内网渗透
hackshell:Linux Shell攻击辅助脚本,集成无文件执行、无日志特性
https://github.com/hackerschoice/hackshell
wush:借助WireGuard跨主机传输文件
https://github.com/coder/wush
终端对抗
示例Shellcode代码集合
https://shell-storm.org/shellcode/index.html
Limoncello:基于LLVM的代码混淆工具
https://github.com/jonpalmisc/limoncello
Windows 11下的可劫持Phantom DLL lolbins
https://www.hexacorn.com/blog/2024/09/03/rundll32-and-phantom-dll-lolbins/
重新审视UDRL第3部分:Beacon用户数据
https://www.cobaltstrike.com/blog/revisiting-the-udrl-part-3-beacon-user-data
直接系统调用技术原理介绍
https://redops.at/en/blog/direct-syscalls-a-journey-from-high-to-low
Dump具有PPL保护的LSASS进程内存
https://blog.scrt.ch/2024/09/02/ghost-in-the-ppl-part-3-lsass-memory-dump/
通过杀软 avast 及 no-defender 工具分析 Windows 防护机制
https://mp.weixin.qq.com/s/w_om7lX3czwNT0iohtF1AQ
伪造argv[0]绕过终端安全软件检测
https://www.wietzebeukema.nl/blog/why-bother-with-argv0
NamedPipeMaster:分析与监控Windows命名管道
https://github.com/zeze-zeze/NamedPipeMaster
enumhandles_BOF:枚举打开特定文件句柄的进程
https://github.com/Octoberfest7/enumhandles_BOF
滥用BPF绕过 Linux 内核隔离技术
https://cs.brown.edu/~vpk/papers/epf.atc23.pdf
漏洞相关
CVE-2024-5274:Chrome v8 类型混淆远程代码执行漏洞
https://github.com/mistymntncop/CVE-2024-5274
CVE-2024-43044:Jenkins任意文件读取漏洞
https://blog.convisoappsec.com/en/analysis-of-cve-2024-43044/
https://github.com/convisolabs/CVE-2024-43044-jenkins
Intel软件防护扩展SGX (TEE)漏洞分析
https://x.com/PratyushRT/status/1828183761055330373
CVE-2024-38063:Windows内核远程代码执行漏洞分析
https://bi-zone.medium.com/breaking-down-cve-2024-38063-remote-exploitation-of-the-windows-kernel-bdae36f5f61d
CVE-2024-38106:Windows内核本地权限提升漏洞补丁分析
https://www.pixiepointsecurity.com/blog/nday-cve-2024-38106/
近两年Windows CLFS在野漏洞利用捕获分析
https://www.youtube.com/watch?v=tOwSet1RVkU
https://github.com/jq0904/Conference-Presentations
CLFS通用日志文件系统安全措施更新,多项漏洞利用缓解
https://techcommunity.microsoft.com/t5/security-compliance-and-identity/security-mitigation-for-the-common-log-filesystem-clfs/ba-p/4224041#
滥用任意文件删除进行权限升级,更新Win11可用稳定PoC
https://www.zerodayinitiative.com/blog/2022/3/16/abusing-arbitrary-file-deletes-to-escalate-privilege-and-other-great-tricks
高级攻击者以及商业监控供应商反复使用相同的漏洞
https://blog.google/threat-analysis-group/state-backed-attackers-and-commercial-surveillance-vendors-repeatedly-use-the-same-exploits/
云安全
Github Actions漏洞常见攻击路径图
https://github.com/jstawinski/GitHub-Actions-Attack-Diagram
探究AWS凭据不同渠道泄露后果差异
https://cybenari.com/2024/08/whats-the-worst-place-to-leave-your-secrets/
人工智能和安全
微软Azure AI 内容安全解决方案上线Prompt Shields功能
https://techcommunity.microsoft.com/t5/ai-azure-ai-services-blog/general-availability-of-prompt-shields-in-azure-ai-content/
LLMSecCode:评估大型语言模型的安全编码能力
https://arxiv.org/abs/2408.16100
Promptfoo:针对LLMs的红队、渗透测试和漏洞扫描
https://github.com/promptfoo/promptfoo
https://www.promptfoo.dev/
通过LLMs增强源代码安全性
https://arxiv.org/abs/2409.00571
其他
Red-Infra-Craft:红队攻击基础设施自动化部署
https://github.com/RedTeamOperations/Red-Infra-Craft/
电子犯罪的EV代码签名市场揭秘
https://www.intrinsec.com/wp-content/uploads/2024/08/TLP-CLEAR-20240828-The-EV-Signature-Market-EN.pdf
Linux与Windows上的遥测比较分析
https://kostas-ts.medium.com/telemetry-on-linux-vs-windows-a-comparative-analysis-849f6b43ef8e
威胁检测工程及产品发展历史与预测
https://wirespeed.co/posts/where-do-detections-come-from
EDRmetry:Linux EDR/SIEM有效评估测试手册
https://edu.defensive-security.com/edrmetry-effective-linux-edr-xdr-evaluation-testing-playbook
beetracer:基于eBPF编写系统调用跟踪程序
https://sh4dy.com/2024/08/03/beetracer/
HexForge:增强字节修复与快速解密的IDA插件
https://github.com/elastic/HexForge
M01N Team公众号
聚焦高级攻防对抗热点技术
绿盟科技蓝军技术研究战队
官方攻防交流群
网络安全一手资讯
攻防技术答疑解惑
扫码加好友即可拉群
往期推荐
原文始发于微信公众号(M01N Team):每周蓝军技术推送(2024.8.31-9.6)