内网渗透
滥用Kerberos混合堆栈
https://www.pentestpartners.com/security-blog/a-broken-marriage-abusing-mixed-vendor-kerberos-stacks/
终端对抗
EternalHushFramework:Windows C2框架,支持Python开发扩展插件
https://github.com/APT64/EternalHushFramework
PPLBlade:Dump受保护进程的工具
https://github.com/tastypepperoni/PPLBlade
https://tastypepperoni.medium.com/bypassing-defenders-lsass-dump-detection-and-ppl-protection-in-go-7dd85d9a32e6
Reg-Restore-Persistence-Mole:用于持久化并规避sysmon事件监控
https://github.com/tccontre/Reg-Restore-Persistence-Mole
NtRemoteLoad:基于ShorSec HWSyscalls的远程Shellcode注入工具
https://github.com/florylsk/NtRemoteLoad
Supernova:安全加密原始Shellcode,并可将Shellcode转化为C、C#、Rust或Nim的工具
https://github.com/nickvourd/Supernova
EDRSandblast-GodFault:利用易受攻击的签名驱动程序绕过EDR检测
https://github.com/gabriellandau/EDRSandblast-GodFault
DebugAmsi:通过Windows进程调试器机制绕过AMSI
https://github.com/MzHmO/DebugAmsi
提高内存注入技术的隐蔽性
https://www.naksyn.com/edr%20evasion/2023/06/01/improving-the-stealthiness-of-memory-injections.html
漏洞相关
CVE-2023-38831:winrar漏洞EXP生成器
https://github.com/b1tg/CVE-2023-38831-winrar-exploit
CVE-2023-21939:Java Swing组件中的远程代码执行漏洞POC
https://gist.github.com/win3zz/308c6567e38e096c7071d3564ef164ad
CVE-2023-28229 、CVE-2023-36906:探索CNG密钥隔离的特权提升
https://whereisk0shl.top/post/isolate-me-from-sandbox-explore-elevation-of-privilege-of-cng-key-isolation
CVE-2023-4273:Linux exFAT驱动程序中的漏洞
https://dfir.ru/2023/08/23/cve-2023-4273-a-vulnerability-in-the-linux-exfat-driver/
云安全
AWS服务命令和控制HTTP流量转发
https://thegreycorner.com/2023/08/30/aws-service-C2-forwarding.html
其他
Evilginx 3.2:添加会话捕获动态重定向、隐藏钓鱼页面、HTTP请求拦截等功能
https://breakdev.org/evilginx-3-2/
KCon 2023公开PPT
https://github.com/knownsec/KCon/tree/master/2023
DEF CON 2023公开资料
https://media.defcon.org/DEF%20CON%2031/
HVCI-loldrivers-check:检查来自loldrivers.io的哪些驱动程序未被当前HVCI阻止
https://github.com/trailofbits/HVCI-loldrivers-check
在联想笔记本电脑上使用cheap logic分析绕过Bitlocker
https://www.errno.fr/BypassingBitlocker
检测和阻止OpenAI爬虫
https://blog.aaronsdevera.com/posts/20230823-detecting-and-blocking-openai-crawlers
M01N Team公众号
聚焦高级攻防对抗热点技术
绿盟科技蓝军技术研究战队
官方攻防交流群
网络安全一手资讯
攻防技术答疑解惑
扫码加好友即可拉群
往期推荐