Web安全
绕过PHP noexec策略限制执行任意二进制文件
https://iq.thc.org/bypassing-noexec-and-executing-arbitrary-binaries
内网渗透
PARAnoia:通过物理访问攻击加入域的计算机
https://www.fitretech.com/blog/paranoia
KrbRelay-SMBServer:充当SMB服务器的krbrelay 版本,以中继到CIFS或HTTP
https://github.com/decoder-it/KrbRelay-SMBServer
终端对抗
noldr:动态隐蔽解析DLL函数的Rust库
https://github.com/Teach2Breach/noldr
dll-proxy-generator:代理劫持DLL生成工具
https://github.com/namazso/dll-proxy-generator
从零开始构建Dotnet 源代码生成器
https://posts.specterops.io/dotnet-source-generators-in-2024-part-1-getting-started-76d619b633f5
RustiveDump:基于rust仅使用NTAPI转储lsass.exe进程
https://github.com/safedv/RustiveDump
EDRenum-BOF:识别常见EDR进程/目录和服务
https://github.com/mlcsec/EDRenum-BOF
SharpExclusionFinder:低用户权限获取WinDefender排除目录
https://github.com/Friends-Security/SharpExclusionFinder
深度了解”VirtualAlloc免杀”背后的技术
https://mp.weixin.qq.com/s/cSZTzVSbUExF9A-7TsmWvw
深度了解”核晶“的工作原理并且手动实现一个自己的”核晶”
https://mp.weixin.qq.com/s/PVIkx0FDnZzo5idM3-NSSg
漏洞相关
CVE-2024-45409:GitLab ruby-saml库身份验证绕过漏洞分析
https://blog.projectdiscovery.io/ruby-saml-gitlab-auth-bypass/
借助DNS欺骗等技术绕过PrintNightmare漏洞缓解
https://itm4n.github.io/printnightmare-not-over/
CVE-2024-7479&CVE-2024-7481:TeamViewer提权漏洞挖掘及POC
https://github.com/PeterGabaldon/CVE-2024-7479_CVE-2024-7481
https://pgj11.com/posts/Finding-TeamViewer-0days-Part-1/
https://pgj11.com/posts/Finding-TeamViewer-0days-Part-2/
https://pgj11.com/posts/Finding-TeamViewer-0days-Part-3/
CVE-2024-44193:Windows ITunes客户端权限提升漏洞POC
https://github.com/mbog14/CVE-2024-44193
CVE-2024-20696:Windows Libarchive RCE漏洞补丁分析
https://clearbluejar.github.io/posts/patch-tuesday-diffing-cve-2024-20696-windows-libarchive-rce/
SockFuzzer:内核Fuzzing工具框架
https://github.com/googleprojectzero/SockFuzzer
CVE-2024-5910:Pal Alto 管理员凭据重置漏洞及衍生漏洞
https://www.horizon3.ai/attack-research/palo-alto-expedition-from-n-day-to-full-compromise/
CVE-2024-9464:Palo Alto Expedition认证命令注入漏洞POC
https://github.com/horizon3ai/CVE-2024-9464
云安全
基于基本身份认证时间的Azure用户枚举方法
https://trustedsec.com/blog/kicking-it-old-school-with-time-based-enumeration-in-azure
Halberd:支持多个云平台的安全评估测试工具
https://www.vectra.ai/blog/halberd-the-open-source-tool-democratizing-multi-cloud-security-testing
https://github.com/vectra-ai-research/Halberd
人工智能和安全
Agent Security Bench (ASB): 针对LLM Agent攻击和防御的基准和评估
https://arxiv.org/pdf/2410.02644
https://github.com/agiresearch/ASB
《大语言模型LLM的安全和审计》
https://speakerdeck.com/jmortega/security-and-auditing-tools-in-large-language-models-llm
针对云提供商GenAI基础设施的LLM劫持攻击
https://permiso.io/blog/exploiting-hosted-models
OpenAI 阻止了 20 起利用人工智能进行网络犯罪和虚假信息的全球恶意活动
https://openai.com/global-affairs/an-update-on-disrupting-deceptive-uses-of-ai/
社工钓鱼
合法文件托管服务被滥用于身份网络钓鱼
https://www.microsoft.com/en-us/security/blog/2024/10/08/file-hosting-services-misused-for-identity-phishing/
其他
Elastic发布2024全球威胁报告
https://www.elastic.co/pdf/elastic-global-threat-report-2024
WhoYouCalling:记录可执行程序网络请求到pcap包
https://github.com/H4NM/WhoYouCalling
ax:在云环境快速部署攻击基础设施
https://ax.attacksurge.com/
https://github.com/attacksurge/ax
狩猎针对微软365的密码喷射攻击
https://www.huntress.com/blog/hunting-for-m365-password-spraying
M01N Team公众号
聚焦高级攻防对抗热点技术
绿盟科技蓝军技术研究战队
官方攻防交流群
网络安全一手资讯
攻防技术答疑解惑
扫码加好友即可拉群
往期推荐
原文始发于微信公众号(M01N Team):每周蓝军技术推送(2024.9.28-10.11)
