Web安全
CVE-2024-4577:PHP CGI 参数注入远程代码执行漏洞
https://securityonline.info/cve-2024-4577-critical-php-vulnerability-exposes-millions-of-servers-to-rce/
https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/
内网渗透
goLAPS:域内LAPS凭据检索工具
https://github.com/felmoltor/goLAPS
从备份中恢复失陷的ADCS系统
https://techcommunity.microsoft.com/t5/microsoft-security-experts-blog/recover-an-adcs-platform-from-compromise/ba-p/4120889
VirtualGHOST:识别未在vCenter/ESXI中注册的虚拟机
https://github.com/CrowdStrike/VirtualGHOST
Cadiclus:适用于Linux的权限提升漏洞识别脚本
https://github.com/tjnull/pentest-arsenal/tree/main/Cadiclus
smbclient-ng:基于python的SMB共享访问工具
https://github.com/p0dalirius/smbclient-ng
NetWrapper:具备HTML报告导出的netexec工具封装
https://github.com/Edd13Mora/NetWrapper
终端对抗
RtlClone:使用NtCreateUserProcess实现进程克隆
https://github.com/rbmm/RtlClone
VerifierDll:借助Verifier DLL机制注入并HOOK进程
https://github.com/zodiacon/VerifierDll
https://scorpiosoftware.net/2024/06/01/building-a-verifier-dll/
在Elastic Defend中使用Windows API检测键盘记录器
https://www.elastic.co/security-labs/protecting-your-devices-from-information-theft-keylogger-protection
基于操作链的EDR能力评估新思考
https://posts.specterops.io/to-infinity-and-beyond-feab2d8ff93c
针对macOS和Linux的EDR遥测能力分析
https://www.outflank.nl/blog/2024/06/03/edr-internals-macos-linux/
漏洞相关
Linux 5.10内核权限提升漏洞POC
https://ssd-disclosure.com/ssd-advisory-linux-kernel-nft_validate_register_store-integer-overflow-privilege-escalation/
CVE-2024-27822:macOS PackageKit权限提升漏洞分析
https://khronokernel.com/macos/2024/06/03/CVE-2024-27822.html
CVE-2023-4069:Chrome V8 编译器pipeline攻击技术分析
https://www.matteomalvica.com/blog/2024/06/05/intro-v8-exploitation-maglev/
CVE-2023-6702:Chrome渲染器RCE漏洞POC
https://github.com/kaist-hacking/CVE-2023-6702
CVE-2024-29415:Node.js软件包node-ip存在SSRF攻击,数千万服务受影响
https://securityonline.info/cve-2024-29415-popular-node-js-package-node-ip-exposes-millions-to-potential-ssrf-attacks/#/
云安全
Amazon S3 错误配置攻击面分析
https://blog.plerion.com/things-you-wish-you-didnt-need-to-know-about-s3/
人工智能和安全
Microsoft 如何实现 AI Red Teaming
https://build.microsoft.com/en-US/sessions/0106b5b1-d727-4240-bb2e-dea325cb8519
CS-Eval 安全领域大模型网络安全能力评测集
https://cs-eval.com/
Copilot+ Recall信息泄露攻击面分析、武器化POC
https://doublepulsar.com/recall-stealing-everything-youve-ever-typed-or-viewed-on-your-own-windows-pc-is-now-possible-da3e12e9465e
https://github.com/xaitax/TotalRecall
https://github.com/Pennyw0rth/NetExec/pull/335
从零开始构建基于LLM的AI agent
https://blog.openthreatresearch.com/rise-of-the-planet-of-the-agents/
社工钓鱼
网络钓鱼诱饵生成器,通过WASM执行HTML smuggling攻击
https://labs.jumpsec.com/wasm-smuggling-for-initial-access-and-w-a-l-k-tool-release/
https://github.com/JumpsecLabs/WALK_WebAssembly_Lure_Krafter
其他
适用于Linode的Havoc C2自动化部署脚本
https://github.com/smokeme/ansible-havoc
威胁整个JavaScript生态,针对NPM registry的缓存投毒漏洞披露
https://www.landh.tech/blog/20240603-npm-cache-poisoning/
防范基于WIFI的定位暴漏风险
https://www.cs.umd.edu/~dml/papers/wifi-surveillance-sp24.pdf
M01N Team公众号
聚焦高级攻防对抗热点技术
绿盟科技蓝军技术研究战队
官方攻防交流群
网络安全一手资讯
攻防技术答疑解惑
扫码加好友即可拉群
往期推荐