Web安全
CVE-2023-29489:cPanel XSS 漏洞
https://blog.assetnote.io/2023/04/26/xss-million-websites-cpanel/
利用预身份验证漏洞在Oracle Opera中实现RCE
https://blog.assetnote.io/2023/04/30/rce-oracle-opera/
内网渗透
ETWHash:从ETW提供程序中提取NetNTLMv1/v2哈希
https://github.com/nettitude/ETWHash
https://labs.nettitude.com/blog/etwhash-he-who-listens-shall-receive/
hashmuncher:使用具有管理权限的ETW获取NetNTLMv2哈希
https://github.com/lkarlslund/hashmuncher
类似Psexec的横向移动程序检测
https://bherunda.medium.com/procedural-detections-to-uncover-psexec-style-lateral-movement-5e83932eeb7e
终端对抗
StackMask:使用堆栈加密掩盖植入的Shellcode
https://whiteknightlabs.com/2023/05/02/masking-the-implant-with-stack-encryption/
https://github.com/WKL-Sec/StackMask
StackCrypt:创建能挂起每个线程并加密堆栈进入睡眠状态,恢复线程时解密堆栈
https://github.com/TheD1rkMtr/StackCrypt/
sc2pe:使用AsmResolver将Shellcode转换为PE的dotnet Native AOT程序
https://github.com/Dump-GUY/sc2pe
BlockOpenHandle:只允许SYSTEM权限打开进程句柄,规避远程内存扫描器
https://github.com/TheD1rkMtr/BlockOpenHandle
解除恶意DLL与PEB的链接隐藏注入的DLL
https://blog.christophetd.fr/dll-unlinking/
通过DLL代理武器化DLL劫持
https://medium.com/@lsecqt/weaponizing-dll-hijacking-via-dll-proxying-3983a8249de0
漏洞相关
CVE-2023-27524:Apache Superset中不安全的默认配置导致远程代码执行
https://www.horizon3.ai/cve-2023-27524-insecure-default-configuration-in-apache-superset-leads-to-remote-code-execution/
CVE-2023-28231:dhcp服务远程代码执行漏洞分析
https://www.zerodayinitiative.com/blog/2023/5/1/cve-2023-28231-rce-in-the-microsoft-windows-dhcpv6-service
CVE-2023-21707:Microsoft Exchange Powershell远程反序列化导致RCE
https://starlabs.sg/blog/2023/04-microsoft-exchange-powershell-remoting-deserialization-leading-to-rce-cve-2023-21707/
CVE-2022-46718:利用IOS逻辑漏洞实现未经授权获取用户敏感信息
https://securityonline.info/cve-2022-46718-ios-vulnerability-exposes-sensitive-location-data/
https://github.com/biscuitehh/cve-2022-46718-leaky-location
CVE-2023-23525:通过虚假安装程序获取MacOS Root权限
https://jhftss.github.io/CVE-2023-23525-Get-Root-via-A-Fake-Installer/
云安全
通过GitHub Actions窃取GitHub员工的访问令牌
https://blog.ryotak.net/post/github-actions-staff-access-token-en/
GCP已开始使用生成式AI提升安全能力
https://cloud.google.com/blog/products/identity-security/rsa-google-cloud-security-ai-workbench-generative-ai
Azure威胁研究矩阵
https://microsoft.github.io/Azure-Threat-Research-Matrix/
其他
Dual LLM模式,用于构建可抵抗快速注入的AI助手
https://simonwillison.net/2023/Apr/25/dual-llm-pattern/
bitlocker-attacks:对BitLocker的公开攻击列表
https://github.com/Wack0/bitlocker-attacks
AIMOD2:一种结构化的威胁搜寻方法,可主动识别、参与和防止网络威胁
https://github.com/darkquasar/AIMOD2
MacOSThreatTrack:检测MacOS系统恶意活动的Bash工具
https://github.com/ab2pentest/MacOSThreatTrack
微软切换至新的威胁实施者命名分类方式
https://www.microsoft.com/en-us/security/blog/2023/04/18/microsoft-shifts-to-a-new-threat-actor-naming-taxonomy/
Meta 2023年第一季度对抗性威胁报告
https://about.fb.com/news/2023/05/metas-adversarial-threat-report-first-quarter-2023/
M01N Team公众号
聚焦高级攻防对抗热点技术
绿盟科技蓝军技术研究战队
官方攻防交流群
网络安全一手资讯
攻防技术答疑解惑
扫码加好友即可拉群
往期推荐
原文始发于微信公众号(M01N Team):每周蓝军技术推送(2023.4.29-5.5)
