每周蓝军技术推送(2024.8.17-8.23)

科技   2024-08-23 18:01   北京  



WEB安全


利用Apache HTTP服务器中隐藏的语义歧义

https://blog.orange.tw/posts/2024-08-confusion-attacks-ch/


内网渗透


MaLDAPtive:LDAP SearchFilter 解析/混淆/解混淆及检测框架

https://github.com/MaLDAPtive/Invoke-Maldaptive

借助SSH隧道穿越企业防火墙

https://labs.jumpsec.com/ssh-tunnelling-to-punch-through-corporate-firewalls-updated-take-on-one-of-the-oldest-lolbins/


终端对抗


Shwmae:在特权用户上下文中滥用Windows Hello

https://github.com/CCob/Shwmae

ShimMe:使用OfficeClickToRun未公开结构与接口注入代码

https://github.com/deepinstinct/ShimMe

.NET程序集感染与权限维持技术

https://habr.com/ru/companies/ru_mts/articles/832892/

Hookchain:借助IAT Hook、系统调用等技术重定向Windows子系统规避EDR挂钩

https://github.com/helviojunior/hookchain

使用VEH规避EDR进行进程注入

https://securityintelligence.com/x-force/using-veh-for-defense-evasion-process-injection/

DriverJack:滥用符号链接劫持合法驱动服务加载自定义驱动

https://github.com/klezVirus/DriverJack


漏洞


CVE-2024-30089:Windows 11内核UAF漏洞分析

https://securityintelligence.com/x-force/little-bug-that-could/

CVE-2024-38100:利用DCOM接口的的本地权限提升漏洞

https://decoder.cloud/2024/08/02/the-fake-potato/

CVE-2024-38063:Windows TCP/IP IPV6 RCE漏洞补丁对比与POC

https://x.com/f4rmpoet/status/1825472703223992323

https://github.com/Sachinart/CVE-2024-38063-POC

BYOB (Build Your Own Botnet) 开源后渗透框架未授权RCE漏洞

https://github.com/chebuya/exploits/tree/main/BYOB-RCE

https://blog.chebuya.com/posts/unauthenticated-remote-command-execution-on-byob/

“检查时间到使用时间”(TOCTOU)类型逻辑漏洞利用分析

https://oliviagallucci.com/how-to-manipulate-the-execution-flow-of-toctou-attacks/


云安全


通过微软云应用程序进行权限提升和持久化

https://www.semperis.com/blog/unoauthorized-privilege-elevation-through-microsoft-applications/

使用联合凭证持续使用 Entra ID 应用程序和用户托管身份

https://dirkjanm.io/persisting-with-federated-credentials-entra-apps-managed-identities/

在Azure中利用直通身份验证凭据

https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/

借助AWS默认OIDC信任策略缺陷获取管理权限

https://hacktodef.com/addressed-aws-defaults-risks-oidc-terraform-and-anonymous-to-administratoraccess

Kebernetes组件git-sync的命令注入缺陷

https://www.akamai.com/blog/security-research/2024-august-kubernetes-gitsync-command-injection-defcon

滥用Dependabot Github 应用程序入侵代码仓库

https://www.synacktiv.com/publications/github-actions-exploitation-dependabot


人工智能和安全


AI与LLM渗透测试,保护AI 驱动应用程序的挑战和最佳实践

https://forgepointcap.com/perspectives/tales-from-the-forefront-demystifying-ai-and-llm-pen-testing

LLM Agentic系统安全CTF挑战

https://invariantlabs.ai/ctf-challenge-24


社工钓鱼


利用通用数据链接配置(UDL)文件泄露的NTLM及明文凭据

https://trustedsec.com/blog/oops-i-udld-it-again

网络钓鱼技战法汇总介绍

https://posts.specterops.io/teach-a-man-to-phish-43528846e382


其他


CISA发布事件日志记录和威胁检测的最佳实践

https://www.cyber.gov.au/sites/default/files/2024-08/best-practices-for-event-logging-and-threat-detection.pdf

基于崩溃报告的在野威胁捕获分析

https://objective-see.org/blog/blog_0x7B.html

https://speakerdeck.com/patrickwardle/the-hidden-treasure-of-crash-reports

cloudflare集成JA4指纹推进威胁阻断

https://blog.cloudflare.com/ja4-signals

使用“公开”的Tor中继节点捕获shell

https://www.fullspectrum.dev/catching-shells-without-infrastructure-using-open-tor-relays/


M01N Team公众号

聚焦高级攻防对抗热点技术

绿盟科技蓝军技术研究战队

官方攻防交流群

网络安全一手资讯

攻防技术答疑解惑

扫码加好友即可拉群


往期推荐

每周蓝军技术推送(2024.8.10-8.16)

每周蓝军技术推送(2024.8.3-8.9)

每周蓝军技术推送(2024.7.27-8.2)




M01N Team
研战一体,以攻促防,共筑网络安全未来!
 最新文章