每周蓝军技术推送(2023.10.7-10.13)
2023-10-12 23:19:6 Author: mp.weixin.qq.com(查看原文) 阅读量:2 收藏

Web安全

PHP从零学习到Webshell免杀手册

https://paper.seebug.org/3044/

内网渗透

AD_Miner:利用Bloodhound图数据进行AD域审计的工具

https://github.com/Mazars-Tech/AD_Miner

ExtractBitlockerKeys:从AD域中自动化提取Bitlocker恢复密钥的脚本

https://github.com/p0dalirius/ExtractBitlockerKeys

linWinPwn:自动化AD域枚举和漏洞检查脚本

https://github.com/lefayjey/linWinPwn

终端对抗

LatLoader:适用于Havoc C2的自动化DLL劫持横向移动模块

https://github.com/icyguider/LatLoader

CoercedPotato:利用SeImpersonatePrivilege从服务账户权限到SYSTEM权限,适用于Windows 10、Windows 11和Server 2022

https://github.com/hackvens/CoercedPotato

SmmBackdoorNg:基于UEFI平台的系统管理模式后门

https://github.com/Cr4sh/SmmBackdoorNg

从注册表中自动化解析USB设备记录

https://www.khyrenz.com/post/automated-usb-artefact-parsing-from-the-registry

https://github.com/khyrenz/parseusbs

netuser-rs:Rust实现的Windows用户组管理接口API

https://github.com/secur30nly/netuser-rs

R2R Stamping:一种在ReadyToRun (R2R) 编译的.NET二进制文件中运行隐藏植入代码的新方法

https://research.checkpoint.com/2023/r2r-stomping-are-you-ready-to-run/

REC2:利用VirusTotal和Mastodon API加密消息传输的C2工具

https://github.com/g0h4n/REC2

LOLBins:在TIP平台中使用STIX格式以图形化易于理解的形式展示LOLBin二进制文件的利用

https://github.com/CTI-Driven/LOLBins

反射堆栈调用检测与规避

https://securityintelligence.com/x-force/reflective-call-stack-detections-evasions/

规避内存扫描的.net程序集混淆技术

https://www.r-tec.net/r-tec-blog-net-assembly-obfuscation-for-memory-scanner-evasion.html

绕过Windows 10内置通用EDR

https://www.riskinsight-wavestone.com/en/2023/10/a-universal-edr-bypass-built-in-windows-10/

漏洞相关

CVE-2023-29357:Windows SharePoint Server特权提升漏洞EXP

https://github.com/Chocapikk/CVE-2023-29357

CVE-2023-36802:Microsoft mskssrv.sys权限提升漏洞

https://securityintelligence.com/x-force/critically-close-to-zero-day-exploiting-microsoft-kernel-streaming-service/

https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2023/CVE-2023-36802.html

CVE-2023-32364:MacOS APP沙盒逃逸漏洞EXP

https://github.com/gergelykalman/CVE-2023-32364-macos-app-sandbox-escape

MacOS NSService漏洞允许绕过TCC

https://moonlock.com/nsservices-macos

MacOS应用权限劫持漏洞

https://blog.xpnsec.com/dirtynib/

CVE-2023-4911:Linux GUN C语言库动态加载器缓冲区溢出漏洞

https://www.picussecurity.com/resource/blog/cve-2023-4911-looney-tunables-local-privilege-escalation-vulnerability

CVE-2023-4911:glbic ld.so文件本地提权漏洞

https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt

CVE-2023-43641:libcue 1-click远程代码执行漏洞

https://github.blog/2023-10-09-coordinated-disclosure-1-click-rce-on-gnome-cve-2023-43641/

某国内安全厂商防火墙未授权漏洞

https://labs.watchtowr.com/yet-more-unauth-remote-command-execution-vulns-in-firewalls-sangfor-edition/

利用Cloudflare绕过Cloudflare

https://certitude.consulting/blog/en/using-cloudflare-to-bypass-cloudflare/

云安全

基于SQL Server实现云上横向移动

https://www.microsoft.com/en-us/security/blog/2023/10/03/defending-new-vectors-threat-actors-attempt-sql-server-to-cloud-lateral-movement/

使用eBPF实现安全监控存在的问题与解决方案

https://blog.trailofbits.com/2023/09/25/pitfalls-of-relying-on-ebpf-for-security-monitoring-and-some-solutions/

其他

通过遏制失陷的用户帐户自动中断人为攻击

https://www.microsoft.com/en-us/security/blog/2023/10/11/automatic-disruption-of-human-operated-attacks-through-containment-of-compromised-user-accounts/

dangerzone:将潜在的危险PDF、文档或图片转换为安全的

https://github.com/freedomofpress/dangerzone

关于基于硬件图像数据压缩的侧信道影响

https://www.hertzbleed.com/gpu.zip/GPU-zip.pdf

M01N Team公众号

聚焦高级攻防对抗热点技术

绿盟科技蓝军技术研究战队

官方攻防交流群

网络安全一手资讯

攻防技术答疑解惑

扫码加好友即可拉群

往期推荐

每周蓝军技术推送(2023.9.23-9.29)

每周蓝军技术推送(2023.9.16-9.22)

每周蓝军技术推送(2023.9.9-9.15)


文章来源: https://mp.weixin.qq.com/s?__biz=MzkyMTI0NjA3OA==&mid=2247492426&idx=1&sn=88bbad0abcee8ccc02a5d8b547349417&chksm=c184235bf6f3aa4d64fbb289c1a6209cf0994ffbf4927206190070387d34f226ea22e363c8e5&scene=58&subscene=0#rd
如有侵权请联系:admin#unsafe.sh