JavaScript Raider:v8 JavaScript引擎 Fuzzing工具
https://github.com/freingruber/JavaScript-Raider
NET反序列化利用链萌新入门——XmlSerializer
https://mp.weixin.qq.com/s/tKnVdQgEyysZCGdnvcu39w
ASP.NET下的内存马(1) filter内存马分析
https://tttang.com/archive/1408/
针对AD CS中ESC7滥用添加Certifiy辅助模块
https://www.blackarrow.net/adcs-weaponizing-esc7-attack/
RefleXXion:用户态Hook绕过工具
https://github.com/hlldz/RefleXXion
FunctionStomping:新免杀注入技术
https://github.com/Idov31/FunctionStomping
DefenderSwitch: 调用Win32 API终止Windows Defender
https://github.com/APTortellini/DefenderSwitch
利用KsecDD驱动IOCTL解密CryptProtectMemory加密内存
https://twitter.com/0gtweet/status/1485989857382088716
NimPackt: 基于Nim实现的.NET和shellcode打包器
https://github.com/chvancooten/NimPackt-v1
CVE-2021-4034:polkit pkexec导致的提权漏洞,影响范围广泛
https://mp.weixin.qq.com/s/xOXEorO62dORot7MEsnUWQ
https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034
CVE-2021-35232:SolarWinds 网页服务台漏洞挖掘过程
https://blog.assetnote.io/2022/01/23/solarwinds-webhelpdesk-hsql-eval-harcoded-creds/
CVE-2022-21371:WebLogic 未授权文件获取
https://gist.github.com/picar0jsu/f3e32939153e4ced263d3d0c79bd8786
CVE-2021-45467:CWP CentOS Web 面板 – preauth RCE
https://octagon.net/blog/2022/01/22/cve-2021-45467-cwp-centos-web-panel-preauth-rce/
VMWare VCenter、Spring Boot 等多个产品的路径穿越漏洞案例
https://kuldeep.io/posts/path-traversal-paradise/
CVE-2022-21658:Rust std::fs::remove_dir_all 标准库函数存在条件竞争漏洞
https://blog.rust-lang.org/2022/01/20/cve-2022-21658.html
McAfee Agent 被发现 Windows SYSTEM 本地提权漏洞
https://threatpost.com/mcafee-bug-windows-system-privileges/177857/
CVE-2022-0185: heap-based overflow Linux提权漏洞
https://www.openwall.com/lists/oss-security/2022/01/25/14
https://github.com/Crusaders-of-Rust/CVE-2022-0185
CVE-2022-21882:Windows Win32k 本地提权漏洞
https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2022/CVE-2022-21882.html
复现基于 eBPF 实现的 Docker 逃逸
https://drivertom.blogspot.com/2022/01/ebpfdocker.html
微软云存储账户与存储桶敏感信息渗出攻击
https://www.inversecos.com/2022/01/how-to-detect-and-compromise-azure.html
Gmail附件预览可以插入恶意链接进行钓鱼
https://mrd0x.com/phishing-google-users-by-spoofing-previews/?no-cache=1
对随机生成的密码进行爆破可行性研究
https://www.trustedsec.com/blog/recovering-randomly-generated-passwords/
M01N Team
聚焦高级攻防对抗热点技术
绿盟科技蓝军技术研究战队
原文始发于微信公众号(M01N Team):每周蓝军技术推送(2021.1.22-1.28)