每周蓝军技术推送(2024.3.16-3.22)
2024-3-22 17:12:55 Author: mp.weixin.qq.com(查看原文) 阅读量:27 收藏

Web安全

WebSockets CSWSH劫持技术分析,通过握手绕过同源策略

https://www.blackhillsinfosec.com/cant-stop-wont-stop-hijacking-websockets

泄露ObjRefs利用HTTP .NET Remoting 实现代码发布

https://github.com/codewhitesec/HttpRemotingObjRefLeak

https://code-white.com/blog/leaking-objrefs-to-exploit-http-dotnet-remoting/

Ruby语言环境下的反序列化漏洞利用链构造

https://blog.includesecurity.com/2024/03/discovering-deserialization-gadget-chains-in-rubyland/

Gungnir:持续监测新颁发的SSL/TLS证书的证书透明度

https://github.com/g0ldencybersec/gungnir

 内网渗透

Exchange 不安全权限配置在 AD 中的攻击面

https://posts.specterops.io/pwned-by-the-mail-carrier-0750edfad43b

滥用AD域AdminSDHolder实现持久化

https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/how-to-abuse-and-backdoor-adminsdholder-to-obtain-domain-admin-persistence

DNS-Tunnel-Keylogger:使用DNS隧道回传信息的键盘记录器

https://github.com/Geeoon/DNS-Tunnel-Keylogger

Tor 的新 WebTunnel 桥模仿 HTTPS 流量来逃避审查

https://www.bleepingcomputer.com/news/security/tors-new-webtunnel-bridges-mimic-https-traffic-to-evade-censorship

终端对抗

武器化Windows线程池实现DLL代理加载

https://fin3ss3g0d.net/index.php/2024/03/18/weaponizing-windows-thread-pool-apis-proxying-dll-loads/

ADPT:DLL劫持代理工具

https://github.com/Kudaes/ADPT

RustRedOps:基于Rust语言的进攻性武器开发代码库

https://github.com/joaoviictorti/RustRedOps

grimreaper:结合常规与特殊APC调用的内存混淆技术

https://github.com/realoriginal/grimreaper

NoArgs:借助API Hook动态操纵和隐藏进程参数

https://github.com/oh-az/NoArgs

SymProcAddress:零 EAT 接触方式检索函数地址

https://github.com/MzHmO/SymProcAddress

GamingServiceEoP:利用Xbox游戏服务组件中的任意文件夹移动漏洞提权POC

https://github.com/Wh04m1001/GamingServiceEoP

Windows与Linux操作系统进程加载器架构分析对比

https://github.com/ElliotKillick/windows-vs-linux-loader-architecture

revng-c:rev.ng开源的二进制分析框架与反编译器

https://github.com/revng/revng-c

漏洞相关

CVE-2024-20696:Windows Libarchive RCE漏洞补丁分析

https://clearbluejar.github.io/posts/patch-tuesday-diffing-cve-2024-20696-windows-libarchive-rce/

CVE-2023-36424:Windows 内核池 (clfs.sys) 损坏权限升级漏洞利用POC

https://github.com/Nassim-Asrir/CVE-2023-36424

串联nday漏洞攻陷系统第一篇:CVE-2023-3079 Chrome 渲染器RCE漏洞

https://blog.theori.io/chaining-n-days-to-compromise-all-part-1-chrome-renderer-rce-1afccf56721b

浏览器漏洞分析利用集合

https://twitter.com/binitamshah/status/1770875914240328084

Fortinet FortiWLM近期漏洞修补与未授权RCE漏洞利用分析

https://www.horizon3.ai/attack-research/attack-blogs/fortiwlm-the-almost-story-for-the-forti-forty/

GhostRace:利用与缓解预测执行过程的条件竞争

https://download.vusec.net/papers/ghostrace_sec24.pdf

云安全

ActionsCacheBlasting:GitHub Actions缓存投毒POC代码

https://github.com/AdnaneKhan/ActionsCacheBlasting

NamespaceHound:保护多租户 K8s 集群

https://www.wiz.io/blog/introducing-namespacehound-for-cross-tenant-violation-assessments

https://github.com/wiz-sec-public/namespacehound/

通过Azure部署脚本滥用用户分配的托管标识实现权限提升

https://www.netspi.com/blog/technical/cloud-penetration-testing/azure-user-assigned-managed-identities-via-deployment-scripts/

Miaow:使用 ARM 模板部署在Azure中权限提升的POC

https://github.com/SecureHats/miaow/

FindMeAccess:查找不同资源、客户端ID与用户代理间的Azure/M365 MFA认证要求差别

https://github.com/absolomb/FindMeAccess

AzureEnum:新的Azure环境安全配置审计工具

https://blog.syss.com/posts/introducing-azurenum/

https://github.com/SySS-Research/azurenum

通过恶意AWS活动来发现网络钓鱼活动

https://securitylabs.datadoghq.com/articles/tales-from-the-cloud-trenches-aws-activity-to-phishing/#pivoting-on-ip-addresses-discovering-a-phishing-campaign

社工钓鱼

SVG文件在新兴钓鱼活动中的滥用

https://cofense.com/blog/svg-files-abused-in-emerging-campaigns/

人工智能和安全

通过分析绕过已有CVE漏洞,攻击Anything LLM应用

https://basu-banakar.medium.com/hacking-anything-llm-via-reversing-cves-duplicates-4fbfde67463f

提示词注入攻击下大语言模型翻译的扩展行为

https://aclanthology.org/2024.scalellm-1.2/

ChatGPT 生态系统中的安全漏洞允许访问第三方网站上的帐户和敏感数据

https://salt.security/blog/security-flaws-within-chatgpt-extensions-allowed-access-to-accounts-on-third-party-websites-and-sensitive-data

其他

Sentinel2ATTACKv2:由微软Sentinel SIEM告警抽取ATT&ACK映射

https://github.com/chihebchebbi/Sentinel2ATTACKv2

波耐蒙研究所发布《2024年网络安全行业人工智能现状分析报告》

https://mixmode.ai/state-of-ai-in-cybersecurity-2024/

SO-CON 2024会议Slide材料

https://github.com/SpecterOps/presentations/tree/master/SO-CON%202024

M01N Team公众号

聚焦高级攻防对抗热点技术

绿盟科技蓝军技术研究战队

官方攻防交流群

网络安全一手资讯

攻防技术答疑解惑

扫码加好友即可拉群

往期推荐

每周蓝军技术推送(2024.3.9-3.15)

每周蓝军技术推送(2024.3.2-3.8)

每周蓝军技术推送(2024.2.24-3.1)


文章来源: https://mp.weixin.qq.com/s?__biz=MzkyMTI0NjA3OA==&mid=2247493443&idx=1&sn=6ecac8f3f0cc0cd84714a5125049d7fa&chksm=c1842752f6f3ae44cb651fac558c54bcdf5af10d86389317fde9a2181bb1db8d1979a0d11988&scene=58&subscene=0#rd
如有侵权请联系:admin#unsafe.sh