内网渗透
OUned:利用AD域中的隐藏组织单位 Acl 攻击向量
https://www.synacktiv.com/en/publications/ounedpy-exploiting-hidden-organizational-units-acl-attack-vectors-in-active-directory
https://github.com/synacktiv/OUned
终端对抗
DLHell:利用DCOM实现本地DLL代理与横向移动
https://github.com/synacktiv/DLHell
绕过Palo Alto Cortex XDR防篡改机制,实现恶意代码注入与隐匿攻击
https://www.blackhat.com/asia-24/briefings/schedule/#the-dark-side-of-edr-repurpose-edr-as-an-offensive-tool-37846
https://www.safebreach.com/blog/dark-side-of-edr-offensive-tool/
KExecDD:使用 KSecDD 驱动程序管理内核代码执行
https://github.com/floesen/KExecDD
MagicDot:基于DOS到 NT 路径转换漏洞的用户态类rootkit工具
https://github.com/SafeBreach-Labs/MagicDot
BGGP4:适用于 x64 的 420 字节自我复制 UEFI 应用程序
https://github.com/netspooky/golfclub/tree/master/uefi/bggp4
CelestialSpark:兼容MSF与Silver的反向 TCP Staging shellcode
https://github.com/Karkas66/CelestialSpark
进攻性数据丰富平台Nemesis 1.0.0已发布
https://posts.specterops.io/nemesis-1-0-0-8c6b745dc7c5
漏洞相关
CVE-2024-3400:Palo Alto NGFW Marketplace AMI漏洞补丁分析
https://www.sprocketsecurity.com/resources/patch-diffing-cve-2024-3400-from-a-palo-alto-ngfw-marketplace-ami
CVE-2024-20356:Cisco CIMC设备命令注入漏洞
https://labs.nettitude.com/blog/cve-2024-20356-jailbreaking-a-cisco-appliance-to-run-doom/
https://github.com/nettitude/CVE-2024-20356
CVE-2024-26131、CVE-2024-26132:Android应用Intent组件漏洞分析
https://www.shielder.com/blog/2024/04/element-android-cve-2024-26131-cve-2024-26132-never-take-intents-from-strangers/
CVE-2023-6345:Skia 图形库中的整数溢出已被用来利用 Chrome
https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2023/CVE-2023-6345.html
CVE-2024-21111:Oracle VirtualBox 本地权限提升漏洞利用POC
https://github.com/mansk1es/CVE-2024-21111
Nodejs应用攻击面分析
https://blog.devsecopsguides.com/attacking-nodejs-application
密码泄露检测服务导致密码管理器凭据泄露
https://blog.quarkslab.com/passbolt-a-bold-use-of-haveibeenpwned.html
CVE-2024-20353、CVE-2024-20359:思科VPN设备存在在野漏洞利用
https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/
https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/line/ncsc-tip-line-dancer.pdf
MITRE研发网络遭受Ivanti VPN 0day 攻击
https://www.mitre.org/news-insights/news-release/mitre-response-cyber-attack-one-its-rd-networks
ROPDecoder漏洞利用辅助工具原理分析与编写
https://zeyadazima.com/exploit%20development/ropdecoder/
云安全
Living Off the Pipeline:盘点CI/CD管道中常用工具存在的RCE-By-Design问题
https://boostsecurityio.github.io/lotp/
AWS 缺陷如何使 Amplify IAM 角色容易被接管
https://securitylabs.datadoghq.com/articles/amplified-exposure-how-aws-flaws-made-amplify-iam-roles-vulnerable-to-takeover/
BAADTokenBroker:利用设备侧存储密钥认证微软Entra ID
https://github.com/secureworks/BAADTokenBroker
Github 评论被滥用以通过微软仓库链接投递恶意软件
https://www.bleepingcomputer.com/news/security/github-comments-abused-to-push-malware-via-microsoft-repo-urls/
Gitlab 评论同样可能被滥用以投递恶意软件
https://www.bleepingcomputer.com/news/security/gitlab-affected-by-github-style-cdn-flaw-allowing-malware-hosting/
CloudConsoleCartographer:压缩云事件分组并映射至用户输入,以简化防御分析
https://github.com/Permiso-io-tools/CloudConsoleCartographer
人工智能和安全
LLM指令层级和特权指令
https://arxiv.org/abs/2404.13208
微软Copilot for Security 提示词优化
https://github.com/rod-trent/Copilot-for-Security/tree/main/Prompts/Workshop
其他
Blackhat Asia 2024议题列表,部分材料已开放下载
https://www.blackhat.com/asia-24/briefings/schedule/index.html
DATADOG发布DevSecOps态势报告
https://www.datadoghq.com/state-of-devsecops/
OpenSSF和 OpenJS 基金会对社会工程接管开源项目发出警报
https://openjsf.org/blog/openssf-openjs-alert-social-engineering-takeovers
微软开源MS-DOS 4.0
https://github.com/microsoft/MS-DOS
M01N Team公众号
聚焦高级攻防对抗热点技术
绿盟科技蓝军技术研究战队
官方攻防交流群
网络安全一手资讯
攻防技术答疑解惑
扫码加好友即可拉群
往期推荐
每周蓝军技术推送(2024.4.13-4.19)
每周蓝军技术推送(2024.3.30-4.12)
每周蓝军技术推送(2024.3.23-3.29)