web安全
在Java应用中注入内存载荷以支撑后渗透攻击
https://www.synacktiv.com/publications/injecting-java-in-memory-payloads-for-post-exploitation
内网渗透
Hunt:支持在文件共享中跨文件关键词检索的Word VBS宏
https://github.com/myexploit/Hunt
fragtunnel:绕过下一代防火墙的TCP流量隧道工具
https://github.com/efeali/fragtunnel
终端对抗
pdfdropper:在PDF文件中注入恶意JS代码上线木马
https://cti.monster/blog/2024/07/25/pdfdropper.html
https://github.com/0x6rss/pdfdropper
codeasm:将载荷编码为汇编代码以降低熵值
https://github.com/NVISOsecurity/codasm
滥用线程描述API实现进程注入
https://research.checkpoint.com/2024/thread-name-calling-using-thread-name-for-offense/
edr_blocker:借助ARP欺骗中间人攻击致盲EDR遥测
https://github.com/TierZeroSecurity/edr_blocker
https://tierzerosecurity.co.nz/2024/07/23/edr-telemetry-blocker.html
ZeroHVCI:无需管理员权限与驱动绕过内核HVCI保护
https://github.com/zer0condition/ZeroHVCI
PwnedBoot:借助Windows自带的bootloader绕过安全启动
https://github.com/SamuelTulach/PwnedBoot
漏洞
CVE-2024-39700:JupyterLab模板RCE漏洞
https://securityonline.info/cve-2024-39700-cvss-9-9-severe-flaw-in-jupyterlab-template-discovered/
在Alpine系统musl mallocng堆上开发CVE-2022-24834利用
https://research.nccgroup.com/2024/06/11/pumping-iron-on-the-musl-heap-real-world-cve-2022-24834-exploitation-on-an-alpine-mallocng-heap/
云安全
AWS Session 令牌内部结构分析
https://medium.com/@TalBeerySec/revealing-the-inner-structure-of-aws-session-tokens-a6c76469cba7
在动态WEB应用测试过程中捕获暴露的AWS密钥
https://www.praetorian.com/blog/capturing-exposed-aws-keys-during-dynamic-web-application-tests/
人工智能和安全
Meta发布Llama Guard 3、Prompt Guard、Code Shield、Cybersec Eval 3等大模型安全相关模型、套件和资源
https://llama.meta.com/trust-and-safety/
打破gpt-4o-mini中的“指令层次结构”安全措施
https://embracethered.com/blog/posts/2024/chatgpt-gpt-4o-mini-instruction-hierarchie-bypasses/
Google Colab AI图形渲染数据泄露攻击面分析
https://embracethered.com/blog/posts/2024/google-colab-image-render-exfil/
eyeballvul:基于LLM的漏洞检测基准测试工具
https://github.com/timothee-chauvin/eyeballvul
https://arxiv.org/abs/2407.08708
社工钓鱼
绕过WEB代理流量审计下载钓鱼载荷
https://posts.specterops.io/phish-out-of-water-aaeb677a5af3
Chrome浏览器引入新的警告系统,针对具备潜在危险的、密码保护的文件
https://security.googleblog.com/2024/07/building-security-into-redesigned.html
其他
攻击者安全准则,身份驱动的进攻性谍报技术与“清洁源准则”
https://posts.specterops.io/the-security-principle-every-attacker-needs-to-follow-905cc94ddfc6
数据科学WEB应用程序的攻击面与后渗透利用分析
https://www.riskinsight-wavestone.com/en/2024/07/datascience-for-redteam-extend-your-attack-surface/
探索金融系统大型机攻击向量
https://blog.nviso.eu/2024/07/16/punch-card-hacking-exploring-a-mainframe-attack-vector/
攻击VPN使用的连接跟踪框架,泄露匿名用户信息
https://petsymposium.org/popets/2024/popets-2024-0070.pdf
REx:检测规则浏览器项目
https://br0k3nlab.com/posts/2024/07/introducing-the-rex-rule-explorer-project/
狩猎WEB开放目录中的恶意软件、漏洞和勒索
https://censys.com/a-beginners-guide-to-hunting-open-directories/
M01N Team公众号
聚焦高级攻防对抗热点技术
绿盟科技蓝军技术研究战队
官方攻防交流群
网络安全一手资讯
攻防技术答疑解惑
扫码加好友即可拉群
往期推荐
原文始发于微信公众号(M01N Team):每周蓝军技术推送(2024.7.20-7.26)