Web安全
Kaminsky攻击:如何在Web应用程序的DNS设置中查找漏洞
https://sec-consult.com/blog/detail/melting-the-dns-iceberg-taking-over-your-infrastructure-kaminsky-style/
asnmap:使用ASN数据进行快速侦察的Golang CLI工具
https://github.com/projectdiscovery/asnmap
内网渗透
ShadowSpray:对Shadow Credential进行喷洒攻击的工具
https://github.com/Dec0ne/ShadowSpray/
RITM:针对Kerberos的中继攻击工具
https://github.com/Tw1sm/RITM
SharpNTLMRawUnHide:破解NTLMSSP协议
https://github.com/X-C3LL/SharpNTLMRawUnHide
终端对抗
hunting-for-timer-queue-timers:基于定时器检测捕获睡眠内存混淆技术
https://labs.withsecure.com/publications/hunting-for-timer-queue-timers
NimShellcodeFluctuation:Nim语言实现的ShellcodeFluctuation PoC
https://github.com/S3cur3Th1sSh1t/NimShellcodeFluctuation
ADSrunner:利用NTFS ADS数据流隐写并执行Shellcode
https://github.com/D1rkMtr/ADSrunner
ObfLoader:MAC、IPv4、UUID Shellcode加载和混淆工具,混淆Shellcode并使用一些本机API将其转换为二进制格式并加载
https://github.com/D1rkMtr/ObfLoader
KnownDllUnhook:从 KnownDlls 替换当前加载的模块的.txt部分进行API unhooking达到绕过EDR的效果
https://github.com/ORCx41/KnownDllUnhook
DumpThatLSASS:从磁盘中获取新的DbgHelp.dll副本来unhooking MiniDumpWriteDump实现转储LSASS,以及函数和字符串混淆,从现有进程中复制lsass句柄
https://github.com/D1rkMtr/DumpThatLSASS
AzTokenFinder:从不同进程(如 PowerShell、Excel、Word 等)中提取JWT Token
https://github.com/HackmichNet/AzTokenFinder
vba2clr:从VBA中运行.Net程序集
https://github.com/med0x2e/vba2clr
Havoc:可扩展的后渗透命令和控制框架
https://github.com/HavocFramework/Havoc
HavocNotion:Havoc C2的简单ExternalC2 PoC。通过使用自定义python代理、handler和extc2通道进行Notion通信
https://github.com/CodeXTF2/HavocNotion
PyHmmm:Python编写的Havoc C2第三方代理
https://github.com/CodeXTF2/PyHmmm
Iscariot Suite:滥用合法蓝队产品进行命令控制的C2框架
https://gitlab.com/badsectorlabs/iscariot-suite
eBPF安全监控绕过技术
https://blog.doyensec.com/2022/10/11/ebpf-bypass-security-monitoring.html
漏洞相关
0dayex-checker:Microsoft Exchange Server 0 day检查器(虚拟补丁检查器)
https://github.com/VNCERT-CC/0dayex-checker
CVE-2022-41040、CVE-2022-41082:Microsoft Exchange Server 0 day缓解措施可被绕过
https://www.bleepingcomputer.com/news/security/microsoft-exchange-server-zero-day-mitigation-can-be-bypassed/
CVE-2022-33647/CVE-2022-33679:Kerberos RC4 MD4加密降级EoP
https://bugs.chromium.org/p/project-zero/issues/detail?id=2310
CVE-2022-32910:允许绕过Gatekeeper的macOS存档实用程序的漏洞
https://www.jamf.com/blog/jamf-threat-labs-macos-archive-utility-vulnerability/
CVE-2022-31680:VMware vCenter Server Platform Services Controller反序列化漏洞
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1587
云安全
Azure 中常见的条件访问错误配置和绕过
https://www.trustedsec.com/blog/common-conditional-access-misconfigurations-and-bypasses-in-azure/
caOptics:Azure AD条件访问差异分析器
https://github.com/jsa2/caOptics#ca-optics—azure-ad-conditional-access-gap-analyzer
云上横向移动:利用脆弱容器实施攻击
https://sysdig.com/blog/lateral-movement-cloud-containers/
利用Semgrep大规模识别权限逻辑类漏洞
https://www.anshumanbhartiya.com/posts/detect-authz-at-scale-nestjs
其他
ChTimeStamp:通过另一个文件的时间戳更改已删除文件的创建时间和上次写入时间
https://github.com/D1rkMtr/ChTimeStamp
Windows11文件属性时间规则表
https://www.khyrenz.com/blog/windows-11-time-rules/
LockSmith:通过原生API与基于文件的macOS钥匙串进行交互
https://github.com/its-a-feature/LockSmith
GitFive:用于调查GitHub配置文件的OSINT工具
https://github.com/mxrch/GitFive
MemProcFS-Analyzer:基于内存取证分析工具MemProcFS的分析工具,近期更新支持查看进程树
https://github.com/evild3ad/MemProcFS-Analyzer
eviltree:方便在嵌套目录中的文件中搜索关键字的工具
https://github.com/t3l3machus/eviltree
M01N Team公众号
聚焦高级攻防对抗热点技术
绿盟科技蓝军技术研究战队
官方攻防交流群
网络安全一手资讯
攻防技术答疑解惑
扫码加好友即可拉群
往期推荐
原文始发于微信公众号(M01N Team):每周蓝军技术推送(2022.10.1-10.14)
