Java 日志框架 Apache Log4j2 远程代码执行漏洞通告
https://mp.weixin.qq.com/s/yck74F9p9QhVw_3ykzVoSg
CVE-2021-28449: 该漏洞可以被攻击者利用Microsoft Excel生成一份微软签名的恶意钓鱼文档,从而加载任意代码
https://outflank.nl/blog/2021/12/09/a-phishing-document-signed-by-microsoft/
Windows 10 URL处理器远程代码执行漏洞
https://positive.security/blog/ms-officecmd-rce
CVE-2021-34535:Windows Remote Desktop客户端RCE漏洞分析
https://www.synack.com/blog/this-microsoft-windows-rce-vulnerability-gives-an-attacker-complete-control/
CVE-2021-43798:开源网络管理平台 Grafana 任意文件读漏洞分析
https://github.com/jas502n/Grafana-CVE-2021-43798
AWS以及多个云厂商USB over Ethernet插件漏洞
https://www.sentinelone.com/labs/usb-over-ethernet-multiple-privilege-escalation-vulnerabilities-in-aws-and-other-major-cloud-services/
微软和 GitHub 的 OAuth 2.0 实现存在问题,可被利用实现重定向攻击,绕过钓鱼检测和邮件安全策略
https://www.proofpoint.com/us/blog/cloud-security/microsoft-and-github-oauth-implementation-vulnerabilities-lead-redirection
Springboot > 2.2.6认证绕过漏洞
https://twitter.com/0xsapra/status/1468551562712682499
滥用x-orginal-url头导致认证绕过
https://xvnpw.github.io/posts/hunting_for_buggy_authentication_authorization_services_on_github/
通过AD协助管理工具Adaxes的Web端,攻陷主机(供应链攻击)
https://medium.com/manomano-tech/finding-zero-day-vulnerabilities-in-the-supply-chain-28afa43b0f6e
基于时间的SQL注入到RCE,并二次绕过补丁
https://jmrcsnchz.medium.com/how-i-escalated-a-time-based-sql-injection-to-rce-bbf0d68cb398
谷歌AppSheet SSRF挖掘过程
https://nechudav.blogspot.com/2021/12/ssrf-vulnerability-in-appsheet-google.html
通过修改广告拦截器的CSS列表,抓取密码
https://portswigger.net/research/ublock-i-exfiltrate-exploiting-ad-blockers-with-css
创建IFilters DLL利用索引服务实现Windows权限维持
https://github.com/gtworek/PSBits/tree/master/IFilter
EDRSandBlast:利用有漏洞的签名驱动对抗EDR检测(内核回调,ETW,Unhook),绕过LSASS保护获取凭据
https://github.com/wavestone-cdt/EdrSandblast
JAVA反序列化之C3P0不出网利用
https://github.com/vxunderground/VXUG-Papers/tree/main/Stealthily%20Creating%20Processes
Seclogon分析:滥用泄漏句柄dump LSASS获取凭据
https://splintercod3.blogspot.com/p/the-hidden-side-of-seclogon-part-2.html
Process Ghosting免杀技术及检测
https://pentestlaboratories.com/2021/12/08/process-ghosting/
Linux隐匿技术:通过反射加载和匿名文件执行代码
https://medium.com/confluera-engineering/reflective-code-loading-in-linux-a-new-defense-evasion-technique-in-mitre-att-ck-v10-da7da34ed301
Rodan:移动通信技术渗透框架
https://github.com/Etisalat-Egypt/Rodan
Pwn2Own Vancouver 2021 比赛中 V8 漏洞的分析和利用
https://www.zerodayinitiative.com/blog/2021/12/6/two-birds-with-one-stone-an-introduction-to-v8-and-jit-exploitation
Pwn2Own Vancouver 2021 比赛中 Chrome CVE-2021-21220 漏洞的分析 Part 2
https://www.zerodayinitiative.com/blog/2021/12/8/understanding-the-root-cause-of-cve-2021-21220-a-chrome-bug-from-pwn2own-2021
M01N Team
聚焦高级攻防对抗热点技术
绿盟科技蓝军技术研究战队
原文始发于微信公众号(M01N Team):每周蓝军技术推送(2021.12.4-12.10)