每周蓝军技术推送(2023.12.30-2024.1.5)
2024-1-5 16:33:53 Author: mp.weixin.qq.com(查看原文) 阅读量:4 收藏

Web安全

由LLM驱动的Web蜜罐

https://github.com/0x4D31/galah

程序分析框架“太阿”:静态分析检测Log4Shell

https://xz.aliyun.com/t/13223

内网渗透

内网渗透中提高隐匿能力

https://sokarepo.github.io/redteam/2024/01/04/increase-your-stealth-capabilities-part1.html

GOAD AD域环境测试环境新增 gmsa 账户、非约束委派账户等脆弱风险

https://github.com/Orange-Cyberdefense/GOAD

终端对抗

通过运行时修改参数绕过EDR的syscall hook

https://malwaretech.com/2023/12/silly-edr-bypasses-and-where-to-find-them.html

Best EDR Of The Market:EDR用户态检测绕过试验场

https://xacone.github.io/BestEdrOfTheMarket.html

https://github.com/Xacone/BestEdrOfTheMarket

EDRSilencer:通过为特定进程添加WFP筛选器阻止EDR出站流量

https://github.com/netero1010/EDRSilencer

EDRNoiseMaker:检查被WFP静默的EDR可执行文件对抗EDRSilencer

https://github.com/amjcyber/EDRNoiseMaker

SignToolEx:劫持signtool.exe使得过期签名证书生效

https://github.com/hackerhouse-opensource/SignToolEx

Stinger:参考泄露的Vault7 Fine Dining工具集提权模块描述复刻的UAC绕过工具

https://github.com/hackerhouse-opensource/Stinger

https://twitter.com/hackerfantastic/status/1742061210424467817

havoc-bloodhound:与bloodhound CE交互的Havoc图形化插件

https://github.com/p4p1/havoc-bloodhound

利用WinSxS文件夹下可执行程序进行DLL劫持

https://www.securityjoes.com/post/hide-and-seek-in-windows-closet-unmasking-the-winsxs-hijacking-hideout

Yara规则研究百日计划:恶意行为Yara检测规则

https://medium.com/@Shinigami42/100daysofyara-45bdce96d48f

https://github.com/Johnnyd4251/100DaysOfYara

SharpGhostTask:在不产生日志的前提下篡改计划任务

https://github.com/dmcxblue/SharpGhostTask

漏洞相关

CVE-2023-51766:SMTP smuggling

https://seclists.org/oss-sec/2024/q1/0

CVE-2023-5217:chromium v8堆溢出漏洞

https://bugs.chromium.org/p/chromium/issues/detail?id=1486441

CVE-2023-32434:IOS/macOS中的整数溢出漏洞

https://github.com/felix-pb/kfd/blob/main/writeups/smith.md

CVE-2023-41974:IOS/macOS中的条件竞争漏洞

https://github.com/felix-pb/kfd/blob/main/writeups/landa.md

一款Windows下辅助进行ROP gadgets搜索的rust库

https://github.com/0vercl0k/rp-bf.rs

云安全

滥用AzureAD动态组 - 第一部分:利用动态组提升权限

https://medium.com/r3d-buck3t/abusing-dynamic-groups-in-azuread-part-1-ff12e328c8c0

其他

大型语言模型幻觉缓解技术综述

https://arxiv.org/abs/2401.01313

Git仓库配置不当带来的供应链安全问题

https://adnanthekhan.com/2023/12/20/one-supply-chain-attack-to-rule-them-all/

来自安全行业公司的2024年安全预测报告汇总

https://www.govtech.com/blogs/lohrmann-on-cybersecurity/the-top-24-security-predictions-for-2024-part-1

https://www.govtech.com/blogs/lohrmann-on-cybersecurity/the-top-24-security-predictions-for-2024-part-2

M01N Team公众号

聚焦高级攻防对抗热点技术

绿盟科技蓝军技术研究战队

官方攻防交流群

网络安全一手资讯

攻防技术答疑解惑

扫码加好友即可拉群

往期推荐

每周蓝军技术推送(2023.12.23-12.29)

每周蓝军技术推送(2023.12.16-12.22)

每周蓝军技术推送(2023.12.9-12.15)


文章来源: https://mp.weixin.qq.com/s?__biz=MzkyMTI0NjA3OA==&mid=2247493246&idx=1&sn=c0024e7c461510cb149868fde8710238&chksm=c184266ff6f3af79a4368b2c7889f1d2314b4d6240e1c76ccbb8a49ab50fce2728a23e4c4776&scene=58&subscene=0#rd
如有侵权请联系:admin#unsafe.sh