Latest Infosec News and Articles

• proxylogon, proxyshell, proxyoracle and proxytoken full chain exploit tool  https://github.com/FDlucifer/Proxy-Attackchain 
• A Log4j PoC written in PowerShell https://github.com/aalex954/Log4PowerShell 
• How to exploit Log4j vulnerabilities in VMWare vCenter  https://www.sprocketsecurity.com/blog/how-to-exploit-log4j-vulnerabilities-in-vmware-vcenter 
• Detecting Log4j Exploits via Zeek When Java Downloads Java   https://corelight.com/blog/detecting-log4j-exploits-via-zeek-when-java-downloads-java 
• JNDI-Exploit-Kit   https://github.com/pimps/JNDI-Exploit-Kit  
• Hacking the dlink DIR-615 for fun and no profit Part 5: Multiple RCE’s https://noob3xploiter.medium.com/hacking-the-dlink-dir-615-for-fun-and-no-profit-part-5-multiple-rces-d508f58e2471 
• Exploitation of CVE-2021-21220 – From Incorrect JIT Behavior to RCE https://www.zerodayinitiative.com/blog/2021/12/15/exploitation-of-cve-2021-21220-from-incorrect-jit-behavior-to-rce  
• cobaltstrike的相关资源汇总 / List of Awesome CobaltStrike Resources https://github.com/zer0yu/Awesome-CobaltStrike 
• Bypassing OTP Verification for Changing PIN in Registered Mobile Banking Account. https://infosecwriteups.com/bypassing-otp-verification-for-changing-pin-in-registered-mobile-banking-account-ed92dbcaa5c7 
• DInjector – Collection Of Shellcode Injection Techniques Packed In A D/Invoke Weaponized DLL https://www.kitploit.com/2021/12/dinjector-collection-of-shellcode.html