Latest Infosec News and Articles
- proxylogon, proxyshell, proxyoracle and proxytoken full chain exploit tool https://github.com/FDlucifer/Proxy-Attackchain
- A Log4j PoC written in PowerShell https://github.com/aalex954/Log4PowerShell
- How to exploit Log4j vulnerabilities in VMWare vCenter https://www.sprocketsecurity.com/blog/how-to-exploit-log4j-vulnerabilities-in-vmware-vcenter
- Detecting Log4j Exploits via Zeek When Java Downloads Java https://corelight.com/blog/detecting-log4j-exploits-via-zeek-when-java-downloads-java
- JNDI-Exploit-Kit https://github.com/pimps/JNDI-Exploit-Kit
- Hacking the dlink DIR-615 for fun and no profit Part 5: Multiple RCE’s https://noob3xploiter.medium.com/hacking-the-dlink-dir-615-for-fun-and-no-profit-part-5-multiple-rces-d508f58e2471
- Exploitation of CVE-2021-21220 – From Incorrect JIT Behavior to RCE https://www.zerodayinitiative.com/blog/2021/12/15/exploitation-of-cve-2021-21220-from-incorrect-jit-behavior-to-rce
- cobaltstrike的相关资源汇总 / List of Awesome CobaltStrike Resources https://github.com/zer0yu/Awesome-CobaltStrike
- Bypassing OTP Verification for Changing PIN in Registered Mobile Banking Account. https://infosecwriteups.com/bypassing-otp-verification-for-changing-pin-in-registered-mobile-banking-account-ed92dbcaa5c7
- DInjector – Collection Of Shellcode Injection Techniques Packed In A D/Invoke Weaponized DLL https://www.kitploit.com/2021/12/dinjector-collection-of-shellcode.html