每周蓝军技术推送(2024.3.23-3.29)

科技   科技   2024-03-29 16:40   北京  


 内网渗透


SeeSeeYouExec:通过 CcmExec 劫持 Windows 会话

https://cloud.google.com/blog/topics/threat-intelligence/windows-session-hijacking-via-ccmexec

Witchhammer:利用SoftEther VPN隧道进行Windows后渗透攻击

https://blog.exploit.org/witchhammer/

滥用DHCP管理员组身份进行域内提权

https://www.akamai.com/blog/security-research/abusing-dhcp-administrators-group-for-privilege-escalation-in-windows-domains

GOAD靶场项目添加SCCM/MECM实验环境

https://mayfly277.github.io/posts/SCCM-LAB-part0x0/


终端对抗


DynamicMSBuilder:支持C#项目随机属性/字符串替换的MSBuild任务

https://github.com/ZephrFish/DynamicMSBuilder

nimvoke:基于Nim语言实现间接系统调用与D/Invoke执行

https://github.com/nbaertsch/nimvoke

IoDllProxyLoad:武器化Windows线程池实现DLL代理加载POC

https://github.com/fin3ss3g0d/IoDllProxyLoad

https://fin3ss3g0d.net/index.php/2024/03/18/weaponizing-windows-thread-pool-apis-proxying-dll-loads/

perfect-dll-proxy:支持绝对路径的DLL代理劫持工具

https://github.com/mrexodia/perfect-dll-proxy

绕过基于CFG与ETW的内存扫描的新型规避技术

https://sillywa.re/posts/flower-da-flowin-shc

unKover:内存加载Windows内核驱动POC工具

https://github.com/eversinc33/unKover

https://eversinc33.com/posts/anti-anti-rootkit-part-i/

基于的Rust的Windows驱动开发:隐藏用户态可见进程

https://www.youtube.com/watch?v=YUU-HONCeY4

触发修复功能以普通用户权限禁用Cortex EDR

https://badoption.eu/blog/2024/03/23/cortex.html

在恶意文档中滥用WinSAT COM接口旁路实现反沙箱

https://twitter.com/Laughing_Mantis/status/1772425581507809421

bincapz:静态分析二进制操作能力与恶意行为检出

https://github.com/chainguard-dev/bincapz

Elastic基于10W+样本分析恶意软件行为趋势

https://www.elastic.co/security-labs/unveiling-malware-behavior-trends


漏洞相关


OpenVPN发布安全更新,包含多个提权、RCE漏洞修复

https://securityonline.info/openvpn-patches-serious-vulnerabilities-in-windows-installations/

CVE-2024-29937:BSD衍生系统NFS网络文件系统远程RCE漏洞

https://securityonline.info/cve-2024-29937-critical-nfs-vulnerability-exposes-bsd-systems-to-remote-code-execution/

GoFetch:影响众多Apple CPU加密实现的侧信道攻击方式

https://gofetch.fail/

内存安全语言和设计安全性:关键见解、经验教训

https://www.reversinglabs.com/blog/memory-safe-languages-and-secure-by-design-key-insights-and-lessons-learned


云安全


针对基于云的身份提供商的攻击手段研究

https://github.com/xpn/Presentations/blob/main/SOCON2024/IDP%20for%20RedTeamers.pdf

https://blog.xpnsec.com/identity-providers-redteamers/

CI/CD环境下的Pipeline污染执行(PPE)攻击

https://bishopfox.com/blog/poisoned-pipeline-attack-execution-a-look-at-ci-cd-environments

基于配置错误的第三方云电子邮件过滤服务绕过

https://sumanthvrao.github.io/papers/rao-www-2024.pdf


人工智能和安全


ChatGPT 模型重复令牌攻击的演变

https://dropbox.tech/machine-learning/bye-bye-bye-evolution-of-repeated-token-attacks-on-chatgpt-models

对人工智能助手的远程键盘记录攻击

https://blog.cloudflare.com/ai-side-channel-attack-mitigated

EasyJailbreak:越狱大型语言模型的统一框架

https://arxiv.org/abs/2403.12171

http://easyjailbreak.org/

SecGPT:一种通过隔离保护 LLM 应用程序的架构

https://arxiv.org/abs/2403.04960

绘制LLM安全格局:综合利益相关者风险评估提案

https://arxiv.org/abs/2403.13309

利用生成式AI进行渗透测试的研究

https://link.springer.com/article/10.1007/s10207-024-00835-x

LLMs通过越狱和adhoc方法协助应对CTF挑战和Cisco、CCIE等专业认证测试

https://arxiv.org/abs/2308.10443

HiddenLayer发布2024 AI威胁态势报告

https://hiddenlayer.com/threatreport2024/


其他


攻击者通过虚假的pypi软件包实施供应链攻击,受害者170k+

https://checkmarx.com/blog/over-170k-users-affected-by-attack-using-fake-python-infrastructure/

OpenTIDE:开放威胁知情检测工程

https://code.europa.eu/ec-digit-s2/opentide

STAR-FS:新的金融行业监管治理框架,包含威胁情报、渗透测试与SOC评估

https://www.mdsec.co.uk/2024/03/introducing-star-fs/

https://www.bankofengland.co.uk/financial-stability/operational-resilience-of-the-financial-sector


M01N Team公众号

聚焦高级攻防对抗热点技术

绿盟科技蓝军技术研究战队

官方攻防交流群

网络安全一手资讯

攻防技术答疑解惑

扫码加好友即可拉群


往期推荐

每周蓝军技术推送(2024.3.16-3.22)

每周蓝军技术推送(2024.3.9-3.15)

每周蓝军技术推送(2024.3.2-3.8)

M01N Team
研战一体,以攻促防,共筑网络安全未来!
 最新文章