Web安全
BadDNS:子域接管检测及其他DNS安全性测试
https://blog.blacklanternsecurity.com/p/introducing-baddns
https://github.com/blacklanternsecurity/baddns
NGINX修复与HTTP/3有关的多个漏洞
https://securityonline.info/nginx-releases-security-updates-http-3-vulnerabilities-patched/
通过Suricata识别潜在Kerberos攻击流量
https://blog.exploit.org/caster-kerbhammer/
内网渗透
微软Exchange攻击路径挖掘与防御建议
https://posts.specterops.io/pwned-by-the-mail-carrier-0750edfad43b
SharpPersistSD:滥用安全描述符实现对远程计算机持久化
https://github.com/cybersectroll/SharpPersistSD
介绍五种不常见的NTLM中继攻击技术
https://www.guidepointsecurity.com/blog/beyond-the-basics-exploring-uncommon-ntlm-relay-attack-techniques/
SCCM攻击利用技术
https://swisskyrepo.github.io/InternalAllTheThings/active-directory/deployment-sccm/
JS-Tap WEB应用攻击工具2.0添加C2控制功能
https://trustedsec.com/blog/js-tap-mark-ii-now-with-c2-shenanigans
nmap-did-what:轻量级Nmap可视化面板
https://github.com/hackertarget/nmap-did-what
终端对抗
no-defender:借助逆向的WSC API禁用微软Defender与防火墙
https://github.com/es3n1n/no-defender
滥用SeRelabelPrivilege用户权限获取SYSTEM权限
https://decoder.cloud/2024/05/30/abusing-the-serelabelprivilege/
利用NtSystemDebugControl系统调用在Window11中注入PPL进程
https://blog.slowerzs.net/posts/pplsystem/
滥用Windows fork API实现不分配RWX内存注入OneDrive进程
https://github.com/Offensive-Panda/RWX_MEMEORY_HUNT_AND_INJECTION_DV
对Mockingjay 进程自注入技术的改进,消除了对带有RWX的可信DLL的依赖
https://github.com/thiagopeixoto/mystique-self-injection
Elastic开源规则添加对多步骤/分割进程注入的新检测
https://twitter.com/SBousseaden/status/1796230041384210480
https://github.com/elastic/protections-artifacts/commit/294605e71fadcd4b050721a9295fc2ade6281281#diff-87b10b92ba9aa8e5a0502e764d4edc2c8a580b411b2c11ca586b9e599920cfd0R8
SWAPPALA:内存特征检测规避新方案,包含硬件断点、Ekko ROP与内核对象枚举
https://oldboy21.github.io/posts/2024/05/swappala-why-change-when-you-can-hide/
https://github.com/oldboy21/SWAPPALA
C2植入物的新设计思路方式探究
https://medium.com/@sapientflow/finding-pastures-new-an-alternate-approach-for-implant-design-644611c526ca
ETWInspector:ETW提供程序枚举与日志收集工具
https://github.com/jsecurity101/ETWInspector
Linux系统中利用bind mount特性隐藏进程
https://dfir.ch/posts/slash-proc/
在野攻击者利用Foxit PDF阅读器设计缺陷实施攻击
https://research.checkpoint.com/2024/foxit-pdf-flawed-design-exploitation/
漏洞相关
CVE-2024-2961:利用GLIBC ICONV攻击PHP引擎漏洞利用POC
https://www.ambionics.io/blog/iconv-cve-2024-2961-p1
CVE-2024-32002:Git RCE漏洞分析及武器化POC
https://amalmurali.me/posts/git-rce/
https://github.com/amalmurali47/git_rce
CVE-2024-27804:Apple iOS设备内核越狱漏洞POC
https://github.com/R00tkitSMM/CVE-2024-27804
https://www.idownloadblog.com/2024/05/14/cve-2024-27804-no-jailbreak/
CVE-2024-27842:Apple macOS UDF内存破坏漏洞POC
https://github.com/wangtielei/POCs/blob/main/CVE-2024-27842/poc.m
CVE-2024-24919:CheckPoint SSL VPN任意文件读取漏洞挖掘思路分析
https://labs.watchtowr.com/check-point-wrong-check-point-cve-2024-24919/
CVE-2024-27130:QNAP QTS NAS系统未授权堆栈溢出RCE漏洞分析
https://labs.watchtowr.com/qnap-qts-qnapping-at-the-wheel-cve-2024-27130-and-friends/
云安全
规避EntraID/M365的令牌保护
https://rootsecdev.medium.com/evading-token-protection-for-entraid-m365-2024-edition-b0827407b6f5
人工智能和安全
滥用微软Copilot+Recall自动化窃密演示截图
https://cyberplace.social/@GossiTheDog/112531054138802168
https://twitter.com/GossiTheDog/status/1796218726808748367
Replicate AI服务商具有恶意模型RCE漏洞,并存在跨租户横向攻击风险
https://www.wiz.io/blog/wiz-research-discovers-critical-vulnerability-in-replicate
社工钓鱼
如何提升网络钓鱼成功率
https://posts.specterops.io/phish-sticks-hate-the-smell-love-the-taste-f4db9de888f7
其他
Squeege:利用OCR从RDP截图中提取潜在用户名密码
https://github.com/OOAFA/squeegee
通过早期样本中的图片和特征追踪威胁行为者
https://blog.virustotal.com/2024/05/tracking-threat-actors-using-images-and.html
M01N Team公众号
聚焦高级攻防对抗热点技术
绿盟科技蓝军技术研究战队
官方攻防交流群
网络安全一手资讯
攻防技术答疑解惑
扫码加好友即可拉群
往期推荐
原文始发于微信公众号(M01N Team):每周蓝军技术推送(2024.5.25-5.31)