每周蓝军技术推送(2022.8.27-9.2)
2022-9-2 18:4:25 Author: M01N Team(查看原文) 阅读量:20 收藏

Web安全

通过对证书透明度的时间相关攻击发现域

https://swarm.ptsecurity.com/discovering-domains-via-a-time-correlation-attack/

jscythe:滥用 node.js  inspector机制,以强制任何基于 node.js/electron/v8 的进程执行任意 js 代码

https://github.com/evilsocket/jscythe

新的Tomcat内存马-Upgrade型

https://tttang.com/archive/1709/

内网渗透

使用PowerShell在没有MDM服务的情况下发送MDM命令

https://oofhours.com/2022/08/26/send-mdm-commands-without-an-mdm-service-using-powershell/

Suborner:不利用Net user创建不可见Windows账户、模拟劫持现存用户的RID

https://github.com/r4wd3r/Suborner

MSSQL-Analysis-Coerce:强制SQL Server向任意主机身份认证

https://github.com/p0dalirius/MSSQL-Analysis-Coerce

Lsass-Shtinkering:滥用 Windows 错误报告服务转储 LSASS 的新方法

https://github.com/deepinstinct/Lsass-Shtinkering

终端对抗

Elevator:滥用 RPC 和调试对象UAC绕过权限提升

https://github.com/Kudaes/Elevator

滥用HashInfo绕过AppLocker

https://shells.systems/post-bypassing-applocker-by-abusing-hashinfo/

RPC-Backdoor:“RPC 后门”的基本实现,旨在模拟某些组使用的 TTP

https://github.com/eladshamir/RPC-Backdoor

滥用异常处理规避EDR检测实现参数欺骗和系统调用号检索

https://github.com/rad9800/talks/blob/main/MALWARE_MADNESS.pdf

使用 Microsoft Warbird 在ClipSp.sys中不触发PatchGuard自动解包并执行加密shellcode

https://github.com/KiFilterFiberContext/warbird-hook

禁用CFG以允许攻击者使用睡眠混淆技术来逃避检测

https://icebreaker.team/blogs/sleeping-with-control-flow-guard/

DeathSleep:终止当前线程并在恢复执行之前将其恢复,同时在不执行期间实现页面保护更改的规避技术PoC

https://github.com/janoglezcampos/DeathSleep

ExportDumper:转储PE文件的导出表用于DLL代理

https://github.com/iilegacyyii/ExportDumper

DLL劫持在线查询库

https://hijacklibs.net/

漏洞相关

使用伪造对象绕过英特尔 CET

https://www.offensive-security.com/offsec/bypassing-intel-cet-with-counterfeit-objects/?utm_source=twitter&utm_medium=&utm_campaign=d6813b98-789f-4854-80b2-d6d68d2fc4f0

GitHub Pages Build Pipeline命令注入漏洞

https://blog.nietaanraken.nl/posts/github-pages-command-injection/

Xalan Java XSLT库整数截断

https://bugs.chromium.org/p/project-zero/issues/detail?id=2290

在找到5个不同的漏洞并构建8个EXP后,实现在任何WatchGuard  Firebox/XTM 设备上以root 执行预授权远程代码

https://www.ambionics.io/blog/hacking-watchguard-firewalls

CVE-2022-21849:Windows IKE Extension漏洞分析

https://blog.78researchlab.com/53e53729-d728-4635-a58d-08ad8a1f68e4

Windows NFS协议漏洞分析(CVE-2022-34715)

https://mp.weixin.qq.com/s/_-RBo8yrW1dWUgoWTUgI8g

CVE-2022-30216:Windows 服务强制身份认证漏洞,可结合NTLM重放对DC进行RCE

https://www.akamai.com/blog/security/authentication-coercion-windows-server-service

CVE-2022-2586:Linux内核nft_object UAF漏洞EXP

https://www.openwall.com/lists/oss-security/2022/08/29/5

HITBSecConf 2022 Singapore:Settlers of Netlink: Exploiting a limited kernel UAF on Ubuntu 22.04

https://conference.hitb.org/hitbsecconf2022sin/materials/D1T1%20-%20Settlers%20of%20Netlink%20-%20Exploiting%20a%20Limited%20UAF%20on%20Ubuntu%2022.04%20to%20Achieve%20LPE%20-%20Aaron%20Adams.pdf

https://research.nccgroup.com/2022/09/01/settlers-of-netlink-exploiting-a-limited-uaf-in-nf_tables-cve-2022-32250/

CVE-2022-2294:WebRTC中的堆溢出在野利用漏洞分析

https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2022/CVE-2022-2294.html

CVE-2022-28799:TikTok Android应用程序漏洞可导致一键帐户劫持

https://www.microsoft.com/security/blog/2022/08/31/vulnerability-in-tiktok-android-app-could-lead-to-one-click-account-hijacking/

云安全

Okta管理员将用户名分配给其他的现有用户时,会发生意外的模拟事件

https://permiso.io/blog/s/down-with-idp-impersonate-me

Azure AD 中的 SMTP 匹配滥用

https://www.semperis.com/blog/smtp-matching-abuse-in-azure-ad

CVE-2022-29149:Azure OMI 的提权漏洞分析

https://www.wiz.io/blog/omi-returns-lpe-technical-analysis

其他

GarbageMan:一组通过堆分析来分析.NET二进制文件的工具

https://labs.withsecure.com/tools/garbageman/

Pitraix:基于TOR的现代自我修改跨平台点对点僵尸网络,更新1.2版本提高了隐匿性并添加了实时监控等功能

https://github.com/ThrillQuks/Pitraix/releases/tag/pitraixV1.2

Microsoft-eventlog-mindmap:一组思维导图,详细概述了 Windows、Exchange、Azure 等不同的审计能力

https://github.com/mdecrevoisier/Microsoft-eventlog-mindmap

用于签名的新UEFI CA内存缓解要求

https://techcommunity.microsoft.com/t5/hardware-dev-center/new-uefi-ca-memory-mitigation-requirements-for-signing/ba-p/3608714

M01N Team公众号

聚焦高级攻防对抗热点技术

绿盟科技蓝军技术研究战队

官方攻防交流群

网络安全一手资讯

攻防技术答疑解惑

扫码加好友即可拉群

往期推荐

每周蓝军技术推送(2022.8.20-8.26)

每周蓝军技术推送(2022.8.13-8.19)

每周蓝军技术推送(2022.8.6-8.12)


文章来源: http://mp.weixin.qq.com/s?__biz=MzkyMTI0NjA3OA==&mid=2247489523&idx=1&sn=819bd3b97d7cfa9bf5199ca28a0c8e11&chksm=c187d7e2f6f05ef449cbbf9da8e94cdc24b651a7eb8bfee647186b87fb863f15bfb2c47eb9e2#rd
如有侵权请联系:admin#unsafe.sh