每周蓝军技术推送(2024.12.14-12.20)
2024-12-20 10:2:0 Author: mp.weixin.qq.com(查看原文) 阅读量:14 收藏

Web安全

CVE-2024-40725:Apache httpd HTTP请求走私漏洞检测工具

https://github.com/soltanali0/CVE-2024-40725

CVE-2024-51479:Next.js 认证绕过漏洞

https://github.com/vercel/next.js/security/advisories/GHSA-7gfc-8cq8-jh5f

.NET反序列化gadgetchain剖析

https://testbnull.medium.com/c%C3%B3-g%C3%AC-b%C3%AAn-trong-c%C3%A1c-net-deser-gadgetchain-3d89897c4878

内网渗透

Trust Validator:AD域信任关系权限提升漏洞挖掘与验证

https://github.com/nullenc0de/trust-validator/

ADcheck:AD域安全评估工具

https://github.com/CobblePot59/ADcheck

终端对抗

Svartalfheim:具备拉取执行能力的Stage 0 shellcode

https://github.com/NtDallas/Svartalfheim

CrystalDump:手工构造Minidump文件仅使用NTAPI转储lsass

https://ricardojoserf.github.io/nativedump/

https://github.com/ricardojoserf/NativeDump/tree/crystal-flavour

BYOVD技术在Windows驱动中的恶意利用与攻击分析

https://blog.talosintelligence.com/exploring-vulnerable-windows-drivers/

MutatorKit:CobaltStrike睡眠遮罩代码LLVM混淆套件

https://www.cobaltstrike.com/blog/introducing-the-mutator-kit-creating-object-file-monstrosities-with-sleep-mask-and-llvm

https://x.com/_CobaltStrike/status/1869387391955583147

新版WinDefender启动时文件访问行为分析

https://www.hexacorn.com/blog/2024/12/20/windows-server-2022-and-msmpeng-exe/

https://hexacorn.com/d/MsMpEng.exe.txt

CreateProcessAsUser与CreateProcessWithTokenW差异剖析

https://trainsec.net/library/understanding-the-differences-between-createprocessasuser-and-createprocesswithtokenw-in-windows/

基于/dev/shm的Linux内存执行利用分析

https://www.youtube.com/watch?v=HehwJh-XdzM

漏洞相关

深入Spotify,发现Windows打印机驱动程序中LPE和RCE漏洞

https://github.com/edwardzpeng/presentations/tree/main/Blackhat%20Europe%202024

SSSD权限分离机制中的特权辅助程序安全问题分析

https://seclists.org/oss-sec/2024/q4/163

CVE-2024-50264:Linux内核VSock条件竞争漏洞POC

https://github.com/google/security-research/blob/09335abb6b01ee706a5a5584278ef4c4c1d50bda/pocs/linux/kernelctf/CVE-2024-50264_lts_cos/docs/exploit.md

Linux内核安全性深入剖析

https://a13xp0p0v.github.io/img/Alexander_Popov-H2HC-2024.pdf

云安全

GHSL-2024-312:Azure API管理开发人员门户任意代码执行与信息泄露漏洞

https://securitylab.github.com/advisories/GHSL-2024-312_Azure_API_Management_Developer_Portal/

云安全中的功能滥用与不安全设计漏洞

https://www.vectra.ai/blog/remediation-to-mitigation-addressing-insecure-by-design-flaws

人工智能和安全

提示词注入对信息安全三要素的影响

https://arxiv.org/abs/2412.06090

其他

基于生成式AI的PCAP流量包分析工具

https://arxiv.org/pdf/2212.10496

2024年网络安全会议演讲清单

https://gynvael.coldwind.pl/n/eoy_talk_watchlist_2024

发布35条新Semgrep规则,聚焦基础设施、供应链及Ruby安全

https://blog.trailofbits.com/2024/12/09/35-more-semgrep-rules-infrastructure-supply-chain-and-ruby/

软件供应链攻防案例目录及类型定义整理

https://github.com/cncf/tag-security/tree/main/community/catalog/compromises

M01N Team公众号

聚焦高级攻防对抗热点技术

绿盟科技蓝军技术研究战队

官方攻防交流群

网络安全一手资讯

攻防技术答疑解惑

扫码加好友即可拉群

往期推荐

每周蓝军技术推送(2024.12.7-12.13)

每周蓝军技术推送(2024.11.30-12.6)

每周蓝军技术推送(2024.11.23-11.29)


文章来源: https://mp.weixin.qq.com/s?__biz=MzkyMTI0NjA3OA==&mid=2247493943&idx=1&sn=f270e4714111326a54b211b01ce37e94&chksm=c1842926f6f3a03018502c92f95b4f4969ac041fc0782154a3e7541a1f41b4805aba4f651f9d&scene=58&subscene=0#rd
如有侵权请联系:admin#unsafe.sh