漏洞报告

MTN Grou

• #1060518 No rate limit in otp code sending

Mail.ru

• #1255676 Blind XSS Stored and CORS misconfiguration в отчете "События" сервиса top.mail.ru

Acronis

• [#1023572 acronis.secure.force.com] - Insecure Salesforce default/custom object permissions leads to information disclosure

• #1004412 Possible LDAP username and password disclosed on Github

挖洞技巧

• Abusing NTLM Relay and Pass-The-Hash for Admin | by Julian Runnels | Aug, 2021 | InfoSec Write-ups

工具推荐

• RaouzRouik/CVE-2021-34473-scanner: Scanner for CVE-2021-34473, ProxyShell, A Microsoft Exchange On-premise Vulnerability

• Maxwitat/Check-AAD-Connect-for-CVE-2021-36949-vulnerability: check if Azure AD Connect is affected by the vulnerability described in CVE-2021-36949

• dnr6419/CVE-2021-32644: Ampache XSS

windows内核利用

• Windows Kernel Exploitation Part 1: Stack Buffer Overflows – Himanshu Khokhar's Blog

• Windows Kernel Exploitation Part 2: Type Confusion – Himanshu Khokhar's Blog

• Windows Kernel Exploitation Part 3: Integer Overflow – Himanshu Khokhar's Blog

Linux介绍专栏

• Linux Rootkits Part 1: Introduction and Workflow :: TheXcellerator

• Linux Rootkits Part 2: Ftrace and Function Hooking :: TheXcellerator