WEB安全
CVE-2024-38856:Apache OFBiz错误授权RCE漏洞
https://github.com/0x20c/CVE-2024-38856-EXP
内网渗透
创建计划任务内执行的PSSession,绕过限制执行远程代码
PSSessionhttps://gist.github.com/jborean93/0952263a902b8008cda506752a2f0a49
VeilTransfer:数据渗出工具集,支持多种协议与第三方服务
https://github.com/infosecn1nja/VeilTransfer
终端对抗
Windows DLL 加载内部结构分析
https://github.com/OtterHacker/Conferences/tree/main/Defcon32
滥用VEH异常处理进行防御规避与进程注入
https://securityintelligence.com/x-force/using-veh-for-defense-evasion-process-injection/
高级恶意软件开发之RDI的进化
https://mp.weixin.qq.com/s/V4EdhGzyzxln0LzU99hqpA
非特权用户滥用Windows Defender排除项逃避检测
https://dazzyddos.github.io/posts/Abusing_Exclusions_To_Evade_Detection/
从驱动直接读写物理内存漏洞到内存加载驱动分析
https://key08.com/index.php/2024/08/18/2001.html
使用未记录Windows API创建自定义内核对象类型
https://scorpiosoftware.net/2024/08/25/creating-kernel-object-type-part-1/
rwgopack:Linux平台载荷打包器
https://github.com/dc401/rwgopack
USP:创建udev规则进行Linux权限维持
https://github.com/grahamhelton/USP
跨平台C2框架与内存对抗技术
https://mp.weixin.qq.com/s/YJ2-KlSHOS8k55damkGXbg
漏洞
CVE-2024-38063:Windows TCP/IP驱动零点击漏洞分析及POC
https://malwaretech.com/2024/08/exploiting-CVE-2024-38063.html
https://github.com/ynwarcs/CVE-2024-38063
CVE-2024-38054:Windows内核本地权限提升漏洞POC
https://github.com/Black-Frost/windows-learning/tree/main/CVE-2024-38054
CVE-2024-30089:Windows 11内核mskssrv.sys中的UAF漏洞
https://securityintelligence.com/x-force/little-bug-that-could/
分析Linux内核中非控制对象(仅数据)对象的可利用性
https://arxiv.org/pdf/2401.17618
揭秘 Mac 安全性,沙盒和 AppData TCC 的全面探索
https://imlzq.com/apple/macos/2024/08/24/Unveiling-Mac-Security-A-Comprehensive-Exploration-of-TCC-Sandboxing-and-App-Data-TCC.html
CVE-2024-37079:VMware vCenter整数溢出代码执行漏洞
https://www.zerodayinitiative.com/blog/2024/8/27/cve-2024-37079-vmware-vcenter-server-integer-underflow-code-execution-vulnerability
CVE-2024-5499:Chrome Stream API内存损坏漏洞POC
https://issues.chromium.org/issues/339877167
云安全
CAPs:枚举和报告 Entra 条件访问与错误配置
https://github.com/techBrandon/CAPs
SeamlessPass:利用本地AD Kerberos票据获取微软365服务访问令牌
https://github.com/Malcrove/SeamlessPass
人工智能和安全
BackdoorLLM:LLMs 后门攻击的综合基准测试
https://github.com/bboylyg/BackdoorLLM
https://arxiv.org/pdf/2408.12798
多个AI开发阶段的Python Web框架存在NTLM凭证窃取漏洞
https://www.horizon3.ai/attack-research/disclosures/ntlm-credential-theft-in-python-windows-applications/
社工钓鱼
攻击初始访问阶段面临挑战与规避技术
https://labs.jumpsec.com/adversary-at-the-door-initial-access-and-whats-currently-on-the-menu/
其他
KCon 2024议题材料
https://github.com/knownsec/KCon/tree/master/2024
使用Azure DNS重定向器和GoDaddy设置CobaltStrike DNS监听
https://redops.at/en/blog/cobalt-strike-dns-listener
C2基础设施自动化部署Workshop
https://github.com/Hacker-Hermanos/C2_INFRA_WORKSHOP_DEFCON32_RED_TEAM_VILLAGE
Windows Server 2025 和 Windows 11 中的 SMB 安全强化
https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-security-hardening-in-windows-server-2025-amp-windows-11/ba-p/4226591
解析C++异常元数据以恢复struct对象结构
https://www.msreverseengineering.com/blog/2024/8/20/c-unwind-metadata-1
M01N Team公众号
聚焦高级攻防对抗热点技术
绿盟科技蓝军技术研究战队
官方攻防交流群
网络安全一手资讯
攻防技术答疑解惑
扫码加好友即可拉群
往期推荐
原文始发于微信公众号(M01N Team):每周蓝军技术推送(2024.8.24-8.30)
