内网渗透
LocalKdc:在非域主机上运行Kerberos密钥分发中心
https://github.com/jborean93/LocalKdc
KeyCredentialLink:编辑msDS-KeyCredentialLink属性添加影子凭据
https://github.com/Leo4j/KeyCredentialLink
终端对抗
SessionExec:在其他用户Session中执行命令
https://github.com/Leo4j/SessionExec
LayeredSyscall:滥用VEH回调构造合法调用堆栈
https://whiteknightlabs.com/2024/07/31/layeredsyscall-abusing-veh-to-bypass-edrs/
https://github.com/WKL-Sec/LayeredSyscall
SyscallTempering:借助VEH回调隐藏Syscall调用参数
https://github.com/Allevon412/SyscallTempering
C2武器的异常堆栈特征捕获与对抗
https://sabotagesec.com/gotta-catch-em-all-catching-your-favorite-c2-in-memory-using-stack-thread-telemetry/
Chrome引入应用绑定机制加强Cookie加密保护
https://security.googleblog.com/2024/07/improving-security-of-chrome-cookies-on.html
解析“核心隔离”保护机制如何影响驱动加载过程
https://sabotagesec.com/tale-of-code-integrity-driver-loads/
Specula:借助Outlook客户端组件通讯的C2框架
https://github.com/trustedsec/specula
https://trustedsec.com/blog/specula-turning-outlook-into-a-c2-with-one-registry-change
漏洞
CVE-2024-37085:Vmware ESXi AD集成身份验证绕过漏洞
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505
https://www.microsoft.com/en-us/security/blog/2024/07/29/ransomware-operators-exploit-esxi-hypervisor-vulnerability-for-mass-encryption/
某输入法Windows锁屏绕过及权限提升
https://mp.weixin.qq.com/s/aqA3TdU5NFcT6v1owMz--A
https://mp.weixin.qq.com/s/25n6PPsfSizRXn2VGVhxnQ
挖掘与利用终端安全产品中的链接跟随提权漏洞
https://www.zerodayinitiative.com/blog/2024/7/29/breaking-barriers-and-assumptions-techniques-for-privilege-escalation-on-windows-part-1
https://www.zerodayinitiative.com/blog/2024/7/30/breaking-barriers-and-assumptions-techniques-for-privilege-escalation-on-windows-part-2
CVE-2024-7120:瑞斯康达网关命令注入漏洞影响25,000 多个设备
https://netsecfish.notion.site/Command-Injection-Vulnerability-in-RAISECOM-Gateway-Devices-673bc7d2f8db499f9de7182d4706c707
云安全
GraphSpy:适用于AAD与O365的初始访问与后渗透框架
https://github.com/RedByte1337/GraphSpy
人工智能和安全
LLM Agent安全和隐私风险案例研究调查
https://arxiv.org/abs/2407.19354
Amazon 发布 Bedrock LLM AI托管解决方案,包含安防防护和数据安全
https://aws.amazon.com/cn/bedrock/security-compliance/
https://aws.amazon.com/cn/bedrock/guardrails/
llama3.1越狱提示词
https://ai.meta.com/blog/meta-llama-3-1/
https://github.com/elder-plinius/L1B3RT45/blob/main/META.mkd
社工钓鱼
在网络钓鱼中利用自定义载荷绕过EDR
https://posts.specterops.io/deep-sea-phishing-pt-1-092a0637e2fd
https://posts.specterops.io/deep-sea-phishing-pt-2-29c48f1e214e
其他
go-exploit-cache:借助测绘引擎HTTP缓存扫描漏洞
https://github.com/vulncheck-oss/go-exploit-cache
https://vulncheck.com/blog/vulncheck-goes-scanless
CFOR漏洞攻击:访问Github上的已删除和私有仓库数据
https://trufflesecurity.com/blog/anyone-can-access-deleted-and-private-repo-data-github
借助RDP位图缓存取证恶意远程桌面活动
https://www.thedfirspot.com/post/rdp-bitmap-cache-piece-s-of-the-puzzle
PKfail:借助预置平台密钥绕过UEFI安全启动保护
https://www.binarly.io/blog/pkfail-untrusted-platform-keys-undermine-secure-boot-on-uefi-ecosystem
https://pk.fail/
M01N Team公众号
聚焦高级攻防对抗热点技术
绿盟科技蓝军技术研究战队
官方攻防交流群
网络安全一手资讯
攻防技术答疑解惑
扫码加好友即可拉群
往期推荐
如有侵权请联系:admin#unsafe.sh