每周蓝军技术推送(2022.10.15-10.21)
2022-10-21 18:1:26 Author: M01N Team(查看原文) 阅读量:19 收藏

Web安全

LORSRF:SSRF漏洞快速查找工具

https://github.com/knassar702/lorsrf

HTTP请求走私分析和利用

https://medium.com/bugbountywriteup/http-request-smuggling-explained-and-exploited-part-0x1-89ce2956534f

https://medium.com/bugbountywriteup/http-request-smuggling-explained-and-exploited-part-0x2-7768d04883fb

深入研究ASP.NET AJAX附加组件Telerik UI漏洞

https://blog.blacklanternsecurity.com/p/yet-another-telerik-ui-revisit

内网安全

RustHound:Rust编写的BloodHound格式AD数据搜集器

https://github.com/OPENCYBER-FR/RustHound

终端对抗

NoRunPI:暴力破解线程加载进程的地址注入并启动Payload

https://github.com/ORCx41/NoRunPI

IFaultrepElevatedDataCollectionUAC:利用自动提权属性的IFaultrepElevatedDataCollection COM对象中的任意文件删除绕过UAC

https://github.com/Wh04m1001/IFaultrepElevatedDataCollectionUAC

AtomPePacker:无crt入口,可直接系统调用且自定义API哈希库的x64 PE打包器

https://github.com/ORCx41/AtomPePacker

WAM BAM:从Office中恢复Web令牌

https://blog.xpnsec.com/wam-bam/

https://github.com/xpn/WAMBam

RedEye:协助红队C2日志可视化和报告工具

https://github.com/cisagov/RedEye

Janus:基于CIA Marble框架的编译时代码混淆框架

https://github.com/echtdefault/Janus

LOLBAS:签名程序ChangePk.exe,可用于代理执行

https://twitter.com/notwhickey/status/1582961336610213888

Bitmance:提供Windows通用API、例程和宏提供高度可配置、位置无关封装的Nim语言库

https://github.com/zimawhit3/Bitmancer

漏洞相关

SharedMemUtils:一个自动查找共享内存对象漏洞的工具

https://www.x86matthew.com/view_post?id=shared_mem_utils

Microsoft Office Online Server远程代码执行漏洞

https://www.mdsec.co.uk/2022/10/microsoft-office-online-server-remote-code-execution/

MS Exchange上的新攻击面:ProxyRelay

https://devco.re/blog/2022/10/19/a-new-attack-surface-on-MS-exchange-part-4-ProxyRelay/

CVE-2022-39197:Cobalt Strike RCE漏洞绕过分析及PoC

https://securityintelligence.com/posts/analysis-rce-vulnerability-cobalt-strike/

https://www.cobaltstrike.com/blog/out-of-band-update-cobalt-strike-4-7-2/

https://github.com/its-arun/CVE-2022-39197

CVE-2022-41852:Apache Commons JXPath Java库中的RCE漏洞

https://hackinglab.cz/en/blog/remote-code-execution-in-jxpath-library-cve-2022-41852/

云安全

AADInternals:Azure AD和Office 365的AADInternals PowerShell管理模块

https://github.com/Gerenios/AADInternals

misp-to-sentinel:创建将威胁情报从MISP实例写入Microsoft Sentinel的Azure函数

https://github.com/zolderio/misp-to-sentinel

云中的横向移动风险及如何预防--第一部分:网络层(VPC)

https://www.wiz.io/blog/lateral-movement-risks-in-the-cloud-and-how-to-prevent-them-part-1-the-network-layer

如何绕过eBPF安全监控

https://blog.doyensec.com//2022/10/11/ebpf-bypass-security-monitoring.html

其他

密码管理器LastPass分析及从中获取密码

https://www.mdsec.co.uk/2022/10/analysing-lastpass-part-1/

ScubaGear:根据CISA的基线自动化评估M365租户的安全配置

https://github.com/cisagov/ScubaGear

微软推荐的驱动程序阻止规则发布更新

https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules

用于创建传记密码字典的模型

https://www.diva-portal.org/smash/get/diva2:1703640/FULLTEXT01.pdf

awesome-hacker-search-engines:黑客搜索引擎大全

https://github.com/edoardottt/awesome-hacker-search-engines

M01N Team公众号

聚焦高级攻防对抗热点技术

绿盟科技蓝军技术研究战队

官方攻防交流群

网络安全一手资讯

攻防技术答疑解惑

扫码加好友即可拉群

往期推荐

每周蓝军技术推送(2022.10.1-10.14)

每周蓝军技术推送(2022.9.24-9.30)

每周蓝军技术推送(2022.9.17-9.23)


文章来源: http://mp.weixin.qq.com/s?__biz=MzkyMTI0NjA3OA==&mid=2247489950&idx=1&sn=bdedb6641f7cb85d6c1cd5661f624179&chksm=c187d98ff6f05099103068abc6f48a091031585e675cc213f94162e9e2c528fb991bf837ec2a#rd
如有侵权请联系:admin#unsafe.sh