内网渗透
SeeSeeYouExec:通过 CcmExec 劫持 Windows 会话
https://cloud.google.com/blog/topics/threat-intelligence/windows-session-hijacking-via-ccmexec
Witchhammer:利用SoftEther VPN隧道进行Windows后渗透攻击
https://blog.exploit.org/witchhammer/
滥用DHCP管理员组身份进行域内提权
https://www.akamai.com/blog/security-research/abusing-dhcp-administrators-group-for-privilege-escalation-in-windows-domains
GOAD靶场项目添加SCCM/MECM实验环境
https://mayfly277.github.io/posts/SCCM-LAB-part0x0/
终端对抗
DynamicMSBuilder:支持C#项目随机属性/字符串替换的MSBuild任务
https://github.com/ZephrFish/DynamicMSBuilder
nimvoke:基于Nim语言实现间接系统调用与D/Invoke执行
https://github.com/nbaertsch/nimvoke
IoDllProxyLoad:武器化Windows线程池实现DLL代理加载POC
https://github.com/fin3ss3g0d/IoDllProxyLoad
https://fin3ss3g0d.net/index.php/2024/03/18/weaponizing-windows-thread-pool-apis-proxying-dll-loads/
perfect-dll-proxy:支持绝对路径的DLL代理劫持工具
https://github.com/mrexodia/perfect-dll-proxy
绕过基于CFG与ETW的内存扫描的新型规避技术
https://sillywa.re/posts/flower-da-flowin-shc
unKover:内存加载Windows内核驱动POC工具
https://github.com/eversinc33/unKover
https://eversinc33.com/posts/anti-anti-rootkit-part-i/
基于的Rust的Windows驱动开发:隐藏用户态可见进程
https://www.youtube.com/watch?v=YUU-HONCeY4
触发修复功能以普通用户权限禁用Cortex EDR
https://badoption.eu/blog/2024/03/23/cortex.html
在恶意文档中滥用WinSAT COM接口旁路实现反沙箱
https://twitter.com/Laughing_Mantis/status/1772425581507809421
bincapz:静态分析二进制操作能力与恶意行为检出
https://github.com/chainguard-dev/bincapz
Elastic基于10W+样本分析恶意软件行为趋势
https://www.elastic.co/security-labs/unveiling-malware-behavior-trends
漏洞相关
OpenVPN发布安全更新,包含多个提权、RCE漏洞修复
https://securityonline.info/openvpn-patches-serious-vulnerabilities-in-windows-installations/
CVE-2024-29937:BSD衍生系统NFS网络文件系统远程RCE漏洞
https://securityonline.info/cve-2024-29937-critical-nfs-vulnerability-exposes-bsd-systems-to-remote-code-execution/
GoFetch:影响众多Apple CPU加密实现的侧信道攻击方式
https://gofetch.fail/
内存安全语言和设计安全性:关键见解、经验教训
https://www.reversinglabs.com/blog/memory-safe-languages-and-secure-by-design-key-insights-and-lessons-learned
云安全
针对基于云的身份提供商的攻击手段研究
https://github.com/xpn/Presentations/blob/main/SOCON2024/IDP%20for%20RedTeamers.pdf
https://blog.xpnsec.com/identity-providers-redteamers/
CI/CD环境下的Pipeline污染执行(PPE)攻击
https://bishopfox.com/blog/poisoned-pipeline-attack-execution-a-look-at-ci-cd-environments
基于配置错误的第三方云电子邮件过滤服务绕过
https://sumanthvrao.github.io/papers/rao-www-2024.pdf
人工智能和安全
ChatGPT 模型重复令牌攻击的演变
https://dropbox.tech/machine-learning/bye-bye-bye-evolution-of-repeated-token-attacks-on-chatgpt-models
对人工智能助手的远程键盘记录攻击
https://blog.cloudflare.com/ai-side-channel-attack-mitigated
EasyJailbreak:越狱大型语言模型的统一框架
https://arxiv.org/abs/2403.12171
http://easyjailbreak.org/
SecGPT:一种通过隔离保护 LLM 应用程序的架构
https://arxiv.org/abs/2403.04960
绘制LLM安全格局:综合利益相关者风险评估提案
https://arxiv.org/abs/2403.13309
利用生成式AI进行渗透测试的研究
https://link.springer.com/article/10.1007/s10207-024-00835-x
LLMs通过越狱和adhoc方法协助应对CTF挑战和Cisco、CCIE等专业认证测试
https://arxiv.org/abs/2308.10443
HiddenLayer发布2024 AI威胁态势报告
https://hiddenlayer.com/threatreport2024/
其他
攻击者通过虚假的pypi软件包实施供应链攻击,受害者170k+
https://checkmarx.com/blog/over-170k-users-affected-by-attack-using-fake-python-infrastructure/
OpenTIDE:开放威胁知情检测工程
https://code.europa.eu/ec-digit-s2/opentide
STAR-FS:新的金融行业监管治理框架,包含威胁情报、渗透测试与SOC评估
https://www.mdsec.co.uk/2024/03/introducing-star-fs/
https://www.bankofengland.co.uk/financial-stability/operational-resilience-of-the-financial-sector
M01N Team公众号
聚焦高级攻防对抗热点技术
绿盟科技蓝军技术研究战队
官方攻防交流群
网络安全一手资讯
攻防技术答疑解惑
扫码加好友即可拉群
往期推荐
原文始发于微信公众号(M01N Team):每周蓝军技术推送(2024.3.23-3.29)