内网渗透
sccmhunter:查询LDAP以获取潜在的SCCM相关资产
https://github.com/garrettfoster13/sccmhunter
GetLAPSPassword:使用impacket库编写的LAPS转储脚本
https://github.com/dru1d-foofus/GetLAPSPassword/
终端对抗
delivr.to社工钓鱼评估平台有效载荷Top 10排名:突出重点和趋势技术
https://blog.delivr.to/delivr-tos-top-10-payloads-highlighting-notable-and-trending-techniques-fb5e9fdd9356
exec2shel:将PE、ELF或Mach-O可执行文件的TEXT部分提取到shellcode
https://github.com/Binject/exec2shell
RunAsPasswd:支持参数指定密码的RunAS.exe工具,适用非交互式shell
https://github.com/Sq00ky/RunAsPasswd
Freeze.rs:基于Rust的EDR绕过载荷工具箱
https://github.com/optiv/Freeze.rs
Dump Windows NTFS扩展属性
https://github.com/daem0nc0re/TangledWinExec/tree/main/Misc/EaDumper
CustomEntryPoint:修改DLL中的任何导出函数作为新入口点
https://github.com/Kudaes/CustomEntryPoint
借助XFG签名识别辅助逆向分析,识别目标函数
https://m417z.com/Leveraging-XFG-to-help-with-reverse-engineering/
漏洞相关
CVE-2022-37985:Windows图形组件信息泄露漏洞
https://www.trellix.com/en-us/about/newsroom/stories/research/the-art-of-information-disclosure.html
CVE-2023-29324:CVE-2023-23397的补丁导致的MSHTML平台安全功能绕过漏洞
https://www.akamai.com/blog/security-research/important-outlook-vulnerability-bypass-windows-api
CVE-2023-25394:macOS VideoStream本地提权漏洞
https://danrevah.github.io/2023/05/03/CVE-2023-25394-VideoStream-LPE/
CVE-2023-0386:Linux OverlayFS子系统中的提权漏洞
https://github.com/xkaneiki/CVE-2023-0386
Cisco AnyConnect 4.x和5.x中存在恶意DLL加载漏洞
https://medium.com/@urshilaravindran/dll-side-loading-vulnerability-in-cisco-anyconnect-4-x-and-5-x-de81b1395102
云安全
Azure API管理服务漏洞
https://ermetic.com/blog/azure/when-good-apis-go-bad-uncovering-3-azure-api-management-vulnerabilities/
其他
ESET APT活动报告 2022Q4–2023Q1
https://www.welivesecurity.com/wp-content/uploads/2023/05/eset_apt_activity_report_q42022_q12023.pdf
snapchange:使用KVM对内存快照进行轻量级模糊测试
https://github.com/awslabs/snapchange
stealthscraper:社交媒体抓取工具,通过使用GUI自动化模拟用户逃避检测
https://github.com/TheKevinWang/stealthscraper
利用maskcat和rulecat创建Hash破解规则
https://jakewnuk.com/posts/brewing-hash-cracking-resources-w-the-twin-cats/
M01N Team公众号
聚焦高级攻防对抗热点技术
绿盟科技蓝军技术研究战队
官方攻防交流群
网络安全一手资讯
攻防技术答疑解惑
扫码加好友即可拉群
往期推荐