Web安全
DeepPass:使用深度学习进行密码狩猎的工具
https://github.com/GhostPack/DeepPass
通过 X/CSRF 禁用未经授权的 2FA
https://sadc0d3r.medium.com/2fa-bypass-due-to-unauthorized-2fa-disabling-via-x-csrf-2ddc167f2d2a
SpringBoot Actuator之 logging.config grovvy rce分析及内存马注入
https://tttang.com/archive/1620/
从Chromium内存中提取明文凭据
https://www.cyberark.com/resources/threat-research-blog/extracting-clear-text-credentials-directly-from-chromium-s-memory
通过域名接管劫持npm软件包
https://jfrog.com/blog/npm-package-hijacking-through-domain-takeover-how-bad-is-this-new-attack/
内网渗透
AD域渗透技术脑图
https://www.xmind.net/m/5dypm8/
使用LSASS在未知加密算法的IV 参数值时解密用户凭据
https://skelsec.medium.com/lsass-needs-an-iv-57b7333d50d8
终端对抗
COM-Hunter:C# 编写的 COM 劫持持久化工具
https://github.com/nickvourd/COM-Hunter
BokuLoader:Cobalt Strike 用户定义反射DLL加载器插件,可实现高级规避
https://github.com/boku7/BokuLoader
Nim_DInvoke:Nim语言实现的D/Invoke
https://github.com/S3cur3Th1sSh1t/Nim_DInvoke
Nidhogg:多合一且易于使用的 rootkit,可用于Win10和Win11
https://github.com/Idov31/Nidhogg
AntimalwareBlight:在antimalware-light保护级别执行 PowerShell 代码武器化项目及议题slide
https://github.com/mattifestation/AntimalwareBlight
LOLBAS:adplus.exe使用-c与-sc参数可执行任意命令
Another fun fact about adplus is that you can use it via a config file by using the "-c" flag to execute commands or dump memory (Just replace notepad with lsass in this example) #lolbin #lolbas
adplus.exe -c [ConfigFile] https://t.co/sxabidS99t pic.twitter.com/yXYpXbYANj
— Nasreddine Bencherchali (@nas_bench) June 9, 2022
We know from LOLBAS that adplus can be used to dump lsass (https://t.co/mDNIAuwSzA). But you can also use it to run arbitrary commands and binaries with the "-sc" flag. #lolbin #lolbas
adplus.exe -crash -o [OutputDir] -sc [Command] pic.twitter.com/qpt09Dpg4K
— Nasreddine Bencherchali (@nas_bench) June 9, 2022
Python后门打包研究
https://www.valhallaresearch.net/post/embedding-python-malware
基于虚拟化技术的下一代代码混淆
https://synthesis.to/presentations/recon22_next_gen.pdf
漏洞相关
CVE-2022-26134:Confluence OGNL RCE漏洞
https://attackerkb.com/topics/BH1D56ZEhs/cve-2022-26134/rapid7-analysis?referrer=notificationEmail
https://github.com/vulhub/vulhub/tree/master/confluence/CVE-2022-26134
Confluence OGNL 漏洞绕过沙箱实现命令回显
Bypass OGNL sandbox in Confluence and get a printable response. pic.twitter.com/T9ureGKfpN
— Phith0n (@phithon_xg) June 5, 2022
https://mp.weixin.qq.com/s/nCMtSD7QH8ai6fpurJBXTg
CVE-2022-23222:Linux eBPF 提权漏洞
https://github.com/tr3ee/CVE-2022-23222
CVE-2022-26937:Windows 网络文件系统 NLM 漏洞分析
https://www.zerodayinitiative.com/blog/2022/6/7/cve-2022-26937-microsoft-windows-network-file-system-nlm-portmap-stack-buffer-overflow
Windows Bitdefender IPC 本地提权漏洞分析
https://www.zerodayinitiative.com/blog/2022/6/1/is-exploiting-a-null-pointer-deref-for-lpe-just-a-pipe-dream
使用Virtual Channel Fuzz Windows RDP客户端
https://www.sstic.org/2022/presentation/fuzzing_microsofts_rdp_client_using_virtual_channels/
云安全
使用 AWS Rekognition 对抗 Google 的 reCaptcha验证
https://bitbucket.org/Pirates-of-Silicon-Hills/voightkampff/src/master/
其他
卡巴斯基2021年路由器安全报告
https://securelist.com/router-security-2021/106711/
Kernel Recipes 2022会议视频
M01N Team公众号
聚焦高级攻防对抗热点技术
绿盟科技蓝军技术研究战队
官方攻防交流群
网络安全一手资讯
攻防技术答疑解惑
原文始发于微信公众号(M01N Team):每周蓝军技术推送(2022.6.4-6.10)
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论