实测国外主流厂商EDR、响应系统与APT攻击对抗情况,包括Carbon Black,Crowdstrike,ESET Project,F-Secure Element,Kaspaersky,McAfee, Sentinel One,Sophos,Symantec, TrendMicro, Windows Defender
https://www.mdpi.com/2624-800X/1/3/21/htm
Kaseya勒索软件攻击中的DLL侧载技术分析
http://feedproxy.google.com/~r/fortinet/blog/threat-research/~3/JnpihYl2zrs/dll-side-loading-technique-used-in-recent-kaseya-ransomware-attack
通过VBA和XLS Entanglement技术,将outlook转为C2,只需要运行Excel或者Word达到代码执行
https://www.bc-security.org/post/xls-entanglement/
https://github.com/BCSECURITY/Offensive-VBA-and-XLS-Entanglement
SharpImpersonation: 通过滥用token或shellcode注入实现用户权限Impersonate的后渗透工具
https://github.com/S3cur3Th1sSh1t/SharpImpersonation
CredBandit: 利用静态x64 syscall dump内存并回传的Cobaltstrike bof工具
https://github.com/anthemtotheego/CredBandit
https://blog.cobaltstrike.com/2021/07/13/credbandit-a-review-of-a-tool-developed-built-by-the-cobalt-strike-user-community/
SharpPhish: 隐匿利用outlook COM objects创建逼真钓鱼邮件,主要针对内网钓鱼
https://github.com/Yaxser/SharpPhish
BruteShark:用于分析网络流量的工具,支持从中提取密码、认证 Hash、DNS 记录等信息
https://github.com/odedshimon/BruteShark
CIMplant:C# 版本的 WMImplant 远控工具
https://github.com/FortyNorthSecurity/CIMplant
PickleC2: 基于python3的C2框架,注重后渗透和横向移动
https://xret2pwn.github.io/PickleC2/
单文件PowerShell端口扫描工具
https://github.com/LuemmelSec/Pentest-Tools-Collection/blob/main/tools/portscan.ps1
CVE-2021-31956:Windows内核NTFS漏洞分析
https://research.nccgroup.com/2021/07/15/cve-2021-31956-exploiting-the-windows-kernel-ntfs-with-wnf-part-1/
CVE-2020-15999:谷歌浏览器漏洞分析
https://blog.tetrane.com/2021/CVE-2020-15999-Chrome.html
CVE-2021-28474:Sharepoint RCE分析复现
https://www.zerodayinitiative.com/blog/2021/7/7/cve-2021-28474-sharepoint-remote-code-execution-via-server-side-control-interpretation-conflict
RedpwnCTF 2021:Chrome沙箱逃逸题解
https://robertchen.cc/blog/2021/07/12/empires-and-deserts
滥用CreateProcessWithLogon API写入限制类服务的本地权限提升(含POC)
https://bugs.chromium.org/p/project-zero/issues/detail?id=2194
M01N Team
聚焦高级攻防对抗热点技术
绿盟科技蓝军技术研究战队
原文始发于微信公众号(M01N Team):每周蓝军技术推送(2021.07.10-07.16)
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论