第十周/20211206红队推送
2021-12-6 21:30:1 Author: mp.weixin.qq.com(查看原文) 阅读量:2 收藏

Persistsolution - Sql Injection Vulnerability

https://cxsecurity.com/issue/WLB-2021120005

WordPress Plugin DZS Zoomsounds 6.45 Arbitrary File Read (Unauthenticated)(CVE-2021-39316)

https://cxsecurity.com/issue/WLB-2021120012

    WordPress DZS Zoomsounds 6.45 Arbitrary File Read:

    https://cxsecurity.com/issue/WLB-2021120021

WordPress Plugin Slider by Soliloquy 2.6.2 - 'title' Stored Cross Site Scripting (XSS) (Authenticated)

https://cxsecurity.com/issue/WLB-2021120019

Auerswald COMfortel 1400/2600/3600 IP Authentication Bypass(CVE-2021-40856)

https://seclists.org/fulldisclosure/2021/Dec/9

Ubuntu Overlayfs Local Privilege Escalation(CVE-2021-3493)

https://cxsecurity.com/issue/WLB-2021120022

Backdoor.Win32.Vernet.axt / Insecure Permissions(MVID-2021-0413)

https://seclists.org/fulldisclosure/2021/Dec/5

Backdoor.Win32.Bionet.10 / Authentication Bypass RCE(MVID-2021-0414)

https://seclists.org/fulldisclosure/2021/Dec/6

一个在 Linux 6pack 驱动程序中存在 16 年的漏洞分析:CVE-2021-42008

https://syst3mfailure.io/sixpack-slab-out-of-bounds

VMware vCenter (测试于7.0.2.00100) SSRF + XSS 未经授权任意文件读取

https://mp.weixin.qq.com/s/pWoInwVDM8p0ZL0hNWgK3Q

ThePhish: 钓鱼邮件自动分析工具

https://securityonline.info/thephish-automated-phishing-email-analysis-tool/

XMGoat – Azure开源渗透测试工具

https://www.xmcyber.com/xmgoat-an-open-source-pentesting-tool-for-azure/

EDRHunt: 扫描 Windows 服务、驱动程序、进程、注册表以查找已安装的 EDR

https://github.com/FourCoreLabs/EDRHunt

开源、轻量、快速、跨平台 的红队内外网打点扫描器

https://github.com/redtoolskobe/scaninfo

一款可以探测Chrome插件的前端工具

https://github.com/neargle/crx-scouter

Proxy pool: Python爬虫代理IP池

https://github.com/jhao104/proxy_pool

关于DLL注入

https://infosecwriteups.com/dll-injection-dllinjector-d1b30c6760eb?source=rss----7b722bfd1b8d---4

Popping iOS <=14.7 with IOMFB

https://www.reddit.com/r/ReverseEngineering/comments/r5n5pq/popping_ios_147_with_iomfb/

SSRF漏洞利用与getshell实战(精选)

https://mp.weixin.qq.com/s/SGrZIhKmOdpmRE3cmb_XkA

分享一些更快速的刷SRC赏金的自动化挖洞技巧命令和工具协同

https://github.com/taielab/Taie-Bugbounty-killer

渗透工具实战技巧大合集

https://mp.weixin.qq.com/s/Y32hTQV-ggYFaHZ_p-p7Wg

钓鱼与社工系列之某信聊天记录解密

https://skewwg.github.io/2021/06/15/diao-yu-yu-she-gong-xi-lie-zhi-wei-xin-liao-tian-ji-lu-jie-mi/


文章来源: https://mp.weixin.qq.com/s?__biz=MzIxMjI0Mzk0OQ==&mid=2247483749&idx=1&sn=da5cc47fc72f66261fea9f4b00f94bc5&chksm=974845e7a03fccf1f552b4aa1faa73c672442cf7f5f786182b801693056a5b00ae2f78b8116e&scene=58&subscene=0#rd
如有侵权请联系:admin#unsafe.sh