Web安全
深入了解域匿名化服务技术—BraZZZerSFF 基础设施
https://medium.com/csis-techblog/inside-view-of-brazzzersff-infrastructure-89b9188fd145
浏览器驱动的异步攻击:HTTP 请求走私的新途径
https://portswigger.net/research/browser-powered-desync-attacks
gorilla:用于生成词表或扩展现有词表的工具,可用于生成密码字典
https://github.com/d4rckh/gorilla
Google Cloud Shell – 命令注入漏洞
https://bugra.ninja/posts/cloudshell-command-injection/
内网渗透
Active Directory 环境网络共享配置权限不当问题的分析和利用
https://www.netspi.com/blog/technical/network-penetration-testing/network-share-permissions-powerhuntshares/
如何在Active Directory中创建蜜罐帐户
https://github.com/rootsecdev/Microsoft-Blue-Forest/tree/master/Honeypots/ADFakeCreds
攻击和修复 Active Directory 环境中的过多网络共享权限
https://www.netspi.com/blog/technical/network-penetration-testing/network-share-permissions-powerhuntshares/
利用ENTs和NOERROR进行子域枚举
https://medium.com/sse-blog/enhancing-subdomain-enumeration-ents-and-noerror-69a0479b7a3d
BARK:Powershell版BloodHound 攻击研究套件,用于研究Azure滥用原语
https://github.com/BloodHoundAD/BARK
Certipy 4.0:增加ESC9 和 ESC10、BloodHound GUI、新的身份验证和请求方法等模块
https://research.ifcr.dk/certipy-4-0-esc9-esc10-bloodhound-gui-new-authentication-and-request-methods-and-more-7237d88061f7
SCMKit:一个可用于攻击 SCM 系统的工具包
https://github.com/xforcered/SCMKit
使用 MAC-Changer 绕过 MAC 过滤
https://tbhaxor.com/bypass-mac-filtering-using-macchanger/
终端对抗
PersistAssist:一个用C#编写的完全模块化的持久化框架
https://github.com/FortyNorthSecurity/PersistAssist
d.rdynamicshellcode:下载并运行动态 Shellcode,在内存中的 RWX 部分中查找url并下载Shellcode运行
https://gitlab.com/ORCA000/d.rdynamicshellcode
TamperingSyscalls:滥用异常处理规避EDR检测实现参数欺骗和系统调用号检索
https://github.com/rad9800/TamperingSyscalls
漏洞相关
Microsoft SharePoint Server 任意代码执行漏洞
https://ssd-disclosure.com/ssd-advisory-microsoft-sharepoint-server-wizardconnecttodatastep4-deserialization-of-untrusted-data-rce/
CVE-2022-22026/CVE-2022-22049:Windows CSRSS 中的两个堆溢出漏洞
https://bugs.chromium.org/p/project-zero/issues/detail?id=2286
https://bugs.chromium.org/p/project-zero/issues/detail?id=2289
Windows NTFS 系统分析和漏洞研究
https://vul.360.net/archives/497
CVE-2021-0920:Linux 内核垃圾回收系统中在野0day漏洞利用分析
https://googleprojectzero.blogspot.com/2022/08/the-quantum-state-of-linux-kernel.html
CVE-2022-22252: 华为HWLog Vmalloc UAF漏洞
https://labs.taszk.io/blog/post/79_hw_hwlog_uaf/
VMWare vRealize Operations Manager Pre-Authenticated RCE漏洞分析
https://srcincite.io/blog/2022/08/09/from-shared-dash-to-root-bash-pre-authenticated-rce-in-vmware-vrealize-operations-manager.html
云安全
BlackHat USA 2022:Backdooring and hijacking Azure AD accounts by abusing external identities议题slides
https://dirkjanm.io/assets/raw/US-22-Mollema-Backdooring-and-hijacking-Azure-AD-accounts_final.pdf
其他
ghidra-frida-hook-gen:适用于Ghidra的Frida Hook生成器
https://github.com/CENSUS/ghidra-frida-hook-gen
LibAFL:构建模块化和可重用Fuzzer的框架
https://www.s3.eurecom.fr/docs/ccs22_fioraldi.pdf
Avast Q2/2022 威胁报告
https://decoded.avast.io/threatresearch/avast-q2-2022-threat-report
M01N Team公众号
聚焦高级攻防对抗热点技术
绿盟科技蓝军技术研究战队
官方攻防交流群
网络安全一手资讯
攻防技术答疑解惑
扫码加好友即可拉群
往期推荐
原文始发于微信公众号(M01N Team):每周蓝军技术推送(2022.8.6-8.12)
