Web安全
使用dangling iframe绕过CSP
https://portswigger.net/research/bypassing-csp-with-dangling-iframes
内网渗透
AD域ACE滥用脑图
Active Directory ACEs abuse Mindmap
Credit: @_nwodtuhs#infosec #cybersecurity #pentesting #oscp #informationsecurity #hacking #cissp #DataSecurity #CyberSec #Hackers #tools #bugbountytips #Linux #websecurity #Network #NetworkSecurity #cybersecurityawareness pic.twitter.com/sqRaqGXHRm— Shubham Sharma (@Shubham_pen) June 14, 2022
ACED:用于解析单个 Active Directory 主体DACL 的工具
https://github.com/garrettfoster13/aced
小心BloodHound的Contains关系
https://simondotsh.com/infosec/2022/06/14/bloodhound-contains-edge.html
终端对抗
Laz-y-templates:基于.NET开发的Laz-y shellcode注入模板
https://github.com/Nariod/Laz-y-templates
ProcEnvInjection - 通过滥用进程环境字符串进行代码注入
https://www.x86matthew.com/view_post?id=proc_env_injection
RelocAlloc:利用.reloc空隙替换典型内存分配调用的隐匿执行技术
https://gitlab.com/ORCA666/relocalloc
LOLBAS:代理执行新方法OpenConsole
Here is another signed #lolbin to proxy your execution through available with fresh VStudio installation. (C:Program Files (x86)Microsoft Visual Studio20XXCommunityCommon7IDECommonExtensionsMicrosoftTerminalServiceHubosXX) #lolbas
OpenConsole.exe <Payload> pic.twitter.com/Bgc6jEpYaz
— Nasreddine Bencherchali (@nas_bench) June 16, 2022
劫持KernelCallbackTable代码执行武器化项目
https://gitlab.com/ORCA000/kcthijacklib
利用回调函数运行Shellcode
https://marcoramilli.com/2022/06/15/running-shellcode-through-windows-callbacks/
2022年的Covenant,包装或修改grunts以绕过一些EDR解决方案
https://cr.culbertreport.com/2022/06/covenant-in-2022.html
VX-API Malware 快速开发框架
https://github.com/vxunderground/VX-API
漏洞相关
CVE-2022-25845:分析 Fastjson “Auto Type Bypass” RCE 漏洞
https://jfrog.com/blog/cve-2022-25845-analyzing-the-fastjson-auto-type-bypass-rce-vulnerability/
DriftingCloud:Sophos 防火墙0day漏洞利用和隐蔽突破
https://www.volexity.com/blog/2022/06/15/driftingcloud-zero-day-sophos-firewall-exploitation-and-an-insidious-breach/
CVE-2022-27779、CVE-2022-27780 、CVE-2022-30115:curl 7.83.0 漏洞
https://haxatron.gitbook.io/vulnerability-research/vr2
Dogwalk PoC,在 Windows 上使用 diagcab 文件获取 RCE
https://github.com/ariary/Dogwalk-rce-poc
CVE-2022-24533:RDP 命名管道漏洞分析
https://www.cyberark.com/resources/threat-research-blog/that-pipe-is-still-leaking-revisiting-the-rdp-named-pipe-vulnerability
CVE-2022-26937:Windows 网络文件系统(NFS)RCE漏洞POC
https://github.com/omair2084/CVE-2022-26937
CVE-2022-23222:Linux 内核 eBPF 本地权限提升漏洞EXP
https://github.com/tr3ee/CVE-2022-23222
CVE-2022-23088:利用FreeBSD Wi-Fi协议栈的堆溢出漏洞
https://www.zerodayinitiative.com/blog/2022/6/15/cve-2022-23088-exploiting-a-heap-overflow-in-the-freebsd-wi-fi-stack
Pwn2Own Austin 2021 Canon ImageCLASS MF644Cdw 漏洞writeup
https://doar-e.github.io/blog/2022/06/11/pwn2own-2021-canon-imageclass-mf644cdw-writeup/
CVE-2022-30075:Tp-Link 路由器中身份验证的远程代码执行
https://github.com/aaronsvk/CVE-2022-30075
Hertzbleed:Intel/AMD 频率侧信道攻击,可以从远程服务器泄漏加密密钥
https://www.hertzbleed.com/
macOS Ventura中的AMFI启动约束
https://theevilbit.github.io/posts/amfi_launch_constraints/
云安全
MFA下基于AssumeRole的IAM用户权限提升
https://www.praetorian.com/blog/stsgetsessiontoken-role-chaining-in-aws/
托管身份攻击路径,第 1 部分:自动化帐户
https://posts.specterops.io/managed-identity-attack-paths-part-1-automation-accounts-82667d17187a
托管身份攻击路径,第 2 部分:逻辑应用
https://posts.specterops.io/managed-identity-attack-paths-part-2-logic-apps-52b29354fc54
托管身份攻击路径,第 3 部分:函数应用程序
https://posts.specterops.io/managed-identity-attack-paths-part-3-function-apps-300065251cbe
GCP 环境中的枚举和横向移动
https://infosecwriteups.com/enumeration-and-lateral-movement-in-gcp-environments-c3b82d342794
其他
Deepfake 攻击工具包
https://github.com/sensity-ai/dot
SOPHOS关于2021年应急响应报告
https://news.sophos.com/en-us/2022/06/07/active-adversary-playbook-2022/
TLS执行的协议状态模糊测试
https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-de-ruiter.pdf
针对非 Bitlocker 目标的 TPM 嗅探攻击
https://www.secura.com/blog/tpm-sniffing-attacks-against-non-bitlocker-targets
利用Memory Baseliner赋能内存取证
https://www.sans.org/blog/power-up-memory-forensics-with-memory-baseliner/
利用SBOM发现项目漏洞实践-Kubernetes项目
http://security.googleblog.com/2022/06/sbom-in-action-finding-vulnerabilities.html
M01N Team公众号
聚焦高级攻防对抗热点技术
绿盟科技蓝军技术研究战队
官方攻防交流群
网络安全一手资讯
攻防技术答疑解惑
往期推荐
原文始发于微信公众号(M01N Team):每周蓝军技术推送(2022.6.11-6.17)
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论