每周蓝军技术推送(2024.7.6-7.12)

科技   科技   2024-07-12 18:01   北京  


终端对抗


dirDevil:在文件夹结构中隐藏代码和内容

https://trustedsec.com/blog/dirdevil-hiding-code-and-content-within-folder-structures

在VBA宏中可靠地覆盖RWX内存实现更稳定代码劫持

https://adepts.of0x.cc/vba-rwx-addendum/

https://adepts.of0x.cc/vba-hijack-pointers-rwa/

40+43+74 种权限提升方法集合(Linux/Windows/macOS)

https://github.com/HadessCS/Awesome-Privilege-Escalation

借助注册表打印功能绕过EDR获取Windows启动密钥

https://sensepost.com/blog/2024/dumping-lsa-secrets-a-story-about-task-decorrelation/

使用自定义内核回调禁用EDR

https://www.alteredsecurity.com/post/when-the-hunter-becomes-the-hunted-using-custom-callbacks-to-disable-edrs

删除WFP监控滤网致盲EDR流量层检测

https://mp.weixin.qq.com/s/KjUcZKyS78QhVCDzjAvU9g

探索恶意软件中编译 V8 JAVASCRIPT 的使用情况

https://research.checkpoint.com/2024/exploring-compiled-v8-javascript-usage-in-malware/


漏洞相关


CVE-2024-38112:构造特殊.url文件触发RCE,已被在野利用

https://research.checkpoint.com/2024/resurrecting-internet-explorer-threat-actors-using-zero-day-tricks-in-internet-shortcut-file-to-lure-victims-cve-2024-38112/

CVE-2024-38094/CVE-2024-38024/CVE-2024-38023:微软SharePoint RCE漏洞POC

https://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC

CVE-2024-38021:微软Outlook Moniker零点击RCE漏洞

https://blog.morphisec.com/cve-2024-38021-microsoft-outlook-moniker-rce-vulnerability

CVE-2024-37081:Vmware vCenter RCE漏洞POC

https://github.com/Mr-r00t11/CVE-2024-37081

Evernote客户端全平台RCE分析

https://0reg.dev/blog/evernote-rce

False File Immutability:Elastic提出的新Window漏洞类型及攻击面分析

https://www.elastic.co/security-labs/false-file-immutability


云安全


微软AzureAD Graph API攻击面分析

https://github.com/mdsecresearch/Publications/blob/master/presentations/MDSec%20-%20Now%20youre%20not%20thinking%20with%20portals.pdf

azurehound-queries:适用于微软Azure的BloodHound查询

https://github.com/emiliensocchi/azurehound-queries


人工智能和安全


Uber的GenAI 网关创新实践

https://www.uber.com/en-HK/blog/genai-gateway/

LLM 安全性:使用自动化工具进行漏洞扫描

https://www.linkedin.com/pulse/llm-security-using-automated-tools-vulnerability-scans-rutam-bhagat-zailc/

MARKLLM:用于 LLM 水印的开源工具包

https://www.unite.ai/markllm-an-open-source-toolkit-for-llm-watermarking/


社工钓鱼


绕过安全电子邮件网关的链接爬虫

https://posts.specterops.io/like-shooting-phish-in-a-barrel-926c1905bb4b


其他


近期SSH RCE漏洞POC投毒恶意代码分析

https://santandersecurityresearch.github.io/blog/sshing_the_masses.html

运维工具Puppet的模块仓库Github Actions CI/CD配置错误,允许恶意模块上传

https://adnanthekhan.com/2024/07/02/roguepuppet-a-critical-puppet-forge-supply-chain-vulnerability/

检测 Entra ID 中的横向移动:跨租户同步

https://www.xintra.org/blog/lateral-movement-entraid-cross-tenant-synchronization

SnailLoad:借助网络延迟泄露用户行为的侧信道攻击

https://www.snailload.com/

SpecterOps SO-CON 2024会议视频

https://www.youtube.com/playlist?list=PLJK0fZNGiFU_Zh8PkjCws_Rw_8WdWKyd7


M01N Team公众号

聚焦高级攻防对抗热点技术

绿盟科技蓝军技术研究战队

官方攻防交流群

网络安全一手资讯

攻防技术答疑解惑

扫码加好友即可拉群


往期推荐

每周蓝军技术推送(2024.6.29-7.5)

每周蓝军技术推送(2024.6.22-6.28)

每周蓝军技术推送(2024.6.15-6.21)

M01N Team
研战一体,以攻促防,共筑网络安全未来!
 最新文章