更多详情请查看原文
【漏洞研究】
存在十年之久的PHP-FPM 本地根漏洞
https://www.ambionics.io/blog/php-fpm-local-root
Microsoft Office 中的代码执行 (CVE-2021-38646)
https://spaceraccoon.dev/all-your-d-base-are-belong-to-us-part-2-code-execution-in-microsoft-office?pk_campaign=rss-feed
ADOBE READER 远程代码执行漏洞:CVE-2021-28632 CVE-2021-39840
https://www.zerodayinitiative.com/blog/2021/10/20/cve-2021-28632-amp-cve-2021-39840-bypassing-locks-in-adobe-reader
CVE-2021-40449 windows LPE 利用
https://github.com/ly4k/CallbackHell
CVE-2020-17087:利用 CNG.sys IOCTL 0x390400 池溢出漏洞
https://www.pixiepointsecurity.com/blog/nday-cve-2020-17087.html
CVE-2020-27304 – 通过 CivetWeb HTTP 服务器中的目录遍历进行 RCE
https://jfrog.com/blog/cve-2020-27304-rce-via-directory-traversal-in-civetweb-http-server/
一个简单的 Linux 内核内存损坏错误如何导致系统完全受损
https://googleprojectzero.blogspot.com/2021/10/how-simple-linux-kernel-memory.html
【红队工具】
内存注入检测规避工具
https://www.kitploit.com/2021/10/threadstackspoofer-poc-for-advanced-in.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+PentestTools+%28PenTest+Tools%29
Writing Disassemblers for VM-based Obfuscators
https://synthesis.to/2021/10/21/vm_based_obfuscation.html
Office 宏代码执行方法和规避
https://github.com/S3cur3Th1sSh1t/OffensiveVBA
PortBender - TCP 端口重定向实用程序
https://www.kitploit.com/2021/10/portbender-tcp-port-redirection-utility.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+PentestTools+%28PenTest+Tools%29
ZipExec
https://github.com/Tylous/ZipExec
nosferatu:Lsass NTLM 身份验证后门
https://securityonline.info/nosferatu-lsass-ntlm-authentication-backdoor/
【红队文章】
破解 JSON 网络令牌 (JWT)
https://infosecwriteups.com/hacking-json-web-tokens-jwts-a6eea2753d23
「建议学习」使用 Kerberos 进行身份验证中继攻击
https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html
Windows 漏洞利用技巧:中继 DCOM 身份验证
https://googleprojectzero.blogspot.com/2021/10/windows-exploitation-tricks-relaying.html
Cobalt Strike:使用已知私钥解密流量——第 1 部分
https://blog.nviso.eu/2021/10/21/cobalt-strike-using-known-private-keys-to-decrypt-traffic-part-1/
使用编程标识符 (ProgID) 进行 UAC 绕过
https://v3ded.github.io/redteam/utilizing-programmatic-identifiers-progids-for-uac-bypasses
【蓝队文章】
Windows 威胁追踪:感兴趣的进程(第 1 部分)
https://infosecwriteups.com/windows-threat-hunting-processes-of-interest-4577fe35d32f