第四周/20211025 红队推送

第四周/20211025 红队推送
2021-10-25 21:40:6 Author: mp.weixin.qq.com(查看原文) 阅读量:0 收藏

更多详情请查看原文

【漏洞研究】

存在十年之久的PHP-FPM 本地根漏洞

https://www.ambionics.io/blog/php-fpm-local-root

Microsoft Office 中的代码执行 (CVE-2021-38646)

https://spaceraccoon.dev/all-your-d-base-are-belong-to-us-part-2-code-execution-in-microsoft-office?pk_campaign=rss-feed

ADOBE READER 远程代码执行漏洞：CVE-2021-28632 CVE-2021-39840

https://www.zerodayinitiative.com/blog/2021/10/20/cve-2021-28632-amp-cve-2021-39840-bypassing-locks-in-adobe-reader

CVE-2021-40449 windows LPE 利用

https://github.com/ly4k/CallbackHell

CVE-2020-17087：利用 CNG.sys IOCTL 0x390400 池溢出漏洞

https://www.pixiepointsecurity.com/blog/nday-cve-2020-17087.html

CVE-2020-27304 – 通过 CivetWeb HTTP 服务器中的目录遍历进行 RCE

https://jfrog.com/blog/cve-2020-27304-rce-via-directory-traversal-in-civetweb-http-server/

一个简单的 Linux 内核内存损坏错误如何导致系统完全受损

https://googleprojectzero.blogspot.com/2021/10/how-simple-linux-kernel-memory.html

【红队工具】

内存注入检测规避工具

https://www.kitploit.com/2021/10/threadstackspoofer-poc-for-advanced-in.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+PentestTools+%28PenTest+Tools%29

Writing Disassemblers for VM-based Obfuscators

https://synthesis.to/2021/10/21/vm_based_obfuscation.html

Office 宏代码执行方法和规避

https://github.com/S3cur3Th1sSh1t/OffensiveVBA

PortBender - TCP 端口重定向实用程序

https://www.kitploit.com/2021/10/portbender-tcp-port-redirection-utility.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+PentestTools+%28PenTest+Tools%29

ZipExec

https://github.com/Tylous/ZipExec

nosferatu：Lsass NTLM 身份验证后门

https://securityonline.info/nosferatu-lsass-ntlm-authentication-backdoor/

【红队文章】

破解 JSON 网络令牌 (JWT)

https://infosecwriteups.com/hacking-json-web-tokens-jwts-a6eea2753d23

「建议学习」使用 Kerberos 进行身份验证中继攻击

https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html

Windows 漏洞利用技巧：中继 DCOM 身份验证

https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html

Cobalt Strike：使用已知私钥解密流量——第 1 部分

https://blog.nviso.eu/2021/10/21/cobalt-strike-using-known-private-keys-to-decrypt-traffic-part-1/

使用编程标识符 (ProgID) 进行 UAC 绕过

https://v3ded.github.io/redteam/utilizing-programmatic-identifiers-progids-for-uac-bypasses

【蓝队文章】

Windows 威胁追踪：感兴趣的进程（第 1 部分）

https://infosecwriteups.com/windows-threat-hunting-processes-of-interest-4577fe35d32f

文章来源: https://mp.weixin.qq.com/s?__biz=MzIxMjI0Mzk0OQ==&mid=2247483725&idx=1&sn=82d52406bce1c06c8030ac7edf6b0c23&chksm=974845cfa03fccd9de7aa948984b2ac32d75ecaa7aa2c006b7c804163fa6590c0137b3c6d68f&scene=58&subscene=0#rd
如有侵权请联系:admin#unsafe.sh