内网渗透
SCCMVNC:修改SCCM远程控制设置实现图形化操控
https://www.netero1010-securitylab.com/red-team/abuse-sccm-remote-control-as-native-vnc
https://github.com/netero1010/SCCMVNC
终端对抗
EmbedPayloadInPng:在PNG图片中嵌入载荷
https://github.com/Maldev-Academy/EmbedPayloadInPng
AuthStager:带有身份认证的多阶段载荷
https://github.com/HulkOperator/AuthStager
Secure_Stager:执行前载荷校验的多阶段载荷
https://github.com/Octoberfest7/Secure_Stager
COM对象激活的陷阱,解决ICorPublish接口调用异常
https://sabotagesec.com/i-hate-you-com-pitfalls-of-com-object-activation/
TypeLibWalker:劫持TypeLib的持久化工具
https://cicada-8.medium.com/hijack-the-typelib-new-com-persistence-technique-32ae1d284661
https://github.com/CICADA8-Research/TypeLibWalker
利用.NET反序列化漏洞实现Specula C2后门植入
https://trustedsec.com/blog/spec-tac-ula-deserialization-deploying-specula-with-net
Defcon32-操纵Shim和Office进行代码注入
https://www.youtube.com/watch?v=-Z34ya4rb8A
滥用process hacker2进行持久化
https://www.youtube.com/watch?v=gW8v270HjxI
https://github.com/cocomelonc/hack-process-hacker2
LOLESXi:Living Off The Land ESXi,ESXi平台二进制滥用
https://lolesxi-project.github.io/LOLESXi
漏洞相关
CVE-2024-43532:远程注册服务特权提升漏洞利用分析及POC
https://www.akamai.com/blog/security-research/winreg-relay-vulnerability
https://github.com/akamai/akamai-security-research/tree/main/PoCs/cve-2024-43532
CVE-2024-47575:FortiManager 0day漏洞利用分析预警
https://cloud.google.com/blog/topics/threat-intelligence/fortimanager-zero-day-exploitation-cve-2024-47575
https://www.shadowserver.org/what-we-do/network-reporting/fortinet-fortimanager-cve-2024-47575-special-report/
https://www.ncsc.gov.uk/news/vulnerability-fortinet-fortimanager
CVE-2024-37383:利用Roundcube Webmail XSS漏洞泄露凭据
https://global.ptsecurity.com/analytics/pt-esc-threat-intelligence/fake-attachment-roundcube-mail-server-attacks-exploit-cve-2024-37383-vulnerability
CVE-2023-22098:VirutalBox逃逸漏洞分析
https://zeroclick.sh/blog/cve-2023-22098/
云安全
Servicelens:枚举微软365域名下的子服务
https://github.com/nullenc0de/servicelens
Sharefouine:Sharepoint站点命令行分析工具
https://github.com/OtterHacker/ShareFouine
EntraID通用加固指南
https://www.infernux.no/EntraID-GeneralHardening/
人工智能和安全
Claude发布3.5版本,支持LLM操作计算机
https://www.anthropic.com/news/3-5-models-and-computer-use
vulnhuntr:基于LLM的python应用漏洞挖掘框架
https://github.com/protectai/vulnhuntr
AuthzAI:基于LLM自动化测试分析API端点是否存在权限模型违规
https://github.com/ngalongc/AuthzAI
Nova:具有分层注意力和对比学习的汇编代码生成语言模型
https://arxiv.org/abs/2311.13721
Cohere发布《企业AI应用安全指南》
https://drive.google.com/file/d/15dta-3MFtFsTeX6iyO3GJIgXqA0aiXer/
https://cohere.com/blog/enterprise-ai-security-deploying-llm-applications-safely
LLM安全信息订阅聚合页面
https://start.me/p/9oJvxx/applying-llms-genai-to-cyber-security
LLM黑客手册
https://doublespeak.chat/#/handbook
其他
为Stratus云攻击模拟工具添加攻击原子
https://kknowl.es/posts/stratus-contributor/
EDR遥测信息源汇总
https://www.edr-telemetry.com/
emulator:用户态Windows进程执行模拟器
https://github.com/momo5502/emulator
https://docs.google.com/presentation/d/1pha4tFfDMpVzJ_ehJJ21SA_HAWkufQBVYQvh1IFhVls
M01N Team公众号
聚焦高级攻防对抗热点技术
绿盟科技蓝军技术研究战队
官方攻防交流群
网络安全一手资讯
攻防技术答疑解惑
扫码加好友即可拉群
往期推荐
原文始发于微信公众号(M01N Team):每周蓝军技术推送(2024.10.19-10.25)
