WEB安全
利用Apache HTTP服务器中隐藏的语义歧义
https://blog.orange.tw/posts/2024-08-confusion-attacks-ch/
内网渗透
MaLDAPtive:LDAP SearchFilter 解析/混淆/解混淆及检测框架
https://github.com/MaLDAPtive/Invoke-Maldaptive
借助SSH隧道穿越企业防火墙
https://labs.jumpsec.com/ssh-tunnelling-to-punch-through-corporate-firewalls-updated-take-on-one-of-the-oldest-lolbins/
终端对抗
Shwmae:在特权用户上下文中滥用Windows Hello
https://github.com/CCob/Shwmae
ShimMe:使用OfficeClickToRun未公开结构与接口注入代码
https://github.com/deepinstinct/ShimMe
.NET程序集感染与权限维持技术
https://habr.com/ru/companies/ru_mts/articles/832892/
Hookchain:借助IAT Hook、系统调用等技术重定向Windows子系统规避EDR挂钩
https://github.com/helviojunior/hookchain
使用VEH规避EDR进行进程注入
https://securityintelligence.com/x-force/using-veh-for-defense-evasion-process-injection/
DriverJack:滥用符号链接劫持合法驱动服务加载自定义驱动
https://github.com/klezVirus/DriverJack
漏洞
CVE-2024-30089:Windows 11内核UAF漏洞分析
https://securityintelligence.com/x-force/little-bug-that-could/
CVE-2024-38100:利用DCOM接口的的本地权限提升漏洞
https://decoder.cloud/2024/08/02/the-fake-potato/
CVE-2024-38063:Windows TCP/IP IPV6 RCE漏洞补丁对比与POC
https://x.com/f4rmpoet/status/1825472703223992323
https://github.com/Sachinart/CVE-2024-38063-POC
BYOB (Build Your Own Botnet) 开源后渗透框架未授权RCE漏洞
https://github.com/chebuya/exploits/tree/main/BYOB-RCE
https://blog.chebuya.com/posts/unauthenticated-remote-command-execution-on-byob/
“检查时间到使用时间”(TOCTOU)类型逻辑漏洞利用分析
https://oliviagallucci.com/how-to-manipulate-the-execution-flow-of-toctou-attacks/
云安全
通过微软云应用程序进行权限提升和持久化
https://www.semperis.com/blog/unoauthorized-privilege-elevation-through-microsoft-applications/
使用联合凭证持续使用 Entra ID 应用程序和用户托管身份
https://dirkjanm.io/persisting-with-federated-credentials-entra-apps-managed-identities/
在Azure中利用直通身份验证凭据
https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/
借助AWS默认OIDC信任策略缺陷获取管理权限
https://hacktodef.com/addressed-aws-defaults-risks-oidc-terraform-and-anonymous-to-administratoraccess
Kebernetes组件git-sync的命令注入缺陷
https://www.akamai.com/blog/security-research/2024-august-kubernetes-gitsync-command-injection-defcon
滥用Dependabot Github 应用程序入侵代码仓库
https://www.synacktiv.com/publications/github-actions-exploitation-dependabot
人工智能和安全
AI与LLM渗透测试,保护AI 驱动应用程序的挑战和最佳实践
https://forgepointcap.com/perspectives/tales-from-the-forefront-demystifying-ai-and-llm-pen-testing
LLM Agentic系统安全CTF挑战
https://invariantlabs.ai/ctf-challenge-24
社工钓鱼
利用通用数据链接配置(UDL)文件泄露的NTLM及明文凭据
https://trustedsec.com/blog/oops-i-udld-it-again
网络钓鱼技战法汇总介绍
https://posts.specterops.io/teach-a-man-to-phish-43528846e382
其他
CISA发布事件日志记录和威胁检测的最佳实践
https://www.cyber.gov.au/sites/default/files/2024-08/best-practices-for-event-logging-and-threat-detection.pdf
基于崩溃报告的在野威胁捕获分析
https://objective-see.org/blog/blog_0x7B.html
https://speakerdeck.com/patrickwardle/the-hidden-treasure-of-crash-reports
cloudflare集成JA4指纹推进威胁阻断
https://blog.cloudflare.com/ja4-signals
使用“公开”的Tor中继节点捕获shell
https://www.fullspectrum.dev/catching-shells-without-infrastructure-using-open-tor-relays/
M01N Team公众号
聚焦高级攻防对抗热点技术
绿盟科技蓝军技术研究战队
官方攻防交流群
网络安全一手资讯
攻防技术答疑解惑
扫码加好友即可拉群
往期推荐