Web安全
LORSRF:SSRF漏洞快速查找工具
https://github.com/knassar702/lorsrf
HTTP请求走私分析和利用
https://medium.com/bugbountywriteup/http-request-smuggling-explained-and-exploited-part-0x1-89ce2956534f
https://medium.com/bugbountywriteup/http-request-smuggling-explained-and-exploited-part-0x2-7768d04883fb
深入研究ASP.NET AJAX附加组件Telerik UI漏洞
https://blog.blacklanternsecurity.com/p/yet-another-telerik-ui-revisit
内网安全
RustHound:Rust编写的BloodHound格式AD数据搜集器
https://github.com/OPENCYBER-FR/RustHound
终端对抗
NoRunPI:暴力破解线程加载进程的地址注入并启动Payload
https://github.com/ORCx41/NoRunPI
IFaultrepElevatedDataCollectionUAC:利用自动提权属性的IFaultrepElevatedDataCollection COM对象中的任意文件删除绕过UAC
https://github.com/Wh04m1001/IFaultrepElevatedDataCollectionUAC
AtomPePacker:无crt入口,可直接系统调用且自定义API哈希库的x64 PE打包器
https://github.com/ORCx41/AtomPePacker
WAM BAM:从Office中恢复Web令牌
https://blog.xpnsec.com/wam-bam/
https://github.com/xpn/WAMBam
RedEye:协助红队C2日志可视化和报告工具
https://github.com/cisagov/RedEye
Janus:基于CIA Marble框架的编译时代码混淆框架
https://github.com/echtdefault/Janus
LOLBAS:签名程序ChangePk.exe,可用于代理执行
https://twitter.com/notwhickey/status/1582961336610213888
Bitmance:提供Windows通用API、例程和宏提供高度可配置、位置无关封装的Nim语言库
https://github.com/zimawhit3/Bitmancer
漏洞相关
SharedMemUtils:一个自动查找共享内存对象漏洞的工具
https://www.x86matthew.com/view_post?id=shared_mem_utils
Microsoft Office Online Server远程代码执行漏洞
https://www.mdsec.co.uk/2022/10/microsoft-office-online-server-remote-code-execution/
MS Exchange上的新攻击面:ProxyRelay
https://devco.re/blog/2022/10/19/a-new-attack-surface-on-MS-exchange-part-4-ProxyRelay/
CVE-2022-39197:Cobalt Strike RCE漏洞绕过分析及PoC
https://securityintelligence.com/posts/analysis-rce-vulnerability-cobalt-strike/
https://www.cobaltstrike.com/blog/out-of-band-update-cobalt-strike-4-7-2/
https://github.com/its-arun/CVE-2022-39197
CVE-2022-41852:Apache Commons JXPath Java库中的RCE漏洞
https://hackinglab.cz/en/blog/remote-code-execution-in-jxpath-library-cve-2022-41852/
云安全
AADInternals:Azure AD和Office 365的AADInternals PowerShell管理模块
https://github.com/Gerenios/AADInternals
misp-to-sentinel:创建将威胁情报从MISP实例写入Microsoft Sentinel的Azure函数
https://github.com/zolderio/misp-to-sentinel
云中的横向移动风险及如何预防–第一部分:网络层(VPC)
https://www.wiz.io/blog/lateral-movement-risks-in-the-cloud-and-how-to-prevent-them-part-1-the-network-layer
如何绕过eBPF安全监控
https://blog.doyensec.com//2022/10/11/ebpf-bypass-security-monitoring.html
其他
密码管理器LastPass分析及从中获取密码
https://www.mdsec.co.uk/2022/10/analysing-lastpass-part-1/
ScubaGear:根据CISA的基线自动化评估M365租户的安全配置
https://github.com/cisagov/ScubaGear
微软推荐的驱动程序阻止规则发布更新
https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules
用于创建传记密码字典的模型
https://www.diva-portal.org/smash/get/diva2:1703640/FULLTEXT01.pdf
awesome-hacker-search-engines:黑客搜索引擎大全
https://github.com/edoardottt/awesome-hacker-search-engines
M01N Team公众号
聚焦高级攻防对抗热点技术
绿盟科技蓝军技术研究战队
官方攻防交流群
网络安全一手资讯
攻防技术答疑解惑
扫码加好友即可拉群
往期推荐
原文始发于微信公众号(M01N Team):每周蓝军技术推送(2022.10.15-10.21)
