文章预览
Web安全 BadDNS:子域接管检测及其他DNS安全性测试 https://blog.blacklanternsecurity.com/p/introducing-baddns https://github.com/blacklanternsecurity/baddns NGINX修复与HTTP/3有关的多个漏洞 https://securityonline.info/nginx-releases-security-updates-http-3-vulnerabilities-patched/ 通过Suricata识别潜在Kerberos攻击流量 https://blog.exploit.org/caster-kerbhammer/ 内网渗透 微软Exchange攻击路径挖掘与防御建议 https://posts.specterops.io/pwned-by-the-mail-carrier-0750edfad43b SharpPersistSD:滥用安全描述符实现对远程计算机持久化 https://github.com/cybersectroll/SharpPersistSD 介绍五种不常见的NTLM中继攻击技术 https://www.guidepointsecurity.com/blog/beyond-the-basics-exploring-uncommon-ntlm-relay-attack-techniques/ SCCM攻击利用技术 https://swisskyrepo.github.io/InternalAllTheThings/active-directory/deployment-sccm/ JS-Tap WEB应用攻击工具2.0添加C2控制功能 https://trustedsec.com/blog/js-tap-mark-
………………………………