Web安全
利用环境变量注入执行任意命令
https://tttang.com/archive/1450/
Zabbix 不安全 Session 存储导致绕过身份认证案例研究
https://blog.sonarsource.com/zabbix-case-study-of-unsafe-session-storage
JWT攻击指南
https://redhuntlabs.com/wp-content/uploads/2022/02/A-Practical-Guide-to-Attacking-JWT-JSON-Web-Tokens.pdf
CSS攻击面研究
https://scotthelme.co.uk/can-you-get-pwned-with-css/
内网渗透
PetitPotam漏洞利用和白银票据组合拳
https://blog.zsec.uk/chasing-the-silver-petit-potam/
利用krbrelayx和mitm6实现Kerberos中继
https://dirkjanm.io/relaying-kerberos-over-dns-with-krbrelayx-and-mitm6/
组策略遗漏的cPassword,可以利用工具adalanche收集
https://twitter.com/lkarlslund/status/1496817144557969408
终端对抗
NetLoader + BetterSafetyKatz绕过EDR执行Mimikatz
https://twitter.com/an0n_r0/status/1495004699661058051
CreateHiddenAccount: 利用注册表克隆创建隐藏账号
https://github.com/wgpsec/CreateHiddenAccount/blob/master/README_ZH.md
内核对抗实战系列第九部分
https://blog.nviso.eu/2022/02/22/kernel-karnage-part-9-finishing-touches/
Powershell版NtSystemDebugControl内存dump
https://twitter.com/0gtweet/status/1496045593382240256
Beacon Object Files (BoFs)武器化项目收集汇总
https://github.com/N7WEra/BofAllTheThings
三个Windows持久化小技巧
https://mp.weixin.qq.com/s/JJHMe0j59cLnzjZ2uAg54w
漏洞相关
CVE-2021-44142: Samba 服务器 RCE poc
https://gist.github.com/0xsha/0859033e1777490576923a27fbcd23ac
Github-Desktop-2.9.3-RCE
https://github.com/Metnew/write-ups/tree/main/rce-github-desktop-2.9.3
云安全
AWS S3对象存储攻防
https://mp.weixin.qq.com/s/aqTnyNgTSBan_FpqfFRb7Q
浅谈云原生环境信息收集技术
https://mp.weixin.qq.com/s/wvwJVS4geKUEo-FAJ4nu_w
其他
利用noVNC,窃取密码&绕过2FA认证
https://mrd0x.com/bypass-2fa-using-novnc/?no-cache=1
Jenkins默认Build权限配置攻击面
https://medium.com/cider-sec/exploiting-jenkins-build-authorization-22bf72926072
Kraken: 跨平台分布式密码爆破系统
https://github.com/arcaneiceman/kraken
Bvp47——来自美国国安局方程式组织的顶级后门
https://www.pangulab.cn/files/The_Bvp47_a_top-tier_backdoor_of_us_nsa_equation_group.zh-cn.pdf
BlackHat亚洲2022议题列表公开
https://www.blackhat.com/asia-22/briefings/schedule/
M01N Team
聚焦高级攻防对抗热点技术
绿盟科技蓝军技术研究战队
原文始发于微信公众号(M01N Team):每周蓝军技术推送(2022.2.19-2.25)
