每周蓝军技术推送（2022.6.11-6.17）

https://portswigger.net/research/bypassing-csp-with-dangling-iframes

Active Directory ACEs abuse Mindmap
Credit: @_nwodtuhs#infosec #cybersecurity #pentesting #oscp #informationsecurity #hacking #cissp #DataSecurity #CyberSec #Hackers #tools #bugbountytips #Linux #websecurity #Network #NetworkSecurity #cybersecurityawareness pic.twitter.com/sqRaqGXHRm

— Shubham Sharma (@Shubham_pen) June 14, 2022

https://github.com/garrettfoster13/aced

https://simondotsh.com/infosec/2022/06/14/bloodhound-contains-edge.html

https://github.com/Nariod/Laz-y-templates

https://www.x86matthew.com/view_post?id=proc_env_injection

https://gitlab.com/ORCA666/relocalloc

Here is another signed #lolbin to proxy your execution through available with fresh VStudio installation. (C:Program Files (x86)Microsoft Visual Studio20XXCommunityCommon7IDECommonExtensionsMicrosoftTerminalServiceHubosXX) #lolbas

OpenConsole.exe <Payload> pic.twitter.com/Bgc6jEpYaz

— Nasreddine Bencherchali (@nas_bench) June 16, 2022

https://gitlab.com/ORCA000/kcthijacklib

https://marcoramilli.com/2022/06/15/running-shellcode-through-windows-callbacks/

https://cr.culbertreport.com/2022/06/covenant-in-2022.html

https://github.com/vxunderground/VX-API

https://jfrog.com/blog/cve-2022-25845-analyzing-the-fastjson-auto-type-bypass-rce-vulnerability/

https://www.volexity.com/blog/2022/06/15/driftingcloud-zero-day-sophos-firewall-exploitation-and-an-insidious-breach/

https://haxatron.gitbook.io/vulnerability-research/vr2

https://github.com/ariary/Dogwalk-rce-poc

https://www.cyberark.com/resources/threat-research-blog/that-pipe-is-still-leaking-revisiting-the-rdp-named-pipe-vulnerability

https://github.com/omair2084/CVE-2022-26937

https://github.com/tr3ee/CVE-2022-23222

https://www.zerodayinitiative.com/blog/2022/6/15/cve-2022-23088-exploiting-a-heap-overflow-in-the-freebsd-wi-fi-stack

https://doar-e.github.io/blog/2022/06/11/pwn2own-2021-canon-imageclass-mf644cdw-writeup/

https://github.com/aaronsvk/CVE-2022-30075

 https://www.hertzbleed.com/

https://theevilbit.github.io/posts/amfi_launch_constraints/

https://www.praetorian.com/blog/stsgetsessiontoken-role-chaining-in-aws/

https://posts.specterops.io/managed-identity-attack-paths-part-1-automation-accounts-82667d17187a

https://posts.specterops.io/managed-identity-attack-paths-part-2-logic-apps-52b29354fc54

https://posts.specterops.io/managed-identity-attack-paths-part-3-function-apps-300065251cbe

https://infosecwriteups.com/enumeration-and-lateral-movement-in-gcp-environments-c3b82d342794

https://github.com/sensity-ai/dot

https://news.sophos.com/en-us/2022/06/07/active-adversary-playbook-2022/

https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-de-ruiter.pdf

https://www.secura.com/blog/tpm-sniffing-attacks-against-non-bitlocker-targets

https://www.sans.org/blog/power-up-memory-forensics-with-memory-baseliner/

http://security.googleblog.com/2022/06/sbom-in-action-finding-vulnerabilities.html