每周蓝军技术推送（2023.3.18-3.24）

https://www.trustedsec.com/blog/red-vs-blue-kerberos-ticket-times-checksums-and-you/

https://blog.scrt.ch/2023/03/17/bypassing-ppl-in-userland-again/

https://github.com/itm4n/PPLmedic

https://adepts.of0x.cc/vba-exports-runtime/

https://debugactiveprocess.medium.com/rtlprocessflsdata-as-anti-debugging-technique-c531174c6dc8

https://github.com/memN0ps/ekko-rs

https://mp.weixin.qq.com/s/ggB_XarThtTA_tI44k054w

https://github.com/ZeroMemoryEx/Tokenizer

https://github.com/XaFF-XaFF/Black-Angel-Rootkit

https://github.com/Mr-Un1k0d3r/Elevate-System-Trusted-BOF

https://twitter.com/0gtweet/status/1633583947379556353

https://github.com/gtworek/PSBits/tree/master/OfflineSAM/OfflineAddAdmin2

https://seclists.org/oss-sec/2023/q1/184

https://securityonline.info/cve-2023-28115-rce-vulnerability-affects-the-popular-php-library-snappy/

https://blog.impalabs.com/2303_advisory_parallels-desktop_toolgate.html

https://github.com/Impalabs/CVE-2023-27326

https://blog.doyensec.com/2023/03/21/windows-installer.html

https://www.mitiga.io/blog/google-cloud-platform-exfiltration-a-threat-hunting-guide

https://mp.weixin.qq.com/s/OqmkjW9NKaDLBgvMq-NdiA

https://towardsdatascience.com/transformer-neural-network-engineering-techniques-on-system-logs-for-malware-behavior-modeling-c79f83f1ae69

https://blog.ecapuano.com/p/find-threats-in-event-logs-with-hayabusa

https://github.com/Yamato-Security/hayabusa

https://talesfromdecrypt.com/appgpt-b237c66b09bf

https://blog.cloudflare.com/api-sequence-analytics/