Web安全
各类设备默认密码备忘录
https://reconshell.com/default-credentials-cheat-sheet/
内网渗透
pyCobaltHound:深度集成Bloodhound的CS插件
https://blog.nviso.eu/2022/05/09/introducing-pycobalthound/
潜入预先创建的AD计算机帐户
https://www.trustedsec.com/blog/diving-into-pre-created-computer-accounts/
终端对抗
Windows事件查看器.NET 反序列化利用
https://mp.weixin.qq.com/s/-x41kSIVctaLU216lIxObQ
攻击技术研判 | 持久化新方式:计划任务启动PowerShell.exe实现持久化
https://mp.weixin.qq.com/s/Tt6REDrPH-WWgMB-mIOnTA
DDexec:利用dd命令实现Linux无文件隐蔽执行二进制和进程迁移
https://github.com/arget13/DDexec
rusty-memory-loadlibrary:Rust版远程DLL内存加载工具
https://github.com/malware-unicorn/rusty-memory-loadlibrary
HintInject:将Shellcode注入PE Hint/Name表的PoC工具
https://github.com/frkngksl/HintInject
SharpWnfSuite:C#版Windows Notification Facility利用工具
https://github.com/daem0nc0re/SharpWnfSuite
Protected Process Light (PPL)攻击
https://mp.weixin.qq.com/s/Vp0UmGuGl_O2L4blUiHhSw
漏洞相关
CVE-2022-1388:F5 Big-IP iControl重置漏洞
https://github.com/MrCl0wnLab/Nuclei-Template-CVE-2022-1388-BIG-IP-iControl-REST-Exposed
https://github.com/jheeree/CVE-2022-1388-checker/blob/main/CVE-2022-1388.sh
https://twitter.com/ptswarm/status/1524758537129373697/photo/1
CVE-2022-27588:QVR VS系列 NVR RCE漏洞
https://www.qnap.com.cn/en/security-advisory/qsa-22-07
CVE-2022-21972/CVE-2022-23270: Windows Server版本 VPN 远程内核UAF漏洞
https://labs.nettitude.com/blog/cve-2022-21972-windows-server-vpn-remote-kernel-use-after-free-vulnerability/
https://labs.nettitude.com/blog/cve-2022-23270-windows-server-vpn-remote-kernel-use-after-free-vulnerability/
CVE-2022-22019:Windows RPC Runtime 整数溢出漏洞
https://www.akamai.com/blog/security/rpc-runtime-patch-tuesday-take-two
CVE-2022–26923:AD域证书验证不严格导致权限提升
https://research.ifcr.dk/certifried-active-directory-domain-privilege-escalation-cve-2022-26923-9e098fe298f4
CVE-2022-26925:Windows LSA 欺骗漏洞,新的PetitPotam
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26925
CVE-2022-29108:Microsoft Sharepoint Post-Auth 反序列化 RCE 漏洞分析
https://starlabs.sg/blog/2022/05/new-wine-in-old-bottle-microsoft-sharepoint-post-auth-deserialization-rce-cve-2022-29108/
CVE-2022-26133:Atlassian Bitbucket Data Center 反序列化漏洞批量验证工具
https://github.com/Pear1y/CVE-2022-26133
CVE-2022-29867:索尼 PlayStation 远程内核堆溢出漏洞
https://hackerone.com/reports/1350653
其他
从ATT&CK V11版发布看ATT&CK的更新历程
https://mp.weixin.qq.com/s/vm13xmTzLYrqLrMRlndAZA
NIST 零信任架构规划白皮书
https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.20.pdf
Avast 2022年第一季度威胁报告
https://decoded.avast.io/threatr0esearch/avast-q1-2022-threat-report/
Project Zero 发布针对AMD Security Processor的安全研究报告
https://googleprojectzero.blogspot.com/2022/05/release-of-technical-report-into-amd.html
MemProcFS:版本更新,实现Bitlocker密钥恢复
https://github.com/ufrisk/MemProcFS/releases/tag/v4.8
M01N Team
聚焦高级攻防对抗热点技术
绿盟科技蓝军技术研究战队
往期推荐
原文始发于微信公众号(M01N Team):每周蓝军技术推送(2022.5.7-5.13)
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论