CTF导航 CTF导航

每日安全动态推送(07-06)

渗透技巧 2年前 (2022) admin
573 0 0
Tencent Security Xuanwu Lab Daily News


• GitHub – Orange-Cyberdefense/GOAD: game of active directory:
https://github.com/Orange-Cyberdefense/GOAD

   ・ GOAD – Active Directory 渗透测试实验环境 – Jett


• 2271 – project-zero – Project Zero – Monorail:
https://bugs.chromium.org/p/project-zero/issues/detail?id=2271

   ・ Issue 2271: Windows: Kerberos Redirected Logon Buffer EoP – Jett


• One I/O Ring to Rule Them All: A Full Read/Write Exploit Primitive on Windows 11 – Winsider Seminars & Solutions Inc.:
https://windows-internals.com/one-i-o-ring-to-rule-them-all-a-full-read-write-exploit-primitive-on-windows-11/

   ・ 将 Windows 11 的内存写漏洞转化成完全内存读写能力 – Jett


• Brute Ratel C4 Red Teaming Tool Being Abused by Malicious Actors:
https://unit42.paloaltonetworks.com/brute-ratel-c4-tool/

   ・ 红队测试工具 Brute Ratel C4 被 APT 攻击者滥用 – Jett


• WMI Internals Part 1. Understanding the Basics | by Jonathan Johnson | Jul, 2022 | Medium:
https://jsecurity101.medium.com/wmi-internals-part-1-41bb97e7f5eb

   ・ WMI Internals Part 1 – Jett


• [PDF] https://zhendong2050.github.io/res/time-travel-testing-21-01-2020.pdf:
https://zhendong2050.github.io/res/time-travel-testing-21-01-2020.pdf

   ・ 用 Time-travel Testing 的方法测试 Android App,覆盖更多的状态 – Jett


• WarCon 2022 – Modern Initial Access and Evasion Tactics – mgeeky’s lair:
https://mgeeky.tech/warcon-2022-modern-initial-access-and-evasion-tactics/

   ・ WarCon 2022 – Modern Initial Access and Evasion Tactics – Jett


• Advanced Breakpoints for AMD Debug | ASSET InterTech:
https://www.asset-intertech.com/resources/blog/2022/07/advanced-breakpoints-for-amd-debug/

   ・ Advanced Breakpoints for AMD Debug – lanying37


• GitHub – gusmanb/logicanalyzer: 24 channel, 100Msps logic analyzer hardware and software:
https://github.com/gusmanb/logicanalyzer

   ・ 一款开源的 24 通道软硬件逻辑分析仪 – Jett


• 使用tabby分析Spring Data MongoDB SpEL漏洞:
https://tttang.com/archive/1647/

   ・ 使用tabby分析Spring Data MongoDB SpEL漏洞 – lanying37


• Abusing functionality to exploit a super SSRF in Jira Server (CVE-2022-26135) – Assetnote:
https://blog.assetnote.io/2022/06/26/exploiting-ssrf-in-jira/

   ・ Jira Server SSRF(CVE-2022-26135)漏洞的利用 – Jett


• Bitter APT continues to target Bangladesh | SECUINFRA Falcon Team:
https://www.secuinfra.com/en/techtalk/whatever-floats-your-boat-bitter-apt-continues-to-target-bangladesh/

   ・ Bitter APT 组织近期针对孟加拉国攻击活动的分析 – Jett


* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


原文始发于微信公众号(腾讯玄武实验室):每日安全动态推送(07-06)

版权声明:admin 发表于 2022年7月6日 上午11:57。
转载请注明:每日安全动态推送(07-06) | CTF导航

相关文章

实战钓鱼中的html附件利用
admin
432
CVE-2022-21350 WebLogic T3 RCE 简单分析
admin
1,220
每日安全动态推送(09-22)
admin
528
Gdb调试复现Dirty Pipe漏洞(CVE-2022-0847)之内核态调试
admin
595
内网渗透测试:利用 RDP 协议搭建 Socks5 代理隧道
admin
1,232
如何开展蓝军工作与量化评估
admin
865

暂无评论

您必须登录才能参与评论!
立即登录
暂无评论...

相关文章

EvilGophish’s Approach to Advanced Bot Detection with Cloudflare Turnstile
0
CreateRCE — Yet Another Vulnerability in CreateUri
0
BGPWatch — BGP路由分析和诊断平台
0
进程命令行参数欺骗
0
内容劫持 | Electron 安全
0
凭据获取之浏览器
0
实战环境中的Redis 延时注入
0
每日安全动态推送(4-18)
0
漏洞挖掘 | DreamerCMS RCE (CVE-2024-3311)
0
Weblogic RCE(CVE-2024-21006)
0