内网渗透
使用Codecepticon混淆Rubeus
https://www.pavel.gr/blog/obfuscating-rubeus-using-codecepticon
通过HTTP请求走私获取Active Directory凭据
https://tij.me/blog/harvesting-active-directory-credentials-via-http-request-smuggling/
Locksmith:用于定位和修复AD CS中错误配置的工具
https://github.com/TrimarcJake/Locksmith
Timeroast攻击和Trustroast攻击技术:在Active Directory域中离线破解密码的新思路
https://www.secura.com/uploads/whitepapers/Secura-WP-Timeroasting-v3.pdf
https://github.com/SecuraBV/Timeroast
终端对抗
Cobalt Strike 4.8发布:默认支持syscall、Guardrails上线条件限制、ETW致盲等防御规避新特性
https://www.cobaltstrike.com/blog/cobalt-strike-4-8-system-call-me-maybe/
通过DLL劫持和Hook API提取KeePass2密码
https://skr1x.github.io/keepass-dll-hijacking/
Amsi-Killer:通过搜索每条指令首字节获得跳转指令的地址绕过AMSI,在目标数据集更改后仍然有效
https://github.com/ZeroMemoryEx/Amsi-Killer
Lolbin-poc:windbg.exe与dbgeng.dll的白加黑利用组合
https://github.com/mrexodia/lolbin-poc
漏洞相关
通过伪造调用堆栈阻碍指纹识别
https://www.coresecurity.com/blog/hardware-call-stack
CVE-2023-21716:Microsoft Word远程代码执行漏洞POC公开
https://www.bleepingcomputer.com/news/security/proof-of-concept-released-for-critical-microsoft-word-rce-bug/
CVE-2023-21768:Windows辅助功能驱动本地提权漏洞EXP公开
https://github.com/chompie1337/Windows_LPE_AFD_CVE-2023-21768
云安全
Azure渗透:攻击者如何利用配置错误的环境
https://medium.com/@laythchebbi/azure-infiltrated-how-attackers-exploit-misconfigured-environments-to-breach-data-and-cause-damage-f24ba5342bfe
在Cosmos DB Explorer中通过基于DOM的XSS接管Microsoft Azure帐户
https://starlabs.sg/blog/2023/02-microsoft-azure-account-takeover-via-dom-based-xss-in-cosmos-db-explorer/
在不重置密码的情况下从Azure AD本地账户提升到全局管理员
https://cloudbrothers.info/en/prem-global-admin-password-reset/
CI/CD密钥提取技巧
https://www.synacktiv.com/en/publications/cicd-secrets-extraction-tips-and-tricks.html
利用谷歌云的恶意文档分发
https://fortynorthsecurity.com/blog/redirecting-maldoc-transfers-in-the-cloud/
其他
利用AI生成的语音接管银行账户
https://www.vice.com/en/article/dy7axa/how-i-broke-into-a-bank-account-with-an-ai-generated-voice
SpiderCat:使用webhook将目标连接到黑曜石网络爬虫框架,跟踪目标网络连接链路,收集用户电子邮件、系统信息、地理位置等情报
https://github.com/CosmodiumCS/SpiderCat
使用Isolation Forest和SHAP的Microsoft Sentinel Notebooks的异常检测和解释
https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/anomaly-detection-and-explanation-with-isolation-forest-and-shap/ba-p/3750086
M01N Team公众号
聚焦高级攻防对抗热点技术
绿盟科技蓝军技术研究战队
官方攻防交流群
网络安全一手资讯
攻防技术答疑解惑
扫码加好友即可拉群
往期推荐