每周蓝军技术推送(2022.9.24-9.30)
2022-9-30 18:0:32 Author: M01N Team(查看原文) 阅读量:25 收藏

Web安全

5种Web身份认证绕过的常见技术

https://www.synack.com/blog/exploits-explained-5-unusual-authentication-bypass-techniques/

fingerprintx:类似于httpx的实用程序,支持RDP、SSH、MySQL、PostgreSQL、Kafka等指纹识别服务

https://github.com/praetorian-inc/fingerprintx

spycast:跨平台的mDNS枚举工具

https://github.com/evilsocket/spycast

内网渗透

Windows Insider现在默认限制SMB身份验证速率为两秒一次

https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-authentication-rate-limiter-now-on-by-default-in-windows/ba-p/3634244

Kerberos FAST:在Kerberos客户端和KDC之间提供安全隧道,能够有效防御离线破解和降级攻击

https://www.trustedsec.com/blog/i-wanna-go-fast-really-fast-like-kerberos-fast/

ARP中继攻击拦截AS-REQ进行修改和重放以执行Kerberoast攻击

https://www.semperis.com/blog/new-attack-paths-as-requested-sts/

https://github.com/0xe7/RoastInTheMiddle

蓝宝石票据:基于请求后获得的合法票据,与钻石票据类似

https://www.thehacker.recipes/ad/movement/kerberos/forged-tickets/sapphire

使用VLAN 0、LLC/SNAP标头和无效长度绕过第2层网络安全控制措施

https://blog.champtar.fr/VLAN0_LLC_SNAP/

https://www.semperis.com/blog/new-attack-paths-as-requested-sts/

终端对抗

srdi-rs:Rusty Shellcode反射DLL注入(sRDI)

https://github.com/memN0ps/srdi-rs

mordor-rs:利用Rust语言实现的各类直接系统调用syscall库函数

https://github.com/memN0ps/mordor-rs

Windows Rust使用LLVM pass

https://bbs.pediy.com/thread-274453.htm

VirusTotalC2:滥用VirusTotal API托管C2流量

https://github.com/D1rkMtr/VirusTotalC2

githubC2:滥用Github API来托管C2流量

https://github.com/D1rkMtr/githubC2

Microsoft Windows Shift F10绕过和Autopilot提权

https://k4m1ll0.com/ShiftF10Bypass-and-privesc.html

WIndows本地提权工具JuicyPotato升级版JuicyPotatoNG

https://decoder.cloud/2022/09/21/giving-juicypotato-a-second-chance-juicypotatong/

monomorph:将Shellcode打包到可执行的二进制文件中,输出文件将始终具有相同的MD5哈希

https://github.com/DavidBuchanan314/monomorph

FilelessRemotePE:使用ETW 修补、NTDLL Unhook和无新线程技术的远程PE无文件内存加载工具

https://github.com/D1rkMtr/FilelessRemotePE

DLLirant:对指定二进制文件进行自动化DLL劫持分析

https://github.com/redteamsocietegenerale/DLLirant

Cronos:一种对抗内存扫描的新的睡眠时混淆技术

https://github.com/Idov31/Cronos

创建挂起EDR程序配合DLL侧载执行恶意代码绕过防护

https://mansk1es.gitbook.io/edr-binary-abuse/

Freeze:用于使用挂起的进程、直接系统调用和替代执行方法绕过EDR

https://github.com/optiv/Freeze

漏洞相关

CVE-2022-2588:Linux route4_filter链表操作不当造成的任意文件写漏洞EXP

https://github.com/Markakd/CVE-2022-2588

CVE-2022–36934:WhatsApp中的整数溢出漏洞

https://infosecwriteups.com/cve-2022-36934-an-integer-overflow-in-whatsapp-leading-to-remote-code-execution-in-an-established-e0fc4e2cd900

CVE-2022-34721:Windows IKE漏洞分析

https://blog.78researchlab.com/9ed22cda-216f-434a-b063-ed78aafa4a7a

CVE-2022-2274:OpenSSL远程代码执行漏洞POC

https://github.com/Malwareman007/CVE-2022-2274

CVE-2021-36665-8:企业终端数据备份工具Druva inSync for Mac本地提权漏洞分析

https://imhotepisinvisible.com/druva-lpe/

利用COOP新型代码复用技术绕过intel CET保护机制

https://www.matteomalvica.com/blog/2022/09/22/bypassing-intel-cet-counterfeit-objects/

CVE-2022-39197:最新CS RCE曲折的复现路

https://mp.weixin.qq.com/s/l5e2p_WtYSCYYhYE0lzRdQ

云安全

Azure攻击路径综述

https://cloudbrothers.info/azure-attack-paths/

利用基于Cloudflare Gateway的Serverless服务实现广告拦截

https://blog.marcolancini.it/2022/blog-serverless-ad-blocking-with-cloudflare-gateway/

深入了解Intune托管Windows客户端的SCEP证书请求/续订

https://oliverkieselbach.com/2022/09/21/deep-dive-of-scep-certificate-request-renewal-on-intune-managed-windows-clients/

其他

了解影响密码强度的宏观社会因素

https://www.gosecure.net/blog/2022/09/26/tell-me-where-you-live-and-i-will-tell-you-about-your-password-understanding-the-macrosocial-factors-influencing-passwords-strength/

使用.ics文件伪造日历邀请

https://mrd0x.com/spoofing-calendar-invites-using-ics-files/

HITB2022SIN安全会议视频公开

https://www.youtube.com/playlist?list=PLmv8T5-GONwRu8F1SgdBjP6XydFJipKoa

NETSCOUT DDOS威胁情报报告

https://www.netscout.com/threatreport/

M01N Team公众号

聚焦高级攻防对抗热点技术

绿盟科技蓝军技术研究战队

官方攻防交流群

网络安全一手资讯

攻防技术答疑解惑

扫码加好友即可拉群

往期推荐

每周蓝军技术推送(2022.9.17-9.23)

每周蓝军技术推送(2022.9.10-9.16)

每周蓝军技术推送(2022.9.3-9.9)


文章来源: http://mp.weixin.qq.com/s?__biz=MzkyMTI0NjA3OA==&mid=2247489795&idx=1&sn=5aa8455cf049b19e148f6f4b22bff607&chksm=c187d912f6f05004127a43aa5ccad4d1b21c4fe0260f9e59b69789a29ea02164f87efc6603d7#rd
如有侵权请联系:admin#unsafe.sh