson | Jul, 2022 | Medium:
https://jsecurity101.medium.com/wmi-internals-part-1-41bb97e7f5eb

   ・ WMI Internals Part 1 – Jett


• [PDF] https://zhendong2050.github.io/res/time-travel-testing-21-01-2020.pdf:
https://zhendong2050.github.io/res/time-travel-testing-21-01-2020.pdf

   ・ 用 Time-travel Testing 的方法测试 Android App,覆盖更多的状态 – Jett


• WarCon 2022 – Modern Initial Access and Evasion Tactics – mgeeky’s lair:
https://mgeeky.tech/warcon-2022-modern-initial-access-and-evasion-tactics/

   ・ WarCon 2022 – Modern Initial Access and Evasion Tactics – Jett


• Advanced Breakpoints for AMD Debug | ASSET InterTech:
https://www.asset-intertech.com/resources/blog/2022/07/advanced-breakpoints-for-amd-debug/

   ・ Advanced Breakpoints for AMD Debug – lanying37


• GitHub – gusmanb/logicanalyzer: 24 channel, 100Msps logic analyzer hardware and software:
https://github.com/gusmanb/logicanalyzer

   ・ 一款开源的 24 通道软硬件逻辑分析仪 – Jett


• 使用tabby分析Spring Data MongoDB SpEL漏洞:
https://tttang.com/archive/1647/

   ・ 使用tabby分析Spring Data MongoDB SpEL漏洞 – lanying37


• Abusing functionality to exploit a super SSRF in Jira Server (CVE-2022-26135) – Assetnote:
https://blog.assetnote.io/2022/06/26/exploiting-ssrf-in-jira/

   ・ Jira Server SSRF(CVE-2022-26135)漏洞的利用 – Jett


• Bitter APT continues to target Bangladesh | SECUINFRA Falcon Team:
https://www.secuinfra.com/en/techtalk/whatever-floats-your-boat-bitter-apt-continues-to-target-bangladesh/

   ・ Bitter APT 组织近期针对孟加拉国攻击活动的分析 – Jett


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(07-06)

版权声明:admin 发表于 2022年7月6日 上午11:57。
转载请注明:每日安全动态推送(07-06) | CTF导航

相关文章

【翻译】如何反制Empire C2攻击
admin
83
SQL Injection in netease-youdao/qanything
admin
31
每日安全动态推送(01-10)
admin
665
Linux 默认打印系统RCE漏洞复现
admin
25
CVE-2022-42046 Proof of Concept of wfshbr64.sys local privilege escalation via DKOM
admin
564
Building a (slightly) better Melkor
admin
161

暂无评论

您必须登录才能参与评论!
立即登录
暂无评论...

相关文章

Boolean-based SQL Injection in ZoneMinder v1.37.* <= 1.37.64
0
Open-Source Intelligence Summit 2024议题慢递
0
NTLM Relaying – Making the Old New Again
0
每日安全动态推送(24/11/4)
0
wuzhicms<=4.1.0后台RCE(0day)
0
每周蓝军技术推送(2024.10.26-11.1)
0
Apache Solr漏洞CVE-2024-45216分析
0
某小型cms漏洞复现审计
0
Distributed RPC Framework RemoteModule has Deserialization RCE in pytorch/pytorch(CVE-2024-48063)
0
JWT(JSON Web Token) 攻击面小结
0