Web安全
ASP.NET下的内存马(3) HttpListener内存马
https://tttang.com/archive/1451/
Jbin: 收集目标网站URL和API相关敏感信息
https://github.com/h33tlit/Jbin-website-secret-scraper
内网渗透
GoldenCopy: 从bloodhound数据库提取某用户权限并创建票据的脚本
https://github.com/Dramelac/GoldenCopy
BOF: 扫描域控查询LdapEnforceChannelBinding和LdapServerIntegrity属性,是否可抵抗中继攻击
https://github.com/cube0x0/LdapSignCheck
利用Flask将敏感文件渗出
https://medium.com/maverislabs/bash-tricks-for-file-exfiltration-over-http-s-using-flask-112aed524ad
不依赖mimikatz的情况下,修改用户密码进行横向移动
https://www.trustedsec.com/blog/manipulating-user-passwords-without-mimikatz
终端对抗
TeamsImplant: 通过Microsoft Teams dll加载实现持久化
https://github.com/Allevon412/TeamsImplant
AMSI绕过技术
https://3xploit666.medium.com/resurrección-bypass-amsi-d561be85e29c
Nimcrypt2: Nim实现的PE加壳/加载器
https://github.com/icyguider/Nimcrypt2#installationdependencies
滥用 McAfee EDR 加载执行 Shellcode
https://github.com/RedTeamOperations/Journey-to-McAfee/tree/main/EDR-Recasting
Bluehat 2022 会议的议题,滥用 RPC/DCOM 协议实现本地提权
https://github.com/decoder-it/bluehatil22/
漏洞相关
BrokenPrint: R6700v3 KC_PRINT 服务栈溢出漏洞分析
https://research.nccgroup.com/2022/02/28/brokenprint-a-netgear-stack-overflow/
CVE-2022-22947: Spring Cloud Gateway 远程代码执行漏洞poc
https://github.com/lucksec/Spring-Cloud-Gateway-CVE-2022-22947
Windows 11 Insider Preview下KUSER_SHARED_DATA的漏洞利用研究
https://connormcgarr.github.io/kuser-shared-data-changes-win-11/
BlueHatIL 2022:iMessage漏洞利用简史
https://saelo.github.io/presentations/bluehat_il_22_a_brief_history_of_imessage_exploitation.pdf
云安全
利用VPC Endpoints绕过AWS GuardDuty
https://blog.devgenius.io/aws-guardduty-exfiltration-bypass-4720f6ed16a4
利用 Carbon Black Cloud Workload Appliance 和 vRealize Operations Manager 的多个漏洞实现 RCE
https://swarm.ptsecurity.com/catching-bugs-in-vmware-carbon-black-cloud-workload-appliance-and-vrealize-operations-manager/
Vajra: Azure云渗透工具
https://github.com/TROUBLE-1/Vajra
谷歌云对象存储攻防
https://mp.weixin.qq.com/s/ZmXV_uiBlJElRx6zd21NIg
Kubernetes 与 HostPath 相关的几个漏洞的分析
http://blog.quarkslab.com/kubernetes-and-hostpath-a-love-hate-relationship.html
其他
MITRE对手交战框架V1及一系列落地指导文件发布
https://mp.weixin.qq.com/s/QuS0hRLI7AznqqjNSMk6Ew
Simwigo: Go实现的轻便Web服务器(类似python SimpleHTTPServer),可用于载荷投递与渗出
https://github.com/8iche/simwigo/
RogueRDP: 武器化.RDP文件,触发RDP外连,从而获取用户权限
https://www.blackhillsinfosec.com/rogue-rdp-revisiting-initial-access-methods/
OffensiveNotion: 利用api将notion作为C2
https://medium.com/@huskyhacks.mk/we-put-a-c2-in-your-notetaking-app-offensivenotion-3e933bace332
M01N Team
聚焦高级攻防对抗热点技术
绿盟科技蓝军技术研究战队
原文始发于微信公众号(M01N Team):每周蓝军技术推送(2022.2.26-3.4)
