每周蓝军技术推送(2024.4.20-4.26)

科技   科技   2024-04-26 15:52   北京  


 内网渗透


OUned:利用AD域中的隐藏组织单位 Acl 攻击向量

https://www.synacktiv.com/en/publications/ounedpy-exploiting-hidden-organizational-units-acl-attack-vectors-in-active-directory

https://github.com/synacktiv/OUned


终端对抗


DLHell:利用DCOM实现本地DLL代理与横向移动

https://github.com/synacktiv/DLHell

绕过Palo Alto Cortex XDR防篡改机制,实现恶意代码注入与隐匿攻击

https://www.blackhat.com/asia-24/briefings/schedule/#the-dark-side-of-edr-repurpose-edr-as-an-offensive-tool-37846

https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/

KExecDD:使用 KSecDD 驱动程序管理内核代码执行

https://github.com/floesen/KExecDD

MagicDot:基于DOS到 NT 路径转换漏洞的用户态类rootkit工具

https://github.com/SafeBreach-Labs/MagicDot

BGGP4:适用于 x64 的 420 字节自我复制 UEFI 应用程序

https://github.com/netspooky/golfclub/tree/master/uefi/bggp4

CelestialSpark:兼容MSF与Silver的反向 TCP Staging shellcode

https://github.com/Karkas66/CelestialSpark

进攻性数据丰富平台Nemesis 1.0.0已发布

https://posts.specterops.io/nemesis-1-0-0-8c6b745dc7c5


漏洞相关


CVE-2024-3400:Palo Alto NGFW Marketplace AMI漏洞补丁分析

https://www.sprocketsecurity.com/resources/patch-diffing-cve-2024-3400-from-a-palo-alto-ngfw-marketplace-ami

CVE-2024-20356:Cisco CIMC设备命令注入漏洞

https://labs.nettitude.com/blog/cve-2024-20356-jailbreaking-a-cisco-appliance-to-run-doom/

https://github.com/nettitude/CVE-2024-20356

CVE-2024-26131、CVE-2024-26132:Android应用Intent组件漏洞分析

https://www.shielder.com/blog/2024/04/element-android-cve-2024-26131-cve-2024-26132-never-take-intents-from-strangers/

CVE-2023-6345:Skia 图形库中的整数溢出已被用来利用 Chrome

https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2023/CVE-2023-6345.html

CVE-2024-21111:Oracle VirtualBox 本地权限提升漏洞利用POC

https://github.com/mansk1es/CVE-2024-21111

Nodejs应用攻击面分析

https://blog.devsecopsguides.com/attacking-nodejs-application

密码泄露检测服务导致密码管理器凭据泄露

https://blog.quarkslab.com/passbolt-a-bold-use-of-haveibeenpwned.html

CVE-2024-20353、CVE-2024-20359:思科VPN设备存在在野漏洞利用

https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/

https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/line/ncsc-tip-line-dancer.pdf

MITRE研发网络遭受Ivanti VPN 0day 攻击

https://www.mitre.org/news-insights/news-release/mitre-response-cyber-attack-one-its-rd-networks

ROPDecoder漏洞利用辅助工具原理分析与编写

https://zeyadazima.com/exploit%20development/ropdecoder/


云安全


Living Off the Pipeline:盘点CI/CD管道中常用工具存在的RCE-By-Design问题

https://boostsecurityio.github.io/lotp/

AWS 缺陷如何使 Amplify IAM 角色容易被接管

https://securitylabs.datadoghq.com/articles/amplified-exposure-how-aws-flaws-made-amplify-iam-roles-vulnerable-to-takeover/

BAADTokenBroker:利用设备侧存储密钥认证微软Entra ID

https://github.com/secureworks/BAADTokenBroker

Github 评论被滥用以通过微软仓库链接投递恶意软件

https://www.bleepingcomputer.com/news/security/github-comments-abused-to-push-malware-via-microsoft-repo-urls/

Gitlab 评论同样可能被滥用以投递恶意软件

https://www.bleepingcomputer.com/news/security/gitlab-affected-by-github-style-cdn-flaw-allowing-malware-hosting/

CloudConsoleCartographer:压缩云事件分组并映射至用户输入,以简化防御分析

https://github.com/Permiso-io-tools/CloudConsoleCartographer


人工智能和安全


LLM指令层级和特权指令

https://arxiv.org/abs/2404.13208

微软Copilot for Security 提示词优化

https://github.com/rod-trent/Copilot-for-Security/tree/main/Prompts/Workshop


其他


Blackhat Asia 2024议题列表,部分材料已开放下载

https://www.blackhat.com/asia-24/briefings/schedule/index.html

DATADOG发布DevSecOps态势报告

https://www.datadoghq.com/state-of-devsecops/

OpenSSF和 OpenJS 基金会对社会工程接管开源项目发出警报

https://openjsf.org/blog/openssf-openjs-alert-social-engineering-takeovers

微软开源MS-DOS 4.0

https://github.com/microsoft/MS-DOS


M01N Team公众号

聚焦高级攻防对抗热点技术

绿盟科技蓝军技术研究战队

官方攻防交流群

网络安全一手资讯

攻防技术答疑解惑

扫码加好友即可拉群


往期推荐

每周蓝军技术推送(2024.4.13-4.19)

每周蓝军技术推送(2024.3.30-4.12)

每周蓝军技术推送(2024.3.23-3.29)

M01N Team
研战一体,以攻促防,共筑网络安全未来!
 最新文章