每周蓝军技术推送(2022.12.17-12.23)
2022-12-23 18:1:28 Author: M01N Team(查看原文) 阅读量:15 收藏

Web安全

ThinkPHP多语言RCE漏洞分析

https://tttang.com/archive/1865/

利用可编排结构实现低代码扫描器

https://mp.weixin.qq.com/s/Y8MP_QEFPi4uO7PfLwzHdg

内网渗透

使用Microsoft Sentinel审核ADCS服务

https://www.kaidojarvemets.com/audit-active-directory-certificate-services-using-microsoft-sentinel/

终端对抗

Venom:使用被盗的浏览器套接字执行规避通信

https://github.com/Idov31/Venom

Blindside:使用硬件断点规避EDR的技术

https://cymulate.com/blog/blindside-a-new-technique-for-edr-evasion-with-hardware-breakpoints

wanderer:用C#编写的可注入进程枚举开源工具

https://github.com/gh0x0st/wanderer

linux_injector:用于x64 Linux的简单无ptrace共享库注入器

https://github.com/namazso/linux_injector

C++编写的Rundll32 COM劫持执行器

https://ghoulsec.medium.com/reddev-5-rundll32-com-hijack-executor-in-c-40b632fc7e37

MacOS中的新旧内存执行

https://rtx.meta.security/post-exploitation/2022/12/19/In-Memory-Execution-in-macOS.html

漏洞相关

CVE-2022-41080和CVE-2022-41082链接,以绕过Microsoft为ProxyNotShell提供的URL重写缓解措

https://www.rapid7.com/blog/post/2022/12/21/cve-2022-41080-cve-2022-41082-rapid7-observed-exploitation-of-owassrf-in-exchange-for-rce/

CVE-2022-4543:绕过KASLR漏洞缓解机制

https://www.willsroot.io/2022/12/entrybleed.html

CVE-2022-2602:Linux内核特权提升漏洞利用

https://exploiter.dev/blog/2022/CVE-2022-2602.html

https://blog.hacktivesecurity.com/index.php/2022/12/21/cve-2022-2602-dirtycred-file-exploitation-applied-on-an-io_uring-uaf/

绕过Apple Gatekeeper安全机制

https://www.microsoft.com/en-us/security/blog/2022/12/19/gatekeepers-achilles-heel-unearthing-a-macos-vulnerability/

使用泄漏的Sentinel值绕过最新的Chrome v8 HardenProtect

https://medium.com/@numencyberlabs/using-leaking-sentinel-value-to-bypass-the-latest-chrome-v8-hardenprotect-c4ed40e3d34f

CVE-2022-23093:FreeBSD ping漏洞分析

https://www.archcloudlabs.com/projects/cve-2022-23093/

云安全

检测Azure AD帐户接管攻击

https://posts.bluraven.io/detecting-azure-ad-account-takeover-attacks-b2652bb65a4c

云原生组件Nacos新型红队手法研究

https://mp.weixin.qq.com/s/Jwwd5ailKNhwR57ACXB1kQ

AWS ECR Public漏洞

https://blog.lightspin.io/aws-ecr-public-vulnerability

其他

IRM-2022(2022年事件响应方法)

https://github.com/certsocietegenerale/IRM

MSI Dump:分析恶意MSI安装包、提取文件、流、二进制数据并集成YARA扫描程序的工具

https://github.com/mgeeky/msidump

M01N Team公众号

聚焦高级攻防对抗热点技术

绿盟科技蓝军技术研究战队

官方攻防交流群

网络安全一手资讯

攻防技术答疑解惑

扫码加好友即可拉群

往期推荐

每周蓝军技术推送(2022.12.10-12.16)

每周蓝军技术推送(2022.12.3-12.9)

每周蓝军技术推送(2022.11.26-12.2)


文章来源: http://mp.weixin.qq.com/s?__biz=MzkyMTI0NjA3OA==&mid=2247490354&idx=1&sn=69d522a02b6013d03e860134e805df0f&chksm=c187db23f6f0523571474da0cc4d8e032be18b6790ab15e135ca27763fe3766391f986a09850#rd
如有侵权请联系:admin#unsafe.sh