​​
• Attacking Java RMI via SSRF:
  https://blog.tneitzel.eu/posts/01-attacking-java-rmi-via-ssrf/
  ・ Attacking Java RMI via SSRF – Jett


• Keylogging Across The Operating Systems - YouTube:
  https://www.youtube.com/watch?v=g4ll7XKDJ4o
  ・ 跨平台的 Keylogging 实现，来自 GrimmCon 会议 – Jett


• [Tools] Tool Release – shouganaiyo-loader: A Tool to Force JVM Attaches:
  https://research.nccgroup.com/2021/12/29/tool-release-shouganaiyo-loader-a-tool-to-force-jvm-attaches/
  ・ shouganaiyo-loader - 强制向 JVM 进程注入 Agent 的工具 – Jett


• Exploiting CVE-2021-44228 using PDFs as delivery channel - PoC:
  https://github.com/eelyvy/log4jshell-pdf
  ・ 以 PDF 文件作为媒介触发 log4j CVE-2021-44228 漏洞 – Jett


• [Tools] Installation:
  https://github.com/cdk-team/CDK
  ・ CDK - 一款为容器环境定制的渗透测试工具，在已攻陷的容器内部提供零依赖的常用命令及 PoC/EXP – Jett


• Mariana Trench:
  https://github.com/facebook/mariana-trench
  ・ Mariana Trench - Facebook 开源的一款 Android 静态漏洞扫描工具 – Jett


• +overview:
  https://cyberweek.ae/2021/presentations/response-smuggling-pwning-http-1-1-connections/
  ・ Response Smuggling: Pwning HTTP/1.1 Connections – Jett


• +overview:
  https://cyberweek.ae/2021/presentations/hitb-lab-arm-iot-firmware-extraction-and-emulation-using-armx/
  ・ ARM IoT 固件提取以及基于 ARMX 的固件模拟，来自 Cyberweek 会议 – Jett


• Git stats:
  https://github.com/ethereal-vx/Antivirus-Artifacts
  ・ 几款知名反病毒软件（Avira, BitDefender, F-Secure, MalwareBytes...）所 Hook 的 API 列表收集 – Jett

* 查看或搜索历史推送内容请访问：

   https://sec.today

* 微信公众号： 腾讯玄武实验室 

​​​​