每周蓝军技术推送(2024.6.29-7.5)

科技   科技   2024-07-05 18:02   北京  


 内网渗透


RemoteKrbRelay:远程Kerberos中继框架

https://github.com/CICADA8-Research/RemoteKrbRelay


终端对抗


De-Optimizer:汇编代码反优化膨胀器

https://github.com/EgeBalci/deoptimizer

SharpIncrease:样本体积膨胀器

https://github.com/mertdas/SharpIncrease

Mythic C2特殊类型agent介绍,支持Nemesis等多个平台集成

https://www.youtube.com/watch?v=_dqiYDkaG7M

ApexLdr:纯C代码开发的DLL载荷加载器

https://github.com/Cipher7/ApexLdr

MemoryBouncing 和 MemoryHopping 睡眠混淆技术及武器化加载器

https://www.naksyn.com/cobalt%20strike/2024/07/02/raising-beacons-without-UDRLs-teaching-how-to-sleep.html

https://github.com/naksyn/DojoLoader

x86下借助回调函数以干净的栈执行内存权限修改

https://pastebin.com/XMfKJ9ZG

EDRPrison:借用合法WFP驱动程序来静音 EDR 代理

https://www.3nailsinfosec.com/post/edrprison-borrow-a-legitimate-driver-to-mute-edr-agent

https://github.com/senzee1984/EDRPrison

规避ETW事件监控检测

https://s4dbrd.com/evading-etw-based-detections/

Windows Rootkit与Bootkit技术列表与威胁

https://artemonsecurity.blogspot.com/2024/07/windows-rootkits-and-bootkits-guide-v2.html

Windows 11 VBS enclave虚拟化保护技术

https://techcommunity.microsoft.com/t5/windows-os-platform-blog/securely-design-your-applications-and-protect-your-sensitive/ba-p/4179543


漏洞相关


CVE-2024-6387:OpenSSH 远程代码执行漏洞分析、扫描及POC

https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt

https://github.com/xaitax/CVE-2024-6387_Check

https://github.com/lflare/cve-2024-6387-poc

CVE-2024-5806:绕过Progress MOVEit身份认证

https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/

使用angr挖掘Windows漏洞的一些辅助技巧

https://plowsec.github.io/angr-introspection-2024.html

Linux内核漏洞挖掘

https://typhooncon.com/wp-content/uploads/2024/06/so_you_wanna_find_bugs_in_the_kernel.pdf

pdf相关漏洞利用收集

https://github.com/coffinxp/pdFExploits

二进制漏洞利用知识库

https://ir0nstone.gitbook.io/notes


云安全


Github Actions错误配置攻击面分析

https://www.synacktiv.com/publications/github-actions-exploitation-untrusted-input

https://www.synacktiv.com/en/publications/github-actions-exploitation-introduction


人工智能和安全


CVE-2024-5565:Vanna AI 中的Prompt注入缺陷使数据库面临 RCE 攻击风险

https://jfrog.com/blog/prompt-injection-attack-code-execution-in-vanna-ai-cve-2024-5565/

LLM安全的威胁建模、风险分析和人工智能治理

https://www.zendata.dev/post/threat-modelling-risk-analysis-and-ai-governance-for-llm-security

利用 NVIDIA GPU 和无边缘系统提高大型语言模型的安全性

https://developer.nvidia.com/blog/advancing-security-for-large-language-models-with-nvidia-gpus-and-edgeless-systems/

大型语言模型如何彻底改变电子邮件安全

https://dzone.com/articles/outsmarting-cyber-threats-with-llms

GenAI 安全框架:Prompt注入

https://live.paloaltonetworks.com/t5/community-blogs/genai-security-framework-blog-series-2-6-prompt-injection-101/ba-p/590862


社工钓鱼


绕过邮件网关的恶意链接替换保护

https://posts.specterops.io/like-shooting-phish-in-a-barrel-926c1905bb4b

EVILGINX Pro反溯源特性增强前瞻

https://github.com/kgretzky/talks/blob/main/2024/x33fcon/a-smooth-sea-never-made-a-skilled-phisherman.pdf


其他


借助Cloudflare云服务与重定向器快速搭建C2基础设施

https://labs.jumpsec.com/putting-the-c2-in-c2loudflare/

微软推出Entra PowerShell模块

https://techcommunity.microsoft.com/t5/microsoft-entra-blog/introducing-the-microsoft-entra-powershell-module/ba-p/4173546

https://github.com/microsoftgraph/entra-powershell

SOC/DFIR安全检查列表

https://github.com/mthcht/awesome-lists

基于Rust的type-1研究用途虚拟机管理程序,支持Intel VT-x挂钩

https://github.com/memN0ps/illusion-rs


M01N Team公众号

聚焦高级攻防对抗热点技术

绿盟科技蓝军技术研究战队

官方攻防交流群

网络安全一手资讯

攻防技术答疑解惑

扫码加好友即可拉群


往期推荐

每周蓝军技术推送(2024.6.22-6.28)

每周蓝军技术推送(2024.6.15-6.21)

每周蓝军技术推送(2024.6.8-6.14)

M01N Team
研战一体,以攻促防,共筑网络安全未来!
 最新文章