每周蓝军技术推送(2022.10.1-10.14)
2022-10-14 18:2:3 Author: M01N Team(查看原文) 阅读量:21 收藏

Web安全

Kaminsky攻击:如何在Web应用程序的DNS设置中查找漏洞

https://sec-consult.com/blog/detail/melting-the-dns-iceberg-taking-over-your-infrastructure-kaminsky-style/

asnmap:使用ASN数据进行快速侦察的Golang CLI工具

https://github.com/projectdiscovery/asnmap

内网渗透

ShadowSpray:对Shadow Credential进行喷洒攻击的工具

https://github.com/Dec0ne/ShadowSpray/

RITM:针对Kerberos的中继攻击工具

https://github.com/Tw1sm/RITM

SharpNTLMRawUnHide:破解NTLMSSP协议

https://github.com/X-C3LL/SharpNTLMRawUnHide

终端对抗

hunting-for-timer-queue-timers:基于定时器检测捕获睡眠内存混淆技术

https://labs.withsecure.com/publications/hunting-for-timer-queue-timers

NimShellcodeFluctuation:Nim语言实现的ShellcodeFluctuation PoC

https://github.com/S3cur3Th1sSh1t/NimShellcodeFluctuation

ADSrunner:利用NTFS ADS数据流隐写并执行Shellcode

https://github.com/D1rkMtr/ADSrunner

ObfLoader:MAC、IPv4、UUID Shellcode加载和混淆工具,混淆Shellcode并使用一些本机API将其转换为二进制格式并加载

https://github.com/D1rkMtr/ObfLoader

KnownDllUnhook:从 \KnownDlls\ 替换当前加载的模块的.txt部分进行API unhooking达到绕过EDR的效果

https://github.com/ORCx41/KnownDllUnhook

DumpThatLSASS:从磁盘中获取新的DbgHelp.dll副本来unhooking MiniDumpWriteDump实现转储LSASS,以及函数和字符串混淆,从现有进程中复制lsass句柄

https://github.com/D1rkMtr/DumpThatLSASS

AzTokenFinder:从不同进程(如 PowerShell、Excel、Word 等)中提取JWT Token

https://github.com/HackmichNet/AzTokenFinder

vba2clr:从VBA中运行.Net程序集

https://github.com/med0x2e/vba2clr

Havoc:可扩展的后渗透命令和控制框架

https://github.com/HavocFramework/Havoc

HavocNotion:Havoc C2的简单ExternalC2 PoC。通过使用自定义python代理、handler和extc2通道进行Notion通信

https://github.com/CodeXTF2/HavocNotion

PyHmmm:Python编写的Havoc C2第三方代理

https://github.com/CodeXTF2/PyHmmm

Iscariot Suite:滥用合法蓝队产品进行命令控制的C2框架

https://gitlab.com/badsectorlabs/iscariot-suite

eBPF安全监控绕过技术

https://blog.doyensec.com/2022/10/11/ebpf-bypass-security-monitoring.html

漏洞相关

0dayex-checker:Microsoft Exchange Server 0 day检查器(虚拟补丁检查器)

https://github.com/VNCERT-CC/0dayex-checker

CVE-2022-41040、CVE-2022-41082:Microsoft Exchange Server 0 day缓解措施可被绕过

https://www.bleepingcomputer.com/news/security/microsoft-exchange-server-zero-day-mitigation-can-be-bypassed/

CVE-2022-33647/CVE-2022-33679:Kerberos RC4 MD4加密降级EoP

https://bugs.chromium.org/p/project-zero/issues/detail?id=2310

CVE-2022-32910:允许绕过Gatekeeper的macOS存档实用程序的漏洞

https://www.jamf.com/blog/jamf-threat-labs-macos-archive-utility-vulnerability/

CVE-2022-31680:VMware vCenter Server Platform Services Controller反序列化漏洞

https://talosintelligence.com/vulnerability_reports/TALOS-2022-1587

云安全

Azure 中常见的条件访问错误配置和绕过

https://www.trustedsec.com/blog/common-conditional-access-misconfigurations-and-bypasses-in-azure/

caOptics:Azure AD条件访问差异分析器

https://github.com/jsa2/caOptics#ca-optics---azure-ad-conditional-access-gap-analyzer

云上横向移动:利用脆弱容器实施攻击

https://sysdig.com/blog/lateral-movement-cloud-containers/

利用Semgrep大规模识别权限逻辑类漏洞

https://www.anshumanbhartiya.com/posts/detect-authz-at-scale-nestjs

其他

ChTimeStamp:通过另一个文件的时间戳更改已删除文件的创建时间和上次写入时间

https://github.com/D1rkMtr/ChTimeStamp

Windows11文件属性时间规则表

https://www.khyrenz.com/blog/windows-11-time-rules/

LockSmith:通过原生API与基于文件的macOS钥匙串进行交互

https://github.com/its-a-feature/LockSmith

GitFive:用于调查GitHub配置文件的OSINT工具

https://github.com/mxrch/GitFive

MemProcFS-Analyzer:基于内存取证分析工具MemProcFS的分析工具,近期更新支持查看进程树

https://github.com/evild3ad/MemProcFS-Analyzer

eviltree:方便在嵌套目录中的文件中搜索关键字的工具

https://github.com/t3l3machus/eviltree

M01N Team公众号

聚焦高级攻防对抗热点技术

绿盟科技蓝军技术研究战队

官方攻防交流群

网络安全一手资讯

攻防技术答疑解惑

扫码加好友即可拉群

往期推荐

每周蓝军技术推送(2022.9.24-9.30)

每周蓝军技术推送(2022.9.17-9.23)

每周蓝军技术推送(2022.9.10-9.16)


文章来源: http://mp.weixin.qq.com/s?__biz=MzkyMTI0NjA3OA==&mid=2247489859&idx=1&sn=7ac717f80c188bc3a1700e9f5768c8ff&chksm=c187d952f6f05044a08dc69819b45b708cea0e7eae8b636418e5e0b7b045b020914b8f914362#rd
如有侵权请联系:admin#unsafe.sh