Zero Project：深入研究 NSO 的零点击 iMessage 漏洞

https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html

Cibele Thinfinity VirtualUI 2.5.41.0 User Enumeration

https://cxsecurity.com/issue/WLB-2021120082

NETGEAR ProSafe™ Gigabit Quad WAN SSL VPN Firewall SRX5308 | SQL Injection Vulnerability

https://cxsecurity.com/issue/WLB-2021120077

Sofico Miles RIA 2020.2 Build 127964T Cross Site Scripting

https://cxsecurity.com/issue/WLB-2021120076

SAP Netweaver IUUC_RECON_RC_COUNT_TABLE_BIG ABAP Code Injection

https://cxsecurity.com/issue/WLB-2021120075

SAP Netweaver IUUC_GENERATE_ACPLAN_DELIMITER ABAP Code Injection

https://cxsecurity.com/issue/WLB-2021120074

SAP Netweaver IUUC_RECON_RC_COUNT_TABLE_BIG SQL Injection

https://cxsecurity.com/issue/WLB-2021120073

Zucchetti Axess CLOKI Access Control 1.64 Cross Site Request Forgery

https://cxsecurity.com/issue/WLB-2021120072

meterN 1.2.3 Remote Command Execution

https://cxsecurity.com/issue/WLB-2021120071

WordPress Typebot 1.4.3 Cross Site Scripting

https://cxsecurity.com/issue/WLB-2021120070

Apache Log4j2 2.14.1 Information Disclosure

https://cxsecurity.com/issue/WLB-2021120069

OpenEMR 6.0.0 / 6.1.0-dev SQL Injection

https://cxsecurity.com/issue/WLB-2021120068

端口管理工具，可以根据端口号关掉进程

https://github.com/penghaojie/port

SpringBootEnvDecrypt：获取被星号脱敏的密码的明文

https://github.com/heikanet/SpringBootEnvDecrypt

CTFCrackTools：中国国内首个CTF工具框架,旨在帮助CTFer快速攻克难关

https://github.com/0Chencc/CTFCrackTools

PwdBUD：一款SRC密码生成工具，尝试top字典无果后，可以根据域名、公司名等因素来生成特定的字典

https://github.com/fcre1938/PwdBUD

ARL-NPoC：集漏洞验证和任务运行的一个框架 

https://github.com/1c3z/ARL-NPoC

【红队文章】

快速探测目标防火墙出网端口的工具化实现

https://xz.aliyun.com/t/10677

https://mp.weixin.qq.com/s/8lhmjPtLTlVkS1Q3-6-mHA

https://mp.weixin.qq.com/s/E8828A-1f6w_uwB81DMF4A

https://blog.csdn.net/fnmsd/article/details/106890242

C语言：了解House of Einherjar

https://hackmd.io/@gand3lf/houseofeinherjar

更多详情请查看原文