Web安全
WordPress Transposh Translation Filter插件漏洞利用:通过XSS实现SQL盲注
https://www.rcesecurity.com/2022/07/WordPress-Transposh-Exploiting-a-Blind-SQL-Injection-via-XSS/
如何在2022年攻陷WordPress:初始信息收集
https://noc.org/articles/how-wordpress-gets-hacked-in-2022-initialrecon
Wodat:Windows Oracle数据库攻击工具
https://github.com/InitRoot/wodat
内网渗透
通过委托接管G Suite域
https://shabarkin.medium.com/gsuite-domain-takeover-through-delegation-9d6664c91142
在 Windows 和 Active Directory 环境中滥用 Duo 身份验证错误配置
https://www.mandiant.com/resources/abusing-duo-authentication-misconfigurations
OrbitalDump:多线程SSH爆破工具
https://github.com/k4yt3x/orbitaldump
Pretender:DHCPv6 DNS接管及mDNS、LLVMNR、NetBIOS-NS嗅探工具
https://github.com/RedTeamPentesting/pretender
LastenZug:基于Websocket的Socks4a代理工具,使用SpiderPIC进行静态混淆
https://github.com/codewhitesec/Lastenzug
完全基于http(s)的Windows反向shell工具,支持Bypass Defender等安全软件
https://github.com/t3l3machus/hoaxshell
AlanFramework:近期开源的后渗透C2框架
https://github.com/enkomio/AlanFramework
终端对抗
攻击技术研判 | 不讲武德,再次发现投毒的“漏洞工具”
https://mp.weixin.qq.com/s/zIxSVUHv3wXruFRL-1iN9A
ProtectMyTooling:新的高对抗PE打包器,包括PE打包/工具水印/后门植入功能
https://mgeeky.tech/protectmytooling/
https://github.com/mgeeky/ProtectMyTooling
编译时字符串混淆技术及单个头文件的代码实现
https://posts.specterops.io/encrypting-strings-at-compile-time-4141dafe5b41
https://gist.github.com/EvanMcBroom/ad683e394f84b623da63c2b95f6fb547
CobaltStrike Beacon 内存与流量特征捕获方式一览
https://www.mdsec.co.uk/2022/07/part-1-how-i-met-your-beacon-overview/
https://www.mdsec.co.uk/2022/07/part-2-how-i-met-your-beacon-cobalt-strike/
RIPPL:在不使用驱动的前提下操作受保护进程
https://github.com/last-byte/RIPPL
PPLdump的终结:微软7月更新修改了PPL进程机制,使PPLdump凭据转储方式不再可行
https://itm4n.github.io/the-end-of-ppldump/
借助WindowsTerminal配置文件进行持久化
https://twitter.com/nas_bench/status/1550836225652686848
LOLBAS:卡巴斯基主程序AVP.exeDLL劫持攻击利用
https://mp.weixin.qq.com/s/8HirOI1GHPCdfEfoGGCo6A
DiagTrackEoP:绕过服务账户限制滥用DiagTrack服务与SeImpersonate权限进行权限提升
https://github.com/Wh04m1001/DiagTrackEoP
Wiindows RPC服务Fuzz及利用其进行权限提升,披露DiagTrack可潜在用于提权
https://www.crisprx.top/archives/561
端点防护软件Windows Defender for Endpoint配置第二部分
https://jeffreyappel.nl/microsoft-defender-for-endpoint-series-configure-defender-for-endpoint-part2/
探索围绕VPN、代理及隧道的攻击面
https://www.mandiant.com/resources/burrowing-your-way-into-vpns
漏洞相关
CVE-2022-31813:Apache HTTPD mod_proxy模块漏洞,可能影响使用反向代理的应用程序
https://www.synacktiv.com/publications/cve-2022-31813-forwarding-addresses-is-hard.html
CVE-2022-32816:Apple Safari UI Spoofing Vulnerability
https://twitter.com/l33d0hyun/status/1552265704187240449
CVE-2011-2371:火狐浏览器整数溢出漏洞分析及EXP构建
https://voidsec.com/browser-exploitation-firefox-cve-2011-2371/
CVE-2022-34918:Linux内核提权漏洞POC,适用Ubuntu 5.15.0-39-generic
https://github.com/randorisec/CVE-2022-34918-LPE-PoC
CVE-2022-20186:Arm Mail GPU内核驱动漏洞分析及利用链构建
https://github.blog/2022-07-27-corrupting-memory-without-memory-corruption/
使用What The Fuzz(a snapshot-based fuzzer) fuzz Hypervisor
https://null2root.github.io/blog/2022/07/21/When-Hypervisor-Met-Snapshot-Fuzzing.html
VMWare ESXI TCP/IP栈系列漏洞分析
https://www.zerodayinitiative.com/blog/2022/7/25/looking-at-patch-gap-vulnerabilities-in-the-vmware-esxi-tcpip-stack
云安全
AWS核心服务常见安全漏洞:利用与缓解措施
https://labs.detectify.com/2022/07/25/aws-services-security-vulnerabilities-exploitation-remediation/
IAM-Deescalate:AWS Identity and access management(IAM)权限提升风险排除工具
https://github.com/PaloAltoNetworks/IAM-Deescalate
API Key泄露风险:公网Django Web应用发现超三千个应用的API Key暴露
https://blog.criminalip.io/2022/07/20/api-key-leak/
其他
开源攻击模拟工具Top10列表
https://fourcore.io/blogs/top-10-open-source-adversary-emulation-tools
RedGuard:C2前置基础设施保护工具
https://github.com/wikiZ/RedGuard
现代化钓鱼代理基础设施建设
https://outpost24.com/blog/Better-proxy-than-story
Terry the Terraformer:红队基础设施自动搭建工具
https://github.com/ezra-buckingham/terry-the-terraformer
2022网络钓鱼趋势报告
https://interisle.net/PhishingLandscape2022.pdf
Packj:标记存在供应链攻击风险的开源软件包
https://github.com/ossillate-inc/packj
红队沦为EDR绕过团队?或许是时候将假定失陷模型右移
https://dispatch.redteams.fyi/red-team-edr-bypass-team/
SOC 关键路径:防御性杀伤链模型
https://ieeexplore.ieee.org/document/9690168
M01N Team公众号
聚焦高级攻防对抗热点技术
绿盟科技蓝军技术研究战队
官方攻防交流群
网络安全一手资讯
攻防技术答疑解惑
扫码加好友即可拉群
往期推荐
原文始发于微信公众号(M01N Team):每周蓝军技术推送(2022.7.23-7.29)