无法代码审计的隐形漏洞“Trojan Source”

https://krebsonsecurity.com/2021/11/trojan-source-bug-threatens-the-security-of-all-code/

Linux TIPC 模块内核漏洞 RCE（CVE-2021-43267）

https://thehackernews.com/2021/11/critical-rce-vulnerability-reported-in.html

PHP Event Calendar 存储型XSS（CVE-2021-42078）

https://seclists.org/fulldisclosure/2021/Nov/24

Writeup：Linux kernel v5.8 - v5.13.13 [CVE-2021-34866]

https://blog.hexrabbit.io/2021/11/03/CVE-2021-34866-writeup/

Writeup：Chrome V8 [CVE-2021-38001]

https://github.com/vngkv123/articles/blob/main/CVE-2021-38001.md

RedTeam Toolkit：基于Django制作的开源红队工具包

https://securityonline.info/redteam-toolkit-the-useful-offensive-tools/

aDLL：自动检测DLL挟持漏洞的二进制分析工具

https://github.com/ideaslocas/aDLL

HandleKatz：内存混淆转储工具

https://github.com/codewhitesec/HandleKatz

PowerShellRunner：绕过Defender的WinAPI利用脚本

https://github.com/dievus/PowerShellRunner

SMBeagle：排查内部SMB弱权限文件共享资源

https://github.com/punk-security/SMBeagle#usage

LDAP Monitor：实时监控 LDAP 对象的创建、删除和更改

https://github.com/p0dalirius/LDAPmonitor

全网黑IP收集

https://github.com/AttackTeamFamily/blackip

自动JAVA代码审计工具

https://github.com/EmYiQing/CodeInspector

卡巴斯基针对恶意钓鱼和垃圾电邮的第三季度报告

https://securelist.com/spam-and-phishing-in-q3-2021/104741/

域接管漏洞五大场景及防护建议

https://redhuntlabs.com/blog/5-ways-to-exploit-a-domain-takeover-vulnerability.html

Achieving LFI to RCE

https://twitter.com/i/web/status/1455412396256686082

DCOM滥用于Cobalt Strike横向移动

https://www.pentestpartners.com/security-blog/dcom-abuse-and-lateral-movement-with-cobalt-strike/

对恶意软件conti的横向技术分析及防护建议 - Part 1

https://www.unh4ck.com/detection-engineering-and-threat-hunting/lateral-movement/detecting-conti-cobaltstrike-lateral-movement-techniques-part-1

更多详情请查看原文