Web安全
基于 RNN 神经网络构建的子域名发现工具
https://phoenix-sec.io/2022/07/12/RNN-Subdomain-Discovery.html
hijagger:通过域名抢注从NPM 和 Pypi 仓库中搜索可劫持软件包
https://github.com/firefart/hijagger
Log4j漏洞至今仍被持续利用
https://www.horizon3.ai/the-long-tail-of-log4shell-exploitation/
CISA 关于 2021 年 12 月 Log4j 事件的回顾报告
https://www.cisa.gov/sites/default/files/publications/CSRB-Report-on-Log4-July-11-2022_508.pdf
内网渗透
pretender:通过 DHCPv6 DNS 接管以及 mDNS、LLMNR 和 NetBIOS-NS 欺骗进行中继攻击的工具
https://github.com/RedTeamPentesting/pretender
钻石票据武器化POC
https://www.semperis.com/blog/a-diamond-ticket-in-the-ruff/
通过对网络访问帐户进行解密来探索 SCCM
https://blog.xpnsec.com/unobfuscating-network-access-accounts/
SCCM密码解密POC
https://gist.github.com/xpn/5f497d2725a041922c427c3aaa3b37d1
windows-coerced-authentication-methods:强制 Windows 机器通过具有各种协议的RPC 进行身份验证的方法列表
https://github.com/p0dalirius/windows-coerced-authentication-methods
终端对抗
使用 DiagCpl {12C21EA7-2EB8-4B55-9249-AC243DA8C666}的自动提权 COM 对象进行UAC bypass
https://github.com/Wh04m1001/IDiagnosticProfileUAC
构造Word宏绕过Windows Defender
https://medium.com/@lsecqt/showcasing-red-teaming-ttps-weaponizing-custom-made-c2-channel-via-ms-word-macro-fb86a49b89f8
https://medium.com/@lsecqt/showcasing-red-teaming-ttps-weaponizing-custom-made-c2-channel-via-ms-word-macro-part-2-50c05031457b
https://www.youtube.com/watch?v=A8DkVDQW1-w
使用伪造的微软签名绕过AV/EDR
https://github.com/mgeeky/Penetration-Testing-Tools/tree/master/red-teaming/Self-Signed Threat
LOLBAS:keymgr.dll本地凭据提取
https://twitter.com/NinjaParanoid/status/1516442028963659777
RDPHijack-BOF:使用 WinStationConnect API 进行本地/远程RDP session劫持的Cobalt Strike (BOF)
https://github.com/netero1010/RDPHijack-BOF
Chisel-Strike:.NET XOR 加密的CS aggressor实现快速和高级 socks5 功能
https://github.com/m3rcer/Chisel-Strike
漏洞相关
CVE-2022-26377:使用proxy_ajp对 Tomcat AJP 进行反向代理,可构造 AJP 数据包攻击后端服务
http://noahblog.360.cn/apache-httpd-ajp-request-smuggling/
CVE-2022-29885:Apache Tomcat 集群服务Listener中的拒绝服务漏洞
https://voidzone.me/cve-2022-29885-apache-tomcat-cluster-service-dos/
CVE-2022-30136:Windows 网络文件系统NFSv4远程代码执行漏洞分析:
https://www.zerodayinitiative.com/blog/2022/7/13/cve-2022-30136-microsoft-windows-network-file-system-v4-remote-code-execution-vulnerability
CVE-2022-33675:Microsoft Azure Site Recovery DLL 劫持漏洞
https://medium.com/tenable-techblog/microsoft-azure-site-recovery-dll-hijacking-cd8cc34ef80c
CVE-2022-26706:深入了解macOS 应用沙盒逃逸漏洞
https://www.microsoft.com/security/blog/2022/07/13/uncovering-a-macos-app-sandbox-escape-vulnerability-a-deep-dive-into-cve-2022-26706/
PWN prod的1001种方法-60分钟内60个RCE的故事
https://thinkloveshare.com/hacking/1001_ways_to_pwn_prod/
云安全
在 Kubernetes 的 AWS IAM Authenticator 中利用身份验证
https://blog.lightspin.io/exploiting-eks-authentication-vulnerability-in-aws-iam-authenticator
其他
Securing The Law Firm 2022:现实世界中的漏洞管理
https://github.com/northvein/Talks/blob/main/Securing%20The%20Law%20Firm%202022/STLF%20-%20Vulnerability%20Management%20in%20the%20Real%20World%202022%20FINAL2.pptx
从Sysmon中提取历史进程树的脚本
https://twitter.com/0gtweet/status/1542936949207584770
https://github.com/gtworek/PSBits/blob/master/DFIR/GetSysmonTree.ps1
CIS软件供应链安全指南
https://github.com/aquasecurity/chain-bench/blob/main/docs/CIS-Software-Supply-Chain-Security-Guide-v1.0.pdf
M01N Team公众号
聚焦高级攻防对抗热点技术
绿盟科技蓝军技术研究战队
官方攻防交流群
网络安全一手资讯
攻防技术答疑解惑
扫码加好友即可拉群
往期推荐
原文始发于微信公众号(M01N Team):每周蓝军技术推送(2022.7.9-7.15)
