每周蓝军技术推送(2024.4.13-4.19)

科技   科技   2024-04-19 16:59   北京  


 内网渗透


通过微软Github存储库的Self-hosted Runner漏洞攻陷微软AD域服务器

https://johnstawinski.com/2024/04/15/fixing-typos-and-breaching-microsofts-perimeter/

LSA Whisperer:Windows身份验证包攻击工具,从 LSASS 获取凭证而不访问其内存

https://posts.specterops.io/lsa-whisperer-20874277ea3b

https://github.com/EvanMcBroom/lsa-whisperer


终端对抗


适用于Windows的编译时C程序混淆头文件

https://github.com/DosX-dev/obfus.h

LetMeowIn: 具备EDR Bypass与反检测特性的Windows 凭据转储工具

https://github.com/Meowmycks/LetMeowIn

PasteBomb:用 Go 创建的PasteBin C2 僵尸网络概念验证项目

https://github.com/marco-liberale/PasteBomb

pyMetaTwin:适配非Windows的PE文件元数据复制工具

https://github.com/Cerbersec/pyMetaTwin

Windows 事件跟踪 (ETW) patch 防御削弱技术分析

https://jsecurity101.medium.com/understanding-etw-patching-9f5af87f9d7b

滥用微软开发隧道实现C2通信

https://redsiege.com/blog/2024/04/using-microsoft-dev-tunnels-for-c2-redirection/

利用C2 API 实现从 Mythic 中远程控制 Sliver木马

https://github.com/MythicAgents/sliver/blob/main/blog/blog.md

WAREED-DNS-C2:利用DNS协议进行通信的前锋C2

https://github.com/Faisal-P27/WAREED-DNS-C2

Redline窃密器新变体分析

https://www.mcafee.com/blogs/other-blogs/mcafee-labs/redline-stealer-a-novel-approach/


漏洞相关


CVE-2024-2961:glibc写入转义序列时的越界写漏洞,可通过PHP进行利用

https://www.openwall.com/lists/oss-security/2024/04/18/4

https://twitter.com/oss_security/status/1781002176589897854

CVE-2024-21338:适用Win10/Win11的内核提权漏洞分析与LPE POC

https://hakaisecurity.io/cve-2024-21338-from-admin-to-kernel-through-token-manipulation-and-windows-kernel-exploitation/research-blog/

https://github.com/Nero22k/Exploits/tree/main/Windows/CVE-2024-21338

https://github.com/hakaioffsec/CVE-2024-21338

串联nday漏洞攻陷系统系列:构成虚拟机逃逸链的CVE-2023-29360 驱动本地提权漏洞

https://blog.theori.io/chaining-n-days-to-compromise-all-part-3-windows-driver-lpe-medium-to-system-12f7821d97bb

CVE-2024-26230:Windows telephony 服务UAF提权漏洞利用分析

https://whereisk0shl.top/post/a-trick-the-story-of-cve-2024-26230

CVE-2024-20697:Windows Libarchive 远程代码执行漏洞分析

https://www.zerodayinitiative.com/blog/2024/4/17/cve-2024-20697-windows-libarchive-remote-code-execution-vulnerability

Windows注册表机制剖析与攻击面分析系列

https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-1.html

https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-2.html

CVE-2023-35628:微软Outlook零点击 RCE漏洞分析

https://www.akamai.com/blog/security-research/critical-vulnerability-create-uri-remote-code-execution

CVE-2024-3832:在运行时破坏Chrome jsobject 的新方法

https://twitter.com/buptdsb/status/1780950890792550585

https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html

CVE-2024-3400:被用于在野攻击Palo Alto SSLVPN漏洞分析

https://labs.watchtowr.com/palo-alto-putting-the-protecc-in-globalprotect-cve-2024-3400/

微软采用 CWE(常见弱点枚举行业标准)发布Microsoft CVE漏洞信息

https://msrc.microsoft.com/blog/2024/04/toward-greater-transparency-adopting-the-cwe-standard-for-microsoft-cves/


云安全


Amazon CloudFront 宣布支持 Lambda 函数 URL 源的源访问控制 (OAC)

https://aws.amazon.com/cn/about-aws/whats-new/2024/04/amazon-cloudfront-oac-lambda-function-url-origins/

ActionsTOCTOU:GitHub Actions 检查时间到使用时间的示例存储库(TOCTOU 漏洞)

https://github.com/AdnaneKhan/ActionsTOCTOU


社工钓鱼


借助Cloudflare Turnstile 反机器人产品保护钓鱼基础设施

https://fin3ss3g0d.net/index.php/2024/04/08/evilgophishs-approach-to-advanced-bot-detection-with-cloudflare-turnstile/

攻击者滥用Twitter的域名替换特性伪装可信URL进行网站钓鱼

https://krebsonsecurity.com/2024/04/twitters-clumsy-pivot-to-x-com-is-a-gift-to-phishers/

AWS访问漏洞分析,不正确的角色信任策略评估而获得未经授权的帐户访问

https://www.stedi.com/blog/stedi-discovered-an-aws-access-vulnerability


人工智能和安全


Microsoft 如何发现并缓解针对 AI 围栏不断演变的攻击

https://www.microsoft.com/en-us/security/blog/2024/04/11/how-microsoft-discovers-and-mitigates-evolving-attacks-against-ai-guardrails/

JailbreakLens:针对大型语言模型的越狱攻击可视化分析

https://arxiv.org/abs/2404.08793

ps-fuzz:交互式GenAI应用安全Prompt评估工具

https://github.com/prompt-security/ps-fuzz

MLCommons 发布 AI Safety 基准 0.5

https://mlcommons.org/2024/04/mlc-aisafety-v0-5-poc/

Garak - 生成式 AI 红队工具

https://wiki.hego.tech/llm-security/garak-a-generative-ai-red-teaming-tool


其他


AttackGen:使用LLM生成威胁参与者攻击事件场景,辅助攻击模拟与应急检测

https://github.com/mrwadams/attackgen

BinSym:使用指令语义的形式描述的二进制级符号执行框架

https://arxiv.org/abs/2404.04132

使用 Capstone Disassembler 和 Unicorn 解析堆栈字符串

https://www.0ffset.net/reverse-engineering/capstone-resolving-stack-strings/

加深政府合作,谷歌公共部门获得美国政府绝密和秘密云授权

https://cloud.google.com/blog/topics/public-sector/google-public-sector-achieves-top-secret-and-secret-cloud-authorization?hl=en


M01N Team公众号

聚焦高级攻防对抗热点技术

绿盟科技蓝军技术研究战队

官方攻防交流群

网络安全一手资讯

攻防技术答疑解惑

扫码加好友即可拉群


往期推荐

每周蓝军技术推送(2024.3.30-4.12)

每周蓝军技术推送(2024.3.23-3.29)

每周蓝军技术推送(2024.3.16-3.22)

M01N Team
研战一体,以攻促防,共筑网络安全未来!
 最新文章