每周蓝军技术推送(2024.6.15-6.21)

科技   科技   2024-06-21 18:00   北京  


 内网渗透


Invoke-ADEnum:自动化AD枚举工具

https://github.com/Leo4j/Invoke-ADEnum

AD域内权限维持技术研究

https://www.huntandhackett.com/blog/how-to-achieve-eternal-persistence

https://www.huntandhackett.com/blog/how-to-achieve-eternal-persistence-part-2

https://www.huntandhackett.com/blog/how-to-achieve-eternal-persistence-part-3

利用SCCM绕过防御进行横向移动

https://www.guidepointsecurity.com/blog/sccm-exploitation-evading-defenses-and-moving-laterally-with-sccm-application-deployment

利用.NET Profiler进行横向移动

https://posts.specterops.io/lateral-movement-with-the-net-profiler-8772c86f9523

https://github.com/MayerDaniel/profiler-lateral-movement


终端对抗


VOIDGATE:借助VEH和汇编指令加密规避内存扫描

https://github.com/vxCrypt0r/Voidgate

睡眠状态Beacon识别工具

https://github.com/thefLink/Hunt-Sleeping-Beacons

恶意Windows进程、线程异常状态识别

https://www.trustedsec.com/blog/windows-processes-nefarious-anomalies-and-you-threads

绕过PowerShell ScriptBlock日志

https://bc-security.org/scriptblock-smuggling/

https://github.com/BC-SECURITY/ScriptBlock-Smuggling

RdpStrike:借助硬件断点提取明文RDP密码

https://github.com/0xEr3bus/RdpStrike


漏洞相关


CVE-2024-20693:Windows 缓存代码签名伪造漏洞

https://sector7.computest.nl/post/2024-06-cve-2024-20693-windows-cached-code-signature-manipulation/

CVE-2024-26229:Windows csc.sys驱动LPE漏洞

https://github.com/varwara/CVE-2024-26229

https://github.com/NVISOsecurity/CVE-2024-26229-BOF

CVE-2024-30078:Windows WiFi 驱动程序RCE漏洞

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30078

https://github.com/lvyitian/CVE-2024-30078-

Linux内核攻击面探索与模糊测试方法分享

https://github.com/sam4k/talk-slides/blob/main/so_you_wanna_find_bugs_in_the_linux_kernel.pdf

CVE-2024-27815:XNU内核中的缓冲区溢出漏洞分析

https://jprx.io/cve-2024-27815/

CVE-2024-21378:Microsoft Outlook RCE漏洞分析

https://www.netspi.com/blog/technical-blog/red-team-operations/microsoft-outlook-remote-code-execution-cve-2024-21378/

Chromium V8 堆沙箱中的代码执行

https://anvbis.au/posts/code-execution-in-chromiums-v8-heap-sandbox/


云安全


Kubernetes中allowPrivilegeEscalation选项滥用风险辨析

https://blog.christophetd.fr/stop-worrying-about-allowprivilegeescalation/

gcpwn:谷歌存储桶渗透辅助工具

https://github.com/NetSPI/gcpwn


人工智能和安全


JailbreakEval:用于评估针对大型语言模型进行越狱尝试的集成工具包

https://arxiv.org/abs/2406.09321

Github Copilot提示词注入漏洞分析

https://embracethered.com/blog/posts/2024/github-copilot-chat-prompt-injection-data-exfiltration/

AI基础设施风险,NVIDIA Triton服务器的Preauth RCE漏洞

https://sites.google.com/site/zhiniangpeng/blogs/Triton-RCE


社工钓鱼


渐进式 Web 应用程序 (PWA) 网络钓鱼

https://mrd0x.com/progressive-web-apps-pwa-phishing/


其他


Kdrill:Windows内核rootkit检测工具

https://github.com/ExaTrack/Kdrill

Linux与macOS系统EDR agent分析工具

https://github.com/outflanknl/edr-internals/

SteppingStones:红队攻击日志集中记录平台,已支持CS与BloodHound

https://github.com/nccgroup/SteppingStones

https://research.nccgroup.com/2024/06/12/stepping-stones-a-red-team-activity-hub/

Bridewell发布2024网络威胁年度报告

https://www.bridewell.com/insights/white-papers/detail/cyber-threat-intelligence-report-2024

x33fcon 2024研讨会幻灯片和代码

https://github.com/rtecCyberSec/Packer_Development


M01N Team公众号

聚焦高级攻防对抗热点技术

绿盟科技蓝军技术研究战队

官方攻防交流群

网络安全一手资讯

攻防技术答疑解惑

扫码加好友即可拉群


往期推荐

每周蓝军技术推送(2024.6.8-6.14)

每周蓝军技术推送(2024.6.1-6.7)

每周蓝军技术推送(2024.5.25-5.31)

M01N Team
研战一体,以攻促防,共筑网络安全未来!
 最新文章