漏洞相关
1、Get FortiRekt, I Am The Super_Admin Now - Fortinet FortiOS Authentication Bypass CVE-2024-55591
https://labs.watchtowr.com/get-fortirekt-i-am-the-super_admin-now-fortios-authentication-bypass-cve-2024-55591/
2、CVE-2024-26230: Windows Telephony Service - It's Got Some Call-ing Issues (Elevation of Privilege)
https://starlabs.sg/blog/2025/cve-2024-26230-windows-telephony-service-its-got-some-call-ing-issues/
3、CVE-2024-49138 Windows CLFS heap-based buffer overflow analysis
https://security.humanativaspa.it/cve-2024-49138-windows-clfs-heap-based-buffer-overflow-analysis-part-1/https://security.humanativaspa.it/cve-2024-49138-windows-clfs-heap-based-buffer-overflow-analysis-part-2/
红队技术
1、LOLBIN / LOLBAS – WinGet execute PowerShell script
https://www.zerosalarium.com/2024/12/LOLBIN%20WinGet%20execute%20PowerShell%20script.html?m=1
2、利用合法服务逃避检测的C2框架集合
https://mp.weixin.qq.com/s/pP2m9vTsO_ESbI2_6jmblw
3、Process Hollowing on Windows 11 24H2
https://hshrzd.wordpress.com/2025/01/27/process-hollowing-on-windows-11-24h2/
4、Abusing multicast poisoning for pre-authenticated Kerberos relay over HTTP with Responder and krbrelayx
https://www.synacktiv.com/en/publications/abusing-multicast-poisoning-for-pre-authenticated-kerberos-relay-over-http-with
5、Make Bloodhound Cool Again: Migrating Custom Queries from Legacy BloodHound to BloodHound CE
https://medium.com/seercurity-spotlight/make-bloodhound-cool-again-migrating-custom-queries-from-legacy-bloodhound-to-bloodhound-ce-83cffcfe5b64
6、IronEye - Welcome to your Rusty LDAP Swiss Army Knife
https://redheadsec.tech/ironeye-welcome-to-your-rusty-ldap-swiss-army-knife-2/
7、Bypassing character blocklists with unicode overflows
https://portswigger.net/research/bypassing-character-blocklists-with-unicode-overflows
8、Credential Dumping: AD User Comment
https://www.hackingarticles.in/credential-dumping-ad-user-comment/
9、BYOVD to the next level. Blind EDR with Windows Symbolic Link
https://www.zerosalarium.com/2025/01/byovd%20next%20level%20blind%20EDR%20windows%20symbolic%20link.html?m=1#main
蓝队技术
1、JonMon v2.0
https://github.com/jsecurity101/JonMon
工具类
1、Detect.Remote.ShadowSnapshot.Dump
https://github.com/I3IT/Detect.Remote.ShadowSnapshot.Dump
2、gitC2
https://github.com/offalltn/gitC2
POC of GITHUB simple C2 in rust
3、SpeedLoader
https://github.com/NoahKirchner/speedloader
Rust template/library for implementing your own COFF loader
4、Slinger
https://github.com/ghost-ng/slinger
An impacket-lite cli tool that combines many useful impacket functions using a single session.
5、rpeloader
https://github.com/Teach2Breach/rpeloader
use python on windows with full submodule support without installation
6、Stuxnet
https://github.com/pulpocaminante/Stuxnet
WMI virus, because funny
7、NtCreateUserProcessBOF
https://github.com/dmcxblue/NtCreateUserProcessBOF
An Aggressor Script that utilizes NtCreateUserProcess to run binaries
其他类
1、Changes to SMB Signing Enforcement Defaults in Windows 24H2
https://www.dsinternals.com/en/smb-signing-windows-server-2025-client-11-24h2-defaults/
原文始发于微信公众号(红蓝对抗技战术):攻防技战术动态一周更新 - 20250127
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论