腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Pentest ] 如何绕过 Kaspersky Endpoint Security 11 : http://0xc0ffee.io/blog/kes11-bypass
-
[ Pentest ] Active Directory 的核心安全原则及最佳实践: https://ernw.de/download/AD_Summit_2018/01_AD_Summit_CoreSecPrinciples_fk_hw_v.1.2_signed.pdf
-
[ Tools ] binctr - 可以由非特权用户运行的静态容器: https://github.com/genuinetools/binctr https://blog.jessfraz.com/post/getting-towards-real-sandbox-containers/
-
[ Tools ] metasploit-execute-assembly - 通过 Meterpreter 会话执行 .NET 程序集的后渗透攻击模块: https://github.com/b4rtik/metasploit-execute-assembly
-
-
[ Pentest ] Microsoft 域环境安全审计方法介绍: https://www.exploit-db.com/docs/english/46019-an-internal-pentest-audit-against-active-directory.pdf
-
-
[ SecurityReport ] Cure53 对 Jigsaw Outline VPN 工具的渗透测试报告: https://s3.amazonaws.com/outline-vpn/static_downloads/cure53-report.pdf
-
[ Windows ] Microsoft Windows MsiAdvertiseProduct 导致的任意文件读取漏洞披露: https://www.exploit-db.com/exploits/46028
-
[ Windows ] Microsoft 对 COM(Component Object Model) 的详细介绍系列文章 : https://twitter.com/bohops/status/1075596990438957056