Web安全
osv-scanner:用Go编写的漏洞扫描器
https://github.com/google/osv-scanner
使用SVG图像进行HTML走私
https://blog.talosintelligence.com/html-smugglers-turn-to-svg-images/
ReverseSock5Proxy:一个微型反向Sock5代理
https://github.com/Coldzer0/ReverseSock5Proxy
内网渗透
评估独立托管服务帐户
https://simondotsh.com/infosec/2022/12/12/assessing-smsa.html
Kerberos票据伪造检测方法
https://unit42.paloaltonetworks.com/next-gen-kerberos-attacks/
Coercer:通过12种方法自动强制Windows服务器在任意机器上进行身份验证
https://github.com/p0dalirius/Coercer
终端对抗
LOLBAS:使用Type命令和WebDAV中被遗忘的功能上传/下载文件
https://mr0range.com/a-new-lolbin-using-the-windows-type-command-to-upload-download-files-81d7b6179e22
IATelligence:提取PE文件的IAT并请求GPT以获取有关API和ATT&CK矩阵相关的更多信息
https://github.com/fr0gger/IATelligence
psmsi:使用Powershell创建MSI
https://github.com/ironmansoftware/psmsi
Bypass Cortex XDR
https://medium.com/@bentamam/bypassing-cortex-xdr-a-case-study-in-the-power-of-simplicity-b436f4f570ad
aikido_wiper:使用0 day漏洞利用将EDR转化为恶意擦除器
https://github.com/SafeBreach-Labs/aikido_wiper
RedditC2:滥用Reddit API托管C2流量
https://github.com/kleiton0x00/RedditC2
绕过macOS隐私机制的20多种新方法
https://i.blackhat.com/EU-22/Thursday-Briefings/EU-22-Fitzl-Knockout-Win-Against-TCC.pdf
一种新的MacOS持久性和欺骗技术:默认应用程序劫持
https://medium.com/@marcusthebrody/a-new-macos-persistence-and-deception-technique-default-application-hijacking-52de66955a16
漏洞相关
CVE-2022-33942:通过欺骗Kerberos和LDAP响应绕过英特尔DCM的身份验证
https://www.rcesecurity.com/2022/11/from-zero-to-hero-part-1-bypassing-intel-dcms-authentication-cve-2022-33942/
CVE-2022-21225:从SQL注入到英特尔DCM上的RCE
https://www.rcesecurity.com/2022/12/from-zero-to-hero-part-2-intel-dcm-sql-injection-to-rce-cve-2022-21225/
CVE-2022–42889:Text4Shell,Apache Commons Text Library RCE
https://medium.com/mii-cybersec/cve-2022-42889-text4shell-vulnerability-17b703a48dcd
CVE-2022-42703:Linux内核的内存管理(MM)子系统UAF漏洞
https://googleprojectzero.blogspot.com/2022/12/exploiting-CVE-2022-42703-bringing-back-the-stack-attack.html
CVE-2022-44721 Crowdstrike Falcon:绕过Windows终端设备上的令牌检查,并在未经适当授权的情况下从设备上卸载sensor,从而有效地移除设备的EDR和AV保护
https://github.com/gmh5225/CVE-2022-44721-CsFalconUninstaller
逐步使用自定义污点分析来检测堆安全问题
https://antonio-cooler.gitbook.io/coolervoid-tavern/detecting-heap-memory-pitfalls
MicrosoftEdgeUpdate权限提升问题
https://bugs.chromium.org/p/chromium/issues/detail?id=1332924
CVE-2022-24528:Windows Defender DoS漏洞Fuzz思路讲解与漏洞分析
https://medium.com/s2wblog/fuzzing-the-shield-cve-2022-24548-96f568980c0
云安全
可视化多云IAM概念
https://julian-wieg.medium.com/visualizing-multi-cloud-iam-concepts-63525967c0a7
AWS OIDC——利用EKS执行任务
https://pswalia2u.medium.com/aws-oidc-eks-abuse-632e13ec01b1
AWS OIDC——Github操作滥用
https://pswalia2u.medium.com/oidc-github-actions-abuse-dbef1d4cd559
BlueMap:Azure的交互式开发工具包
https://github.com/SikretaLabs/BlueMap
其他
检测恶意OAuth设备代码钓鱼
https://www.inversecos.com/2022/12/how-to-detect-malicious-oauth-device.html
noseyparker:在文本数据和Git历史记录中查找秘密和敏感信息
https://github.com/praetorian-inc/noseyparker
M01N Team公众号
聚焦高级攻防对抗热点技术
绿盟科技蓝军技术研究战队
官方攻防交流群
网络安全一手资讯
攻防技术答疑解惑
扫码加好友即可拉群
往期推荐
原文始发于微信公众号(M01N Team):每周蓝军技术推送(2022.12.10-12.16)
