Web安全
PHP从零学习到Webshell免杀手册
https://paper.seebug.org/3044/
内网渗透
AD_Miner:利用Bloodhound图数据进行AD域审计的工具
https://github.com/Mazars-Tech/AD_Miner
ExtractBitlockerKeys:从AD域中自动化提取Bitlocker恢复密钥的脚本
https://github.com/p0dalirius/ExtractBitlockerKeys
linWinPwn:自动化AD域枚举和漏洞检查脚本
https://github.com/lefayjey/linWinPwn
终端对抗
LatLoader:适用于Havoc C2的自动化DLL劫持横向移动模块
https://github.com/icyguider/LatLoader
CoercedPotato:利用SeImpersonatePrivilege从服务账户权限到SYSTEM权限,适用于Windows 10、Windows 11和Server 2022
https://github.com/hackvens/CoercedPotato
SmmBackdoorNg:基于UEFI平台的系统管理模式后门
https://github.com/Cr4sh/SmmBackdoorNg
从注册表中自动化解析USB设备记录
https://www.khyrenz.com/post/automated-usb-artefact-parsing-from-the-registry
https://github.com/khyrenz/parseusbs
netuser-rs:Rust实现的Windows用户组管理接口API
https://github.com/secur30nly/netuser-rs
R2R Stamping:一种在ReadyToRun (R2R) 编译的.NET二进制文件中运行隐藏植入代码的新方法
https://research.checkpoint.com/2023/r2r-stomping-are-you-ready-to-run/
REC2:利用VirusTotal和Mastodon API加密消息传输的C2工具
https://github.com/g0h4n/REC2
LOLBins:在TIP平台中使用STIX格式以图形化易于理解的形式展示LOLBin二进制文件的利用
https://github.com/CTI-Driven/LOLBins
反射堆栈调用检测与规避
https://securityintelligence.com/x-force/reflective-call-stack-detections-evasions/
规避内存扫描的.net程序集混淆技术
https://www.r-tec.net/r-tec-blog-net-assembly-obfuscation-for-memory-scanner-evasion.html
绕过Windows 10内置通用EDR
https://www.riskinsight-wavestone.com/en/2023/10/a-universal-edr-bypass-built-in-windows-10/
漏洞相关
CVE-2023-29357:Windows SharePoint Server特权提升漏洞EXP
https://github.com/Chocapikk/CVE-2023-29357
CVE-2023-36802:Microsoft mskssrv.sys权限提升漏洞
https://securityintelligence.com/x-force/critically-close-to-zero-day-exploiting-microsoft-kernel-streaming-service/
https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2023/CVE-2023-36802.html
CVE-2023-32364:MacOS APP沙盒逃逸漏洞EXP
https://github.com/gergelykalman/CVE-2023-32364-macos-app-sandbox-escape
MacOS NSService漏洞允许绕过TCC
https://moonlock.com/nsservices-macos
MacOS应用权限劫持漏洞
https://blog.xpnsec.com/dirtynib/
CVE-2023-4911:Linux GUN C语言库动态加载器缓冲区溢出漏洞
https://www.picussecurity.com/resource/blog/cve-2023-4911-looney-tunables-local-privilege-escalation-vulnerability
CVE-2023-4911:glbic ld.so文件本地提权漏洞
https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt
CVE-2023-43641:libcue 1-click远程代码执行漏洞
https://github.blog/2023-10-09-coordinated-disclosure-1-click-rce-on-gnome-cve-2023-43641/
某国内安全厂商防火墙未授权漏洞
https://labs.watchtowr.com/yet-more-unauth-remote-command-execution-vulns-in-firewalls-sangfor-edition/
利用Cloudflare绕过Cloudflare
https://certitude.consulting/blog/en/using-cloudflare-to-bypass-cloudflare/
云安全
基于SQL Server实现云上横向移动
https://www.microsoft.com/en-us/security/blog/2023/10/03/defending-new-vectors-threat-actors-attempt-sql-server-to-cloud-lateral-movement/
使用eBPF实现安全监控存在的问题与解决方案
https://blog.trailofbits.com/2023/09/25/pitfalls-of-relying-on-ebpf-for-security-monitoring-and-some-solutions/
其他
通过遏制失陷的用户帐户自动中断人为攻击
https://www.microsoft.com/en-us/security/blog/2023/10/11/automatic-disruption-of-human-operated-attacks-through-containment-of-compromised-user-accounts/
dangerzone:将潜在的危险PDF、文档或图片转换为安全的
https://github.com/freedomofpress/dangerzone
关于基于硬件图像数据压缩的侧信道影响
https://www.hertzbleed.com/gpu.zip/GPU-zip.pdf
M01N Team公众号
聚焦高级攻防对抗热点技术
绿盟科技蓝军技术研究战队
官方攻防交流群
网络安全一手资讯
攻防技术答疑解惑
扫码加好友即可拉群
往期推荐
原文始发于微信公众号(M01N Team):每周蓝军技术推送(2023.10.7-10.13)
