Shadow Credentials: 滥用Key Credentials与账户对应关系获取TGT, 达到账号接管
https://shenaniganslabs.io/2021/06/21/Shadow-Credentials.html
https://github.com/eladshamir/Whisker
Windows Event Viewer 服务受 NTLM Relay 攻击影响(CVE-2021-31958)
https://www.armis.com/blog/security-advisory-windows-event-viewer-service-vulnerable-to-ntlm-relay-attacks/
利用Windows Filtering Platform API检测防火墙events和udp包触发后门连接c2
https://adepts.of0x.cc/connectionless-shells/
AD CS证书服务器 Relay 攻击实战
https://posts.specterops.io/certified-pre-owned-d95910965cd2
https://www.exandroid.dev/2021/06/23/ad-cs-relay-attack-practical-guide/
https://github.com/SecureAuthCorp/impacket/pull/1101
Azure云滥用Desired State Configuration实现代码执行和持久化
https://www.netspi.com/blog/technical/cloud-penetration-testing/azure-persistence-with-desired-state-configurations/
LOKI: Hardening Code Obfuscation Against Automated Attacks提高代码混淆
https://arxiv.org/pdf/2106.08913.pdf
后渗透测试框架 Cobalt Strike 快速自动化部署的 Tips/Tricks
https://blog.cobaltstrike.com/2021/06/23/manage-cobalt-strike-with-services/
通过检测并杀掉 svchost 进程内指定线程的方式实现 Windows Event Log Killer
https://github.com/hlldz/Phant0m
Post-Exploit 框架 Mythic 发布新版本,增强与 Agent 之间的协作能力
https://posts.specterops.io/learning-from-our-myths-45a19ad4d077
d0zer:elf文件污染工具,在elf text segment中植入payload
https://github.com/sad0p/d0zer
WFP(Windows Filter Platform)令牌访问检查EoP
https://bugs.chromium.org/p/project-zero/issues/detail?id=2175
CVE-2021-3560 linux polkit 提权漏洞
https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/
利用 Linux 内核 io_uring 的引用计数漏洞实现本地提权(CVE-2021–20226)
https://flattsecurity.medium.com/cve-2021-20226-a-reference-counting-bug-which-leads-to-local-privilege-escalation-in-io-uring-e946bd69177a
Cisco HyperFlex HX 分布式文件系统 RCE 漏洞分析(CVE-2021-1497)
https://www.thezdi.com/blog/2021/6/23/cve-2021-1497-cisco-hyperflex-hx-auth-handling-remote-command-execution
M01N Team
聚焦高级攻防对抗热点技术
绿盟科技蓝军技术研究战队
原文始发于微信公众号(M01N Team):每周蓝军技术推送(2021.06.19-06.25)
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论