内网渗透
pssrecon:执行SCCM侦察枚举主站点服务器 (PSS) 或分发点 (DP)
https://github.com/slygoo/pssrecon
EKUwu:AD CS ESC15 证书模板漏洞导致任意应用程序策略添加
https://trustedsec.com/blog/ekuwu-not-just-another-ad-cs-esc
Sharelord:创建网络共享、设置目录ACE条目及设置权限共享的C#源码
https://github.com/NocteDefensor/Sharelord
终端对抗
Proxll:代理DLL生成工具
https://github.com/Krypteria/Proxll
Voidmaw:新型内存扫描绕过技术
https://github.com/vxCrypt0r/Voidmaw
LsassReflectDumping:基于进程克隆的Lsass.exe凭据转储工具
https://github.com/Offensive-Panda/LsassReflectDumping
Early Cascade Injection:有效对抗EDR内存检测的新型注入技术
https://www.outflank.nl/blog/2024/10/15/introducing-early-cascade-injection-from-windows-process-creation-to-stealthy-injection/
DEFCON32议题视频-Windows更新降级攻击
https://www.youtube.com/watch?v=HHmxuxQ7bE8
Project-Lost:Living Off Security Tools安全产品命令滥用集合
https://0xanalyst.github.io/Project-Lost/
Windows 恶意软件中持久性技术的动态检测和分类
https://essay.utwente.nl/94945/1/van%20Nielen_MA_EEMCS.pdf
漏洞相关
CVE-2024-40431+CVE-2022-25479:权限提升漏洞利用链POC
https://github.com/SpiralBL0CK/CVE-2024-40431-CVE-2022-25479-EOP-CHAIN/
CVE-2024-35250:Windows ks.sys 驱动程序不受信任指针取消引用漏洞POC
https://github.com/varwara/CVE-2024-35250
https://devco.re/blog/2024/08/23/streaming-vulnerabilities-from-windows-kernel-proxying-to-kernel-part1-en/
CVE-2024-38178:Microsoft 浏览器JScript9内存破坏在野0day利用分析
https://asec.ahnlab.com/ko/83876/
https://image.ahnlab.com/atip/content/file/20241015/(%EC%A0%84%EC%B2%B4%EB%B3%B8)%EA%B3%B5%EA%B0%9C%EB%B3%B4%EA%B3%A0%EC%84%9C-OperationCodeonToast.pdf
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38178
CVE-2024-9465:Palo Alto Expedition 未授权SQL注入漏洞POC
https://github.com/horizon3ai/CVE-2024-9465
CVE-2024-37404:Ivanti Connect Secure认证后RCE漏洞分析
https://blog.amberwolf.com/blog/2024/october/cve-2024-37404-ivanti-connect-secure-authenticated-rce-via-openssl-crlf-injection/
CVE-2024-23113:Fortinet FortiGate 格式化字符串漏洞可利用性研究
https://labs.watchtowr.com/fortinet-fortigate-cve-2024-23113-a-super-complex-vulnerability-in-a-super-secure-appliance-in-2024/
云安全
枚举时绕过用户同意工作流的 Azure 管理员批准模式
https://pgj11.com/posts/Bypass-Azure-Admin-Approval-Mode-Enumeration/
在 Entra ID 令牌中发布自定义安全属性
https://goodworkaround.com/2024/10/14/issuing-custom-security-attributes-in-entra-id-tokens/
Google Cloud 负载均衡器P2错误路由问题分析
https://medmahmoudi.com/projects/how-i-found-a-p2-misrouting-issue-affecting-all-google-cloud-load-balancers
由云端至终端,利用BloodHound将混合攻击路径从本地AD映射到Azure Entra ID
https://www.youtube.com/watch?v=6P0NqCMt_bA
人工智能和安全
Imprompter:欺骗LLM代理不当使用工具提取个人信息
https://imprompter.ai/
https://imprompter.ai/paper.pdf
AdvBDGen:针对LLM对齐的对抗性强化提示特定模糊后门生成器
https://arxiv.org/abs/2410.11283
Unicode字符隐形字符对AI聊天机器人的安全风险
https://arstechnica.com/security/2024/10/ai-chatbots-can-read-and-write-invisible-text-creating-an-ideal-covert-channel/
LLM护栏技术介绍及测试靶场
https://blog.ml6.eu/practicalities-of-llm-guardrails-a-demo-by-ml6-c0372613eca1
https://huggingface.co/spaces/ml6team/secret-agent-guardrail-challenge
网络安全中的人工智能模型,从误用到滥用
https://www.securityweek.com/ai-models-in-cybersecurity-from-misuse-to-abuse/
其他
Elastic发布近百个适用于 Windows、MacOS、云等的新威胁搜寻内容
https://github.com/elastic/detection-rules/tree/main/hunting
以USB设备为载体的LNK恶意软件攻击技术与取证分析
https://securitymaven.medium.com/when-usbs-attack-exploring-the-underbelly-of-malicious-lnk-files-f536d5dbc753
orc2timeline:由DFIR-ORC.exe取证工具输出绘制时间线
https://github.com/ANSSI-FR/orc2timeline
openvmm:Microsoft开源基于Rust的跨平台虚拟机层
https://github.com/microsoft/openvmm
https://openvmm.dev/
M01N Team公众号
聚焦高级攻防对抗热点技术
绿盟科技蓝军技术研究战队
官方攻防交流群
网络安全一手资讯
攻防技术答疑解惑
扫码加好友即可拉群
往期推荐
原文始发于微信公众号(M01N Team):每周蓝军技术推送(2024.10.12-10.18)
