每周蓝军技术推送(2024.8.10-8.16)

科技   2024-08-16 18:00   北京  



WEB安全


CVE-2024-23897:从Jenkins上的有限文件读取到完全访问权限

https://xphantom.nl/posts/crypto-attack-jenkins/


内网渗透


SCCMSecrets:利用SCCM进行凭据获取、初始访问与横向移动

https://github.com/synacktiv/SCCMSecrets

https://www.synacktiv.com/publications/sccmsecretspy-exploiting-sccm-policies-distribution-for-credentials-harvesting-initial

udp-over-tcp:通过TCP协议代理UDP流量

https://github.com/jonhoo/udp-over-tcp


终端对抗


obj2shellcode:基于链接器的shellcode生成框架

https://github.com/jseclab/obj2shellcode

滥用MSC文件进行初始访问

https://www.outflank.nl/blog/2024/08/13/will-the-real-grimresource-please-stand-up-abusing-the-msc-file-format

借助微软Office侦测云沙箱信息,以及利用asd格式规避沙箱

https://bartblaze.blogspot.com/2024/08/microsoft-word-and-sandboxes.html

DeadPotato:借助DCOM处理OXID时的RPCSS缺陷获取SYSTEM权限

https://github.com/lypd0/DeadPotato

不同Windows进程权限的滥用方式汇总

https://redteamrecipe.com/windows-privileges-for-fun-and-profit

BYOVDLL:携带易受攻击的DLL文件突破PPL保护

https://blog.scrt.ch/2024/08/09/ghost-in-the-ppl-part-1-byovdll

滥用IObitUnlocker漏洞驱动以低权限操作任意文件

https://github.com/Aterror2be/CVE-2020-14974

滥用例外规则规避AV/EDR

https://medium.com/seercurity-spotlight/abusing-av-edr-exclusions-to-evade-detections-21fe31d7ed49


漏洞


CVE-2024-38063:Windows TCP/IP堆栈零点击RCE漏洞

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063

CVE-2024-38106:Windows内核本地权限提升漏洞

https://twitter.com/NikitaTarakanov/status/1823481987014791309

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38106

CVE-2024-36036、CVE-2024-26037:挖掘Windows RPC服务RCE漏洞

https://www.shelltrail.com/research/manageengine-adaudit-reverse-engineering-windows-rpc-to-find-cve-2024-36036-and-cve-2024-36037-part1/

https://www.shelltrail.com/research/manageengine-adaudit-reverse-engineering-windows-rpc-to-find-cve-2024-36036-and-cve-2024-36037-part2/

https://www.shelltrail.com/research/manageengine-adaudit-reverse-engineering-windows-rpc-to-find-cve-2024-36036-and-cve-2024-36037-part3/

CVE-2204-5830:Chrome浏览器沙箱渲染器RCE漏洞

https://github.blog/security/vulnerability-research/from-object-transition-to-rce-in-the-chrome-renderer/

CVE-2024-2887变体:Chrome WASM类型混淆漏洞技术分析

https://ssd-disclosure.com/ssd-advisory-google-chrome-rce/

CVE-2024-7593:Ivanti vTM虚拟流量管理系统身份验证绕过漏洞POC

https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Virtual-Traffic-Manager-vTM-CVE-2024-7593

https://github.com/rapid7/metasploit-framework/pull/19386

Living off the VPN:针对VPN漏洞的后利用技术分析

https://www.akamai.com/blog/security-research/2024/aug/2024-august-vpn-post-exploitation-techniques-black-hat


云安全


ArtiPACKED:GitHub Actions Artifacts条件竞争攻击利用分析

https://unit42.paloaltonetworks.com/github-repo-artifacts-leak-tokens/

CVE-2024-38162、CVE-38098:Azure Connected Machine Agent权限提升漏洞

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38162

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38098


人工智能和安全


M365 Copilot 易受 RCE 攻击,攻击者可搜索和分析敏感数据

https://labs.zenity.io/p/rce

如何创建第一个对话式 AI 云安全分析师

https://sysdig.com/blog/how-we-created-the-first-conversational-ai-cloud-security-analyst/

LLM Agentic系统安全CTF挑战:窃取密码

https://invariantlabs.ai/ctf-challenge-24


社工钓鱼


绕过邮件发件人身份验证的18种攻击方式

https://www.usenix.org/system/files/sec20fall_chen-jianjun_prepub_0.pdf

https://i.blackhat.com/USA-20/Thursday/us-20-Chen-You-Have-No-Idea-Who-Sent-That-Email-18-Attacks-On-Email-Sender-Authentication.pdf

针对邮件地址的Unicode字符fuzz实现账户接管

https://medium.com/@pranshux0x/account-takeover-on-8-years-old-public-program-c0c0a30cfdd2

通过CSS结合水坑攻击与浏览器访问历史泄露

https://adepts.of0x.cc/css-history-leaks/


其他


DEFCON 2024相关材料下载

https://media.defcon.org/DEF%20CON%2032/

微软与Forta如何联合打击被滥用的破解CobaltStrike

https://thecyberwire.com/podcasts/microsoft-threat-intelligence/25/notes

NIST发布首批能对抗量子计算的加密标准

https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards


M01N Team公众号

聚焦高级攻防对抗热点技术

绿盟科技蓝军技术研究战队

官方攻防交流群

网络安全一手资讯

攻防技术答疑解惑

扫码加好友即可拉群


往期推荐

每周蓝军技术推送(2024.8.3-8.9)

每周蓝军技术推送(2024.7.27-8.2)

每周蓝军技术推送(2024.7.20-7.26)



M01N Team
研战一体,以攻促防,共筑网络安全未来!
 最新文章