Web安全
5种Web身份认证绕过的常见技术
https://www.synack.com/blog/exploits-explained-5-unusual-authentication-bypass-techniques/
fingerprintx:类似于httpx的实用程序,支持RDP、SSH、MySQL、PostgreSQL、Kafka等指纹识别服务
https://github.com/praetorian-inc/fingerprintx
spycast:跨平台的mDNS枚举工具
https://github.com/evilsocket/spycast
内网渗透
Windows Insider现在默认限制SMB身份验证速率为两秒一次
https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-authentication-rate-limiter-now-on-by-default-in-windows/ba-p/3634244
Kerberos FAST:在Kerberos客户端和KDC之间提供安全隧道,能够有效防御离线破解和降级攻击
https://www.trustedsec.com/blog/i-wanna-go-fast-really-fast-like-kerberos-fast/
ARP中继攻击拦截AS-REQ进行修改和重放以执行Kerberoast攻击
https://www.semperis.com/blog/new-attack-paths-as-requested-sts/
https://github.com/0xe7/RoastInTheMiddle
蓝宝石票据:基于请求后获得的合法票据,与钻石票据类似
https://www.thehacker.recipes/ad/movement/kerberos/forged-tickets/sapphire
使用VLAN 0、LLC/SNAP标头和无效长度绕过第2层网络安全控制措施
https://blog.champtar.fr/VLAN0_LLC_SNAP/
https://www.semperis.com/blog/new-attack-paths-as-requested-sts/
终端对抗
srdi-rs:Rusty Shellcode反射DLL注入(sRDI)
https://github.com/memN0ps/srdi-rs
mordor-rs:利用Rust语言实现的各类直接系统调用syscall库函数
https://github.com/memN0ps/mordor-rs
Windows Rust使用LLVM pass
https://bbs.pediy.com/thread-274453.htm
VirusTotalC2:滥用VirusTotal API托管C2流量
https://github.com/D1rkMtr/VirusTotalC2
githubC2:滥用Github API来托管C2流量
https://github.com/D1rkMtr/githubC2
Microsoft Windows Shift F10绕过和Autopilot提权
https://k4m1ll0.com/ShiftF10Bypass-and-privesc.html
WIndows本地提权工具JuicyPotato升级版JuicyPotatoNG
https://decoder.cloud/2022/09/21/giving-juicypotato-a-second-chance-juicypotatong/
monomorph:将Shellcode打包到可执行的二进制文件中,输出文件将始终具有相同的MD5哈希
https://github.com/DavidBuchanan314/monomorph
FilelessRemotePE:使用ETW 修补、NTDLL Unhook和无新线程技术的远程PE无文件内存加载工具
https://github.com/D1rkMtr/FilelessRemotePE
DLLirant:对指定二进制文件进行自动化DLL劫持分析
https://github.com/redteamsocietegenerale/DLLirant
Cronos:一种对抗内存扫描的新的睡眠时混淆技术
https://github.com/Idov31/Cronos
创建挂起EDR程序配合DLL侧载执行恶意代码绕过防护
https://mansk1es.gitbook.io/edr-binary-abuse/
Freeze:用于使用挂起的进程、直接系统调用和替代执行方法绕过EDR
https://github.com/optiv/Freeze
漏洞相关
CVE-2022-2588:Linux route4_filter链表操作不当造成的任意文件写漏洞EXP
https://github.com/Markakd/CVE-2022-2588
CVE-2022–36934:WhatsApp中的整数溢出漏洞
https://infosecwriteups.com/cve-2022-36934-an-integer-overflow-in-whatsapp-leading-to-remote-code-execution-in-an-established-e0fc4e2cd900
CVE-2022-34721:Windows IKE漏洞分析
https://blog.78researchlab.com/9ed22cda-216f-434a-b063-ed78aafa4a7a
CVE-2022-2274:OpenSSL远程代码执行漏洞POC
https://github.com/Malwareman007/CVE-2022-2274
CVE-2021-36665-8:企业终端数据备份工具Druva inSync for Mac本地提权漏洞分析
https://imhotepisinvisible.com/druva-lpe/
利用COOP新型代码复用技术绕过intel CET保护机制
https://www.matteomalvica.com/blog/2022/09/22/bypassing-intel-cet-counterfeit-objects/
CVE-2022-39197:最新CS RCE曲折的复现路
https://mp.weixin.qq.com/s/l5e2p_WtYSCYYhYE0lzRdQ
云安全
Azure攻击路径综述
https://cloudbrothers.info/azure-attack-paths/
利用基于Cloudflare Gateway的Serverless服务实现广告拦截
https://blog.marcolancini.it/2022/blog-serverless-ad-blocking-with-cloudflare-gateway/
深入了解Intune托管Windows客户端的SCEP证书请求/续订
https://oliverkieselbach.com/2022/09/21/deep-dive-of-scep-certificate-request-renewal-on-intune-managed-windows-clients/
其他
了解影响密码强度的宏观社会因素
https://www.gosecure.net/blog/2022/09/26/tell-me-where-you-live-and-i-will-tell-you-about-your-password-understanding-the-macrosocial-factors-influencing-passwords-strength/
使用.ics文件伪造日历邀请
https://mrd0x.com/spoofing-calendar-invites-using-ics-files/
HITB2022SIN安全会议视频公开
https://www.youtube.com/playlist?list=PLmv8T5-GONwRu8F1SgdBjP6XydFJipKoa
NETSCOUT DDOS威胁情报报告
https://www.netscout.com/threatreport/
M01N Team公众号
聚焦高级攻防对抗热点技术
绿盟科技蓝军技术研究战队
官方攻防交流群
网络安全一手资讯
攻防技术答疑解惑
扫码加好友即可拉群
往期推荐
原文始发于微信公众号(M01N Team):每周蓝军技术推送(2022.9.24-9.30)
