Web安全
Top 10 Web攻击技术
https://portswigger.net/research/top-10-web-hacking-techniques-of-2021
服务器端模版注入SSTI分析与归纳
https://tttang.com/archive/1412/
Java反序列化漏洞研究前序:Transformer、动态代理与注解
http://terenceli.github.io/技术/2022/01/30/java-dynamic-proxy-and-annotation
Java加载动态链接库
https://tttang.com/archive/1436/
ASP.NET下的内存马(1) filter内存马
https://tttang.com/archive/1408/
ASP.NET下的内存马(2) Route内存马
https://tttang.com/archive/1420/
OffensiveCon 2022 会议议题:攻击Javascript引擎
https://saelo.github.io/presentations/offensivecon_22_attacking_javascript_engines.pdf
内网渗透
OffensiveCon 2022 会议议题:Kerberos认证中继攻击研究
https://github.com/tyranid/infosec-presentations/blob/master/OffensiveCon/2022/This%20are%20my%20principals.pdf
Shadow Credentials攻击详解
https://pentestlab.blog/2022/02/07/shadow-credentials/
终端对抗
在Lnk中嵌入EXE并自动执行
https://www.x86matthew.com/view_post?id=embed_exe_lnk
利用 Cuckoo Sandbox 处理不当的 Windows API Hook 函数逃逸沙箱检测
https://research.checkpoint.com/2022/invisible-cuckoo-cape-sandbox-evasion
SnapLoader:利用 PssCaptureSnapshot 和 PssWalkSnapshot 实现的 Shellcode 注入和线程劫持
https://gitlab.com/ORCA666/snaploader
UAC绕过技术与检测
https://elastic.github.io/security-research/whitepapers/2022/02/03.exploring-windows-uac-bypass-techniques-detection-strategies/article/
微软计划默认禁用带有MOTW(Mark of the Web)标记的宏文档
https://www.theverge.com/2022/2/7/22922032/microsoft-block-office-vba-macros-default-change
PackMyPayload:利用容器文件打包载荷规避MOTW标记的武器化项目
https://github.com/mgeeky/PackMyPayload
利用NtCreateThreadEx函数,对远程进程数据进行读写(不依赖ReadProcessMemory / WriteProcessMemory)
https://www.x86matthew.com/view_post?id=read_write_proc_memory
Object Overloading:在进程初始运行时,加载任意DLL
https://www.trustedsec.com/blog/object-overloading/
利用Windows沙箱token机制禁用安全产品
https://elastic.github.io/security-research/whitepapers/2022/02/02.sandboxing-antimalware-products-for-fun-and-profit/article/#
https://twitter.com/Flangvik/status/1490365835449360387
https://github.com/MartinIngesen/TokenStomp
自定义RPC客户端以SYSTEM权限执行命令
https://github.com/freingruber/JavaScript-Raider
利用Systemd Generators实现Linux持久化
https://pberba.github.io/security/2022/02/07/linux-threat-hunting-for-persistence-systemd-generators/
漏洞相关
OffensiveCon2022:2021年野外利用漏洞披露总结
https://github.com/maddiestone/ConPresentations/blob/master/OffensiveCon2022.RealWorld0days.pdf
SpoolFool(CVE-2022–21999):Windows Print Spooler 权限提升漏洞
https://research.ifcr.dk/spoolfool-windows-print-spooler-privilege-escalation-cve-2022-22718-bf7752b68d81
CVE-2022-21877:Windows Storage Spaces Controller 信息泄露漏洞分析
https://big5-sec.github.io/posts/an-analysis-of-cve-2022-21877/
CVE-2021-44142:Pwn2Own Austin 2021 Samba 堆内存越界读写 RCE 漏洞
https://www.thezdi.com/blog/2022/2/1/cve-2021-44142-details-on-a-samba-code-execution-bug-demonstrated-at-pwn2own-austin
CVE-2021-41091:Docker引擎Moby目录遍历漏洞可导致逃逸
https://www.cyberark.com/resources/threat-research-blog/how-docker-made-me-more-capable-and-the-host-less-secure
CVE-2022-20700:思科精睿(Cisco Small Business)RCE漏洞
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D
SoK:浏览器安全分析
https://paper.seebug.org/1818/
云安全
CI/CD Pipeline的攻击:通过污染Pipeline在CI中执行命令
https://medium.com/cider-sec/ppe-poisoned-pipeline-execution-34f4e8d0d4e9
Microsoft 365攻击:利用Power Automate,创建工作流进行数据渗出、C2通信、横向移动等
https://www.varonis.com/blog/power-automate-data-exfiltration
其他
Advanced-Process-Injection-Workshop:Windows 进程注入实验环境
https://github.com/RedTeamOperations/Advanced-Process-Injection-Workshop
Offensive WebDAV:利用WebDAV服务为C2 Agent提供库支撑
https://www.bc-security.org/post/weaponizing-webdav-for-offensive-security/
邮件伪造:攻击没有配置DMARC的邮件域名
https://www.redteam.cafe/phishing/long-live-dmarc-email-spoof-issues
npm package中的供应链安全薄弱点研究
https://arxiv.org/pdf/2112.10165.pdf
区块链 Hacking 终极指南
https://medium.com/immunefi/hacking-the-blockchain-an-ultimate-guide-4f34b33c6e8b
M01N Team
聚焦高级攻防对抗热点技术
绿盟科技蓝军技术研究战队
原文始发于微信公众号(M01N Team):每周蓝军技术推送(2021.1.29-2.11)
