每周蓝军技术推送(2024.7.27-8.2)

科技   2024-08-02 18:00   北京  


内网渗透


LocalKdc:在非域主机上运行Kerberos密钥分发中心

https://github.com/jborean93/LocalKdc

KeyCredentialLink:编辑msDS-KeyCredentialLink属性添加影子凭据

https://github.com/Leo4j/KeyCredentialLink


终端对抗


SessionExec:在其他用户Session中执行命令

https://github.com/Leo4j/SessionExec

LayeredSyscall:滥用VEH回调构造合法调用堆栈

https://whiteknightlabs.com/2024/07/31/layeredsyscall-abusing-veh-to-bypass-edrs/

https://github.com/WKL-Sec/LayeredSyscall

SyscallTempering:借助VEH回调隐藏Syscall调用参数

https://github.com/Allevon412/SyscallTempering

C2武器的异常堆栈特征捕获与对抗

https://sabotagesec.com/gotta-catch-em-all-catching-your-favorite-c2-in-memory-using-stack-thread-telemetry/

Chrome引入应用绑定机制加强Cookie加密保护

https://security.googleblog.com/2024/07/improving-security-of-chrome-cookies-on.html

解析“核心隔离”保护机制如何影响驱动加载过程

https://sabotagesec.com/tale-of-code-integrity-driver-loads/

Specula:借助Outlook客户端组件通讯的C2框架

https://github.com/trustedsec/specula

https://trustedsec.com/blog/specula-turning-outlook-into-a-c2-with-one-registry-change


漏洞


CVE-2024-37085:Vmware ESXi AD集成身份验证绕过漏洞

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505

https://www.microsoft.com/en-us/security/blog/2024/07/29/ransomware-operators-exploit-esxi-hypervisor-vulnerability-for-mass-encryption/

某输入法Windows锁屏绕过及权限提升

https://mp.weixin.qq.com/s/aqA3TdU5NFcT6v1owMz--A

https://mp.weixin.qq.com/s/25n6PPsfSizRXn2VGVhxnQ

挖掘与利用终端安全产品中的链接跟随提权漏洞

https://www.zerodayinitiative.com/blog/2024/7/29/breaking-barriers-and-assumptions-techniques-for-privilege-escalation-on-windows-part-1

https://www.zerodayinitiative.com/blog/2024/7/30/breaking-barriers-and-assumptions-techniques-for-privilege-escalation-on-windows-part-2

CVE-2024-7120:瑞斯康达网关命令注入漏洞影响25,000 多个设备

https://netsecfish.notion.site/Command-Injection-Vulnerability-in-RAISECOM-Gateway-Devices-673bc7d2f8db499f9de7182d4706c707


云安全


GraphSpy:适用于AAD与O365的初始访问与后渗透框架

https://github.com/RedByte1337/GraphSpy


人工智能和安全


LLM Agent安全和隐私风险案例研究调查

https://arxiv.org/abs/2407.19354

Amazon 发布 Bedrock LLM AI托管解决方案,包含安防防护和数据安全

https://aws.amazon.com/cn/bedrock/security-compliance/

https://aws.amazon.com/cn/bedrock/guardrails/

llama3.1越狱提示词

https://ai.meta.com/blog/meta-llama-3-1/

https://github.com/elder-plinius/L1B3RT45/blob/main/META.mkd


社工钓鱼


在网络钓鱼中利用自定义载荷绕过EDR

https://posts.specterops.io/deep-sea-phishing-pt-1-092a0637e2fd

https://posts.specterops.io/deep-sea-phishing-pt-2-29c48f1e214e


其他


go-exploit-cache:借助测绘引擎HTTP缓存扫描漏洞

https://github.com/vulncheck-oss/go-exploit-cache

https://vulncheck.com/blog/vulncheck-goes-scanless

CFOR漏洞攻击:访问Github上的已删除和私有仓库数据

https://trufflesecurity.com/blog/anyone-can-access-deleted-and-private-repo-data-github

借助RDP位图缓存取证恶意远程桌面活动

https://www.thedfirspot.com/post/rdp-bitmap-cache-piece-s-of-the-puzzle

PKfail:借助预置平台密钥绕过UEFI安全启动保护

https://www.binarly.io/blog/pkfail-untrusted-platform-keys-undermine-secure-boot-on-uefi-ecosystem

https://pk.fail/


M01N Team公众号

聚焦高级攻防对抗热点技术

绿盟科技蓝军技术研究战队

官方攻防交流群

网络安全一手资讯

攻防技术答疑解惑

扫码加好友即可拉群


往期推荐

每周蓝军技术推送(2024.7.20-7.26)

每周蓝军技术推送(2024.7.13-7.19)

每周蓝军技术推送(2024.7.6-7.12)


M01N Team
研战一体,以攻促防,共筑网络安全未来!
 最新文章