内网渗透
通过微软Github存储库的Self-hosted Runner漏洞攻陷微软AD域服务器
https://johnstawinski.com/2024/04/15/fixing-typos-and-breaching-microsofts-perimeter/
LSA Whisperer:Windows身份验证包攻击工具,从 LSASS 获取凭证而不访问其内存
https://posts.specterops.io/lsa-whisperer-20874277ea3b
https://github.com/EvanMcBroom/lsa-whisperer
终端对抗
适用于Windows的编译时C程序混淆头文件
https://github.com/DosX-dev/obfus.h
LetMeowIn: 具备EDR Bypass与反检测特性的Windows 凭据转储工具
https://github.com/Meowmycks/LetMeowIn
PasteBomb:用 Go 创建的PasteBin C2 僵尸网络概念验证项目
https://github.com/marco-liberale/PasteBomb
pyMetaTwin:适配非Windows的PE文件元数据复制工具
https://github.com/Cerbersec/pyMetaTwin
Windows 事件跟踪 (ETW) patch 防御削弱技术分析
https://jsecurity101.medium.com/understanding-etw-patching-9f5af87f9d7b
滥用微软开发隧道实现C2通信
https://redsiege.com/blog/2024/04/using-microsoft-dev-tunnels-for-c2-redirection/
利用C2 API 实现从 Mythic 中远程控制 Sliver木马
https://github.com/MythicAgents/sliver/blob/main/blog/blog.md
WAREED-DNS-C2:利用DNS协议进行通信的前锋C2
https://github.com/Faisal-P27/WAREED-DNS-C2
Redline窃密器新变体分析
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/redline-stealer-a-novel-approach/
漏洞相关
CVE-2024-2961:glibc写入转义序列时的越界写漏洞,可通过PHP进行利用
https://www.openwall.com/lists/oss-security/2024/04/18/4
https://twitter.com/oss_security/status/1781002176589897854
CVE-2024-21338:适用Win10/Win11的内核提权漏洞分析与LPE POC
https://hakaisecurity.io/cve-2024-21338-from-admin-to-kernel-through-token-manipulation-and-windows-kernel-exploitation/research-blog/
https://github.com/Nero22k/Exploits/tree/main/Windows/CVE-2024-21338
https://github.com/hakaioffsec/CVE-2024-21338
串联nday漏洞攻陷系统系列:构成虚拟机逃逸链的CVE-2023-29360 驱动本地提权漏洞
https://blog.theori.io/chaining-n-days-to-compromise-all-part-3-windows-driver-lpe-medium-to-system-12f7821d97bb
CVE-2024-26230:Windows telephony 服务UAF提权漏洞利用分析
https://whereisk0shl.top/post/a-trick-the-story-of-cve-2024-26230
CVE-2024-20697:Windows Libarchive 远程代码执行漏洞分析
https://www.zerodayinitiative.com/blog/2024/4/17/cve-2024-20697-windows-libarchive-remote-code-execution-vulnerability
Windows注册表机制剖析与攻击面分析系列
https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-1.html
https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-2.html
CVE-2023-35628:微软Outlook零点击 RCE漏洞分析
https://www.akamai.com/blog/security-research/critical-vulnerability-create-uri-remote-code-execution
CVE-2024-3832:在运行时破坏Chrome jsobject 的新方法
https://twitter.com/buptdsb/status/1780950890792550585
https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_16.html
CVE-2024-3400:被用于在野攻击Palo Alto SSLVPN漏洞分析
https://labs.watchtowr.com/palo-alto-putting-the-protecc-in-globalprotect-cve-2024-3400/
微软采用 CWE(常见弱点枚举行业标准)发布Microsoft CVE漏洞信息
https://msrc.microsoft.com/blog/2024/04/toward-greater-transparency-adopting-the-cwe-standard-for-microsoft-cves/
云安全
Amazon CloudFront 宣布支持 Lambda 函数 URL 源的源访问控制 (OAC)
https://aws.amazon.com/cn/about-aws/whats-new/2024/04/amazon-cloudfront-oac-lambda-function-url-origins/
ActionsTOCTOU:GitHub Actions 检查时间到使用时间的示例存储库(TOCTOU 漏洞)
https://github.com/AdnaneKhan/ActionsTOCTOU
社工钓鱼
借助Cloudflare Turnstile 反机器人产品保护钓鱼基础设施
https://fin3ss3g0d.net/index.php/2024/04/08/evilgophishs-approach-to-advanced-bot-detection-with-cloudflare-turnstile/
攻击者滥用Twitter的域名替换特性伪装可信URL进行网站钓鱼
https://krebsonsecurity.com/2024/04/twitters-clumsy-pivot-to-x-com-is-a-gift-to-phishers/
AWS访问漏洞分析,不正确的角色信任策略评估而获得未经授权的帐户访问
https://www.stedi.com/blog/stedi-discovered-an-aws-access-vulnerability
人工智能和安全
Microsoft 如何发现并缓解针对 AI 围栏不断演变的攻击
https://www.microsoft.com/en-us/security/blog/2024/04/11/how-microsoft-discovers-and-mitigates-evolving-attacks-against-ai-guardrails/
JailbreakLens:针对大型语言模型的越狱攻击可视化分析
https://arxiv.org/abs/2404.08793
ps-fuzz:交互式GenAI应用安全Prompt评估工具
https://github.com/prompt-security/ps-fuzz
MLCommons 发布 AI Safety 基准 0.5
https://mlcommons.org/2024/04/mlc-aisafety-v0-5-poc/
Garak – 生成式 AI 红队工具
https://wiki.hego.tech/llm-security/garak-a-generative-ai-red-teaming-tool
其他
AttackGen:使用LLM生成威胁参与者攻击事件场景,辅助攻击模拟与应急检测
https://github.com/mrwadams/attackgen
BinSym:使用指令语义的形式描述的二进制级符号执行框架
https://arxiv.org/abs/2404.04132
使用 Capstone Disassembler 和 Unicorn 解析堆栈字符串
https://www.0ffset.net/reverse-engineering/capstone-resolving-stack-strings/
加深政府合作,谷歌公共部门获得美国政府绝密和秘密云授权
https://cloud.google.com/blog/topics/public-sector/google-public-sector-achieves-top-secret-and-secret-cloud-authorization?hl=en
M01N Team公众号
聚焦高级攻防对抗热点技术
绿盟科技蓝军技术研究战队
官方攻防交流群
网络安全一手资讯
攻防技术答疑解惑
扫码加好友即可拉群
往期推荐
原文始发于微信公众号(M01N Team):每周蓝军技术推送(2024.4.13-4.19)