每周蓝军技术推送(2023.8.26-9.1)
2023-9-1 16:3:4 Author: mp.weixin.qq.com(查看原文) 阅读量:7 收藏

内网渗透

滥用Kerberos混合堆栈

https://www.pentestpartners.com/security-blog/a-broken-marriage-abusing-mixed-vendor-kerberos-stacks/

终端对抗

EternalHushFramework:Windows C2框架,支持Python开发扩展插件

https://github.com/APT64/EternalHushFramework

PPLBlade:Dump受保护进程的工具

https://github.com/tastypepperoni/PPLBlade

https://tastypepperoni.medium.com/bypassing-defenders-lsass-dump-detection-and-ppl-protection-in-go-7dd85d9a32e6

Reg-Restore-Persistence-Mole:用于持久化并规避sysmon事件监控

https://github.com/tccontre/Reg-Restore-Persistence-Mole

NtRemoteLoad:基于ShorSec HWSyscalls的远程Shellcode注入工具

https://github.com/florylsk/NtRemoteLoad

Supernova:安全加密原始Shellcode,并可将Shellcode转化为C、C#、Rust或Nim的工具

https://github.com/nickvourd/Supernova

EDRSandblast-GodFault:利用易受攻击的签名驱动程序绕过EDR检测

https://github.com/gabriellandau/EDRSandblast-GodFault

DebugAmsi:通过Windows进程调试器机制绕过AMSI

https://github.com/MzHmO/DebugAmsi

提高内存注入技术的隐蔽性

https://www.naksyn.com/edr%20evasion/2023/06/01/improving-the-stealthiness-of-memory-injections.html

漏洞相关

CVE-2023-38831:winrar漏洞EXP生成器

https://github.com/b1tg/CVE-2023-38831-winrar-exploit

CVE-2023-21939:Java Swing组件中的远程代码执行漏洞POC

https://gist.github.com/win3zz/308c6567e38e096c7071d3564ef164ad

CVE-2023-28229 、CVE-2023-36906:探索CNG密钥隔离的特权提升

https://whereisk0shl.top/post/isolate-me-from-sandbox-explore-elevation-of-privilege-of-cng-key-isolation

CVE-2023-4273:Linux exFAT驱动程序中的漏洞

https://dfir.ru/2023/08/23/cve-2023-4273-a-vulnerability-in-the-linux-exfat-driver/

云安全

AWS服务命令和控制HTTP流量转发

https://thegreycorner.com/2023/08/30/aws-service-C2-forwarding.html

其他

Evilginx 3.2:添加会话捕获动态重定向、隐藏钓鱼页面、HTTP请求拦截等功能

https://breakdev.org/evilginx-3-2/

KCon 2023公开PPT

https://github.com/knownsec/KCon/tree/master/2023

DEF CON 2023公开资料

https://media.defcon.org/DEF%20CON%2031/

HVCI-loldrivers-check:检查来自loldrivers.io的哪些驱动程序未被当前HVCI阻止

https://github.com/trailofbits/HVCI-loldrivers-check

在联想笔记本电脑上使用cheap logic分析绕过Bitlocker

https://www.errno.fr/BypassingBitlocker

检测和阻止OpenAI爬虫

https://blog.aaronsdevera.com/posts/20230823-detecting-and-blocking-openai-crawlers

M01N Team公众号

聚焦高级攻防对抗热点技术

绿盟科技蓝军技术研究战队

官方攻防交流群

网络安全一手资讯

攻防技术答疑解惑

扫码加好友即可拉群

往期推荐

每周蓝军技术推送(2023.8.19-8.25)

每周蓝军技术推送(2023.8.12-8.18)

每周蓝军技术推送(2023.8.5-8.11)


文章来源: https://mp.weixin.qq.com/s?__biz=MzkyMTI0NjA3OA==&mid=2247492152&idx=1&sn=bd141615049dcfa1e58db9865616d7b5&chksm=c1842229f6f3ab3fb95baf46679b1819ac56b57dcaf8aa3d9c0511b161b35193a2085e1ba1bc&scene=58&subscene=0#rd
如有侵权请联系:admin#unsafe.sh