Web安全
通过注入 JSON Object 绕过认证
https://maxwelldulin.com/BlogPost?post=9185867776
利用CodeQL寻找Java gadgets chains
https://www.synacktiv.com/en/publications/finding-gadgets-like-its-2022.html
终端对抗
Casper-FS: 支持文件隐藏的Linux内核模块生成工具
https://github.com/CoolerVoid/casper-fs
绕过EDR运行时注入监测逻辑
https://blog.redbluepurple.io/offensive-research/bypassing-injection-detection
滥用哈希缓存绕过Applocker
https://gtworek.github.io/PSBits/applockercachebypass.html?s=09
通过挂载vhd绕过Applocker
https://twitter.com/0gtweet/status/1502729257520439301
利用自定义键盘布局实现持久化
https://github.com/NtQuerySystemInformation/CustomKeyboardLayoutPersistence
UPX壳对抗技术
https://blogs.jpcert.or.jp/en/2022/03/anti_upx_unpack.html
漏洞相关
CVE-2019-0567:Microsoft Edge类型混淆漏洞的利用过程
https://connormcgarr.github.io/type-confusion-part-1/
CVE-2022-21971: Windows Runtime RCE poc
https://github.com/0vercl0k/CVE-2022-21971
CVE-2022-25636:Linux内核5.4-5.6.10权限提升漏洞
https://github.com/Bonfee/CVE-2022-25636
Windows任意文件/文件夹删除到权限提升技术分析
https://www.zerodayinitiative.com/blog/2022/3/16/abusing-arbitrary-file-deletes-to-escalate-privilege-and-other-great-tricks
云安全
利用包大小限制机制,绕过Google Cloud Armor
https://kloudle.com/academy/a-guide-to-protect-against-the-8kb-waf-limitation-in-google-cloud-armor
CVE-2022-0811: Kubernetes 容器引擎 CRI-O 被发现容器逃逸漏洞
https://www.crowdstrike.com/blog/cr8escape-new-vulnerability-discovered-in-cri-o-container-engine-cve-2022-0811/
Top 10关于CI/CD的安全风险
https://github.com/cider-security-research/top-10-cicd-security-risks
Azure云:滥用Hybrid Workers进行权限提升
https://www.netspi.com/blog/technical/cloud-penetration-testing/abusing-azure-hybrid-workers-for-privilege-escalation/
其他
通过浏览器Captcha进行用户信息收集
https://varun.ch/history
The idols NFT marketplace 重入漏洞分析
https://paper.seebug.org/1845/
仿造浏览器弹框页面进行钓鱼攻击
https://mrd0x.com/browser-in-the-browser-phishing-attack/
Ecapture: 无需CA证书进行https明文通讯抓包
https://github.com/ehids/ecapture
M01N Team
聚焦高级攻防对抗热点技术
绿盟科技蓝军技术研究战队
原文始发于微信公众号(M01N Team):每周蓝军技术推送(2022.3.12-3.18)
