Chrome exploit for CVE-2024-5830 to Windows. 👾
https://github.com/uf0o/exploit_dev/tree/main/browsers/v8/CVE-2024-5830
CVE-2024-8190: Investigating CISA KEV Ivanti Cloud Service Appliance Command Injection Vulnerability
https://www.horizon3.ai/attack-research/cisa-kev-cve-2024-8190-ivanti-csa-command-injection/
掌握 API 利用:通过 cURL 构建反向 Shell
https://danaepp.com/mastering-api-exploitation-crafting-reverse-shells-via-curl
https://www.akamai.com/blog/security-research/2024-august-vpn-post-exploitation-techniques-black-hat
https://medium.com/@bart.dopheide/decrypting-fortigate-passwords-cve-2019-6693-1239f6fd5a61
https://cloud.google.com/blog/topics/threat-intelligence/ivanti-post-exploitation-lateral-movement
探索 VPN 漏洞利用后技术
https://www.hackers-arise.com/post/bypassing-next-generation-firewalls-with-fragtunnel
基于 Python 的 TCP 隧道工具提供了一种绕过下一代防火墙的独特方法
https://cicada-8.medium.com/evil-msi-a-long-story-about-vulnerabilities-in-msi-files-1a2a1acaf01c
MSI 文件在 Windows LPE
https://laburity.com/exploiting-pfsense-remote-code-execution-cve-2022-31814/
https://blog.devsecopsguides.com/payment-vulnerabilities
https://bi.zone/expertise/blog/analiz-uyazvimosti-cve-2024-7965/
PoC for CVE-2024-7965
Aqua Nautilus 的网络安全研究人员发现了一种新的 Linux 恶意软件,称为“Hadooken”,专门针对 Oracle WebLogic 服务器。这种复杂的恶意软件采用多阶段攻击链,最终部署加密矿工和 Tsunami 后门,对依赖 WebLogic 运行关键应用程序的组织构成重大风险。
https://www.aquasec.com/blog/hadooken-malware-targets-weblogic-applications/
https://www.cybereason.com/blog/cuckoo-spear-analyzing-noopdoor
https://securitylabs.datadoghq.com/articles/abusing-entra-id-administrative-units/
“隐藏在众目睽睽之下:滥用 Entra ID 管理单元进行粘滞持久性” 💥 了解攻击者如何在遭到入侵的 Entra 租户中持久、隐蔽地持续存在
https://www.aquasec.com/blog/bucket-monopoly-breaching-aws-accounts-through-shadow-resources/
通过影子资源入侵 AWS 账户
https://blog.zsec.uk/homelab-clustering-pt1/
构建终极 Homelab NUC 集群 - 第 1 部分
Tenable Research 发现 Google Cloud Platform (GCP) 中存在一个远程代码执行 (RCE) 漏洞,该漏洞现已修复,我们将其命名为 CloudImposer。该漏洞可能允许攻击者劫持 Google 在每个 Google Cloud Composer 管道编排工具上预安装的内部软件依赖项。Tenable Research 还在 GCP 文档中发现了客户应该注意的危险指导。
https://www.tenable.com/blog/cloudimposer-executing-code-on-millions-of-google-servers-with-a-single-malicious-package
https://ssd-disclosure.com/ssd-advisory-lancom-lcos-heap-overflow/
LANCOM LCOS 网络界面(通常监听端口 443)中存在一个漏洞,允许远程攻击者触发监听此端口的服务中的堆溢出
https://blog.amberwolf.com/blog/2024/september/skeleton-cookie-breaking-into-safeguard-with-cve-2024-45488/
https://github.com/DataDog/undocumented-aws-api-hunter/
用于查找数千个未记录的 AWS API 的工具
https://cloud.google.com/blog/topics/threat-intelligence/unc2970-backdoor-trojanized-pdf-reader/
https://blog.compass-security.com/2024/09/three-headed-potato-dog/
DCOM 跨会话强制 + Kerberos = 💣 我们仔细研究了今年早些时候
发现的攻击,并在 Python 中做了一个 PoC!
https://blog.compass-security.com/2024/08/a-patchdiffing-journey-tp-link-omada/
TP-Link Omada 千兆 VPN 路由器 ER605