每周蓝军技术推送(2022.9.10-9.16)
2022-9-16 18:4:27 Author: M01N Team(查看原文) 阅读量:36 收藏

Web安全

利用 Jetty 中间件特性攻击 Web 应用程序

https://swarm.ptsecurity.com/jetty-features-for-hacking-web-apps/

不使用括号实现 JavaScript 的函数调用

https://portswigger.net/research/the-seventh-way-to-call-a-javascript-function-without-parentheses

对滥用 WebLogic 漏洞的 Coinminers 的后利用研究

https://www.trendmicro.com/en_us/research/22/i/a-post-exploitation-look-at-coinminers-abusing-weblogic-vulnerab.html

通过图卷积神经网络识别Web登录入口

https://paper.seebug.org/1969/

内网渗透

autobloody:自动利用 BloodHound 显示的 Active Directory 权限提升路径的工具

https://github.com/CravateRouge/autobloody

终端对抗

Heroinn:跨平台C2/后渗透框架

https://github.com/b23r0/Heroinn

构建CobaltStike External C2

https://xret2pwn.github.io/Myths-About-External-C2/

WriteProcessMemoryAPC - 使用 APC 调用将内存写入远程进程

https://www.x86matthew.com/view_post?id=writeprocessmemory_apc

D-Generating EDR 内部实现剖析

https://fool.ish.wtf/2022/09/d-generating-edr-internals-part-1.html

https://raw.githubusercontent.com/jonaslyk/temp/main/dg.bat

Sliver C2绕过 Win Defender 并持久化

https://youtu.be/QO_1UMaiWHk

规避内存扫描器

https://blog.kyleavery.com/posts/avoiding-memory-scanners/

TangledWinExec:用于研究 Windows 进程执行技术的C#存储库

https://github.com/daem0nc0re/TangledWinExec

cobaltstrike-headless:将无头Aggressor客户端变成功能性Cobalt Strike客户端的Aggressorscript

https://github.com/CodeXTF2/cobaltstrike-headless

利用Electron程序的ASAR文件注入恶意代码

https://taggart-tech.com/quasar-electron/

漏洞相关

超越内存损坏的模糊测试:自动查找更广泛的漏洞类别

https://security.googleblog.com/2022/09/fuzzing-beyond-memory-corruption.html

CVE-2022-22629:Safari 15.4 WebGL 缓冲区溢出漏洞PoC

https://github.com/parsdefense/CVE-2022-22629

CVE-2022-27925:Zimbra 路径穿越漏洞EXP

https://github.com/mohamedbenchikh/CVE-2022-27925

CVE-2022-30078:Netgear R6200_v2 和 R6300v2 路由器中的命令注入漏洞

https://github.com/10TG/vulnerabilities/blob/main/Netgear/CVE-2022-30078/CVE-2022-30078.md

.NET XML 签名验证期间的外部实体注入

https://bugs.chromium.org/p/project-zero/issues/detail?id=2313

CVE-2022-29021、CVE-2022-29022、CVE-2022-29023:OpenRazer Linux 内核驱动漏洞的分析

https://www.cyberark.com/resources/threat-research-blog/colorful-vulnerabilitie

CVE-2022-34721:Windows IKE 漏洞PoC

https://github.com/78ResearchLab/PoC/tree/main/CVE-2022-34721

KCon 2022:自动化API漏洞挖掘

https://paper.seebug.org/1964/

CVE-2022-35837:Windows GDI+组件信息泄漏漏洞分析

https://www.seljan.hu/posts/arbitrary-read-information-disclosure-vulnerability-in-microsoft-windows-gdi-emr_startdoc-record/

云安全

Azure威胁研究矩阵

https://microsoft.github.io/Azure-Threat-Research-Matrix/

通过Azure API权限滥用进行提权

https://posts.specterops.io/azure-privilege-escalation-via-azure-api-permissions-abuse-74aee1006f48

Azure Active Directory Pass-Through认证缺陷

https://www.secureworks.com/research/azure-active-directory-pass-through-authentication-flaws

CloudFox:云环境攻击面探测工具

https://bishopfox.com/blog/introducing-cloudfox

Constellation:第一个加密 Kubernetes,使用机密计算将整个 Kubernetes 集群与(云)基础设施隔离开来

https://github.com/edgelesssys/constellation

通过挖掘令牌破坏 Microsoft Teams 安全性

https://www.vectra.ai/blogpost/undermining-microsoft-teams-security-by-mining-tokens

“GIFShell”——利用 Microsoft Teams GIF 的隐蔽攻击链和 C2

https://medium.com/@bobbyrsec/gifshell-covert-attack-chain-and-c2-utilizing-microsoft-teams-gifs-1618c4e64ed7

其他

绕过Github  Required Reviewers 限制,向开源项目提交恶意代码

https://www.legitsecurity.com/blog/bypassing-github-required-reviewers-to-submit-malicious-code

KCon 2022 PPT部分公开

https://paper.seebug.org/1967/

2022 Falcon OverWatch 威胁狩猎报告

https://go.crowdstrike.com/rs/281-OBQ-266/images/2022OverWatchThreatHuntingReport.pdf

区块链黑暗森林自救手册

https://github.com/slowmist/Blockchain-dark-forest-selfguard-handbook/blob/main/README_CN.md

闯入 WiFi 网络并与服务交互

https://tbhaxor.com/pivot-through-protected-wifi-network/

通过IPv6绕过针对IP的暴力破解防护

https://www.cyberis.com/article/bypassing-ip-based-brute-force-protection-ipv6

M01N Team公众号

聚焦高级攻防对抗热点技术

绿盟科技蓝军技术研究战队

官方攻防交流群

网络安全一手资讯

攻防技术答疑解惑

扫码加好友即可拉群

往期推荐

每周蓝军技术推送(2022.9.3-9.9)

每周蓝军技术推送(2022.8.27-9.2)

每周蓝军技术推送(2022.8.20-8.26)


文章来源: http://mp.weixin.qq.com/s?__biz=MzkyMTI0NjA3OA==&mid=2247489642&idx=2&sn=27e89ce0b788203c500f0faabee361d0&chksm=c187d87bf6f0516de455f6f5d5ee176592fc08f01ae604ce6c9607ddf02a13cac76c66584ed0#rd
如有侵权请联系:admin#unsafe.sh