终端对抗
dirDevil:在文件夹结构中隐藏代码和内容
https://trustedsec.com/blog/dirdevil-hiding-code-and-content-within-folder-structures
在VBA宏中可靠地覆盖RWX内存实现更稳定代码劫持
https://adepts.of0x.cc/vba-rwx-addendum/
https://adepts.of0x.cc/vba-hijack-pointers-rwa/
40+43+74 种权限提升方法集合(Linux/Windows/macOS)
https://github.com/HadessCS/Awesome-Privilege-Escalation
借助注册表打印功能绕过EDR获取Windows启动密钥
https://sensepost.com/blog/2024/dumping-lsa-secrets-a-story-about-task-decorrelation/
使用自定义内核回调禁用EDR
https://www.alteredsecurity.com/post/when-the-hunter-becomes-the-hunted-using-custom-callbacks-to-disable-edrs
删除WFP监控滤网致盲EDR流量层检测
https://mp.weixin.qq.com/s/KjUcZKyS78QhVCDzjAvU9g
探索恶意软件中编译 V8 JAVASCRIPT 的使用情况
https://research.checkpoint.com/2024/exploring-compiled-v8-javascript-usage-in-malware/
漏洞相关
CVE-2024-38112:构造特殊.url文件触发RCE,已被在野利用
https://research.checkpoint.com/2024/resurrecting-internet-explorer-threat-actors-using-zero-day-tricks-in-internet-shortcut-file-to-lure-victims-cve-2024-38112/
CVE-2024-38094/CVE-2024-38024/CVE-2024-38023:微软SharePoint RCE漏洞POC
https://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC
CVE-2024-38021:微软Outlook Moniker零点击RCE漏洞
https://blog.morphisec.com/cve-2024-38021-microsoft-outlook-moniker-rce-vulnerability
CVE-2024-37081:Vmware vCenter RCE漏洞POC
https://github.com/Mr-r00t11/CVE-2024-37081
Evernote客户端全平台RCE分析
https://0reg.dev/blog/evernote-rce
False File Immutability:Elastic提出的新Window漏洞类型及攻击面分析
https://www.elastic.co/security-labs/false-file-immutability
云安全
微软AzureAD Graph API攻击面分析
https://github.com/mdsecresearch/Publications/blob/master/presentations/MDSec%20-%20Now%20youre%20not%20thinking%20with%20portals.pdf
azurehound-queries:适用于微软Azure的BloodHound查询
https://github.com/emiliensocchi/azurehound-queries
人工智能和安全
Uber的GenAI 网关创新实践
https://www.uber.com/en-HK/blog/genai-gateway/
LLM 安全性:使用自动化工具进行漏洞扫描
https://www.linkedin.com/pulse/llm-security-using-automated-tools-vulnerability-scans-rutam-bhagat-zailc/
MARKLLM:用于 LLM 水印的开源工具包
https://www.unite.ai/markllm-an-open-source-toolkit-for-llm-watermarking/
社工钓鱼
绕过安全电子邮件网关的链接爬虫
https://posts.specterops.io/like-shooting-phish-in-a-barrel-926c1905bb4b
其他
近期SSH RCE漏洞POC投毒恶意代码分析
https://santandersecurityresearch.github.io/blog/sshing_the_masses.html
运维工具Puppet的模块仓库Github Actions CI/CD配置错误,允许恶意模块上传
https://adnanthekhan.com/2024/07/02/roguepuppet-a-critical-puppet-forge-supply-chain-vulnerability/
检测 Entra ID 中的横向移动:跨租户同步
https://www.xintra.org/blog/lateral-movement-entraid-cross-tenant-synchronization
SnailLoad:借助网络延迟泄露用户行为的侧信道攻击
https://www.snailload.com/
SpecterOps SO-CON 2024会议视频
https://www.youtube.com/playlist?list=PLJK0fZNGiFU_Zh8PkjCws_Rw_8WdWKyd7
M01N Team公众号
聚焦高级攻防对抗热点技术
绿盟科技蓝军技术研究战队
官方攻防交流群
网络安全一手资讯
攻防技术答疑解惑
扫码加好友即可拉群
往期推荐
原文始发于微信公众号(M01N Team):每周蓝军技术推送(2024.7.6-7.12)