每周蓝军技术推送(2022.10.29-11.4)
2022-11-4 18:0:17 Author: M01N Team(查看原文) 阅读量:16 收藏

Web安全

 Python pickle反序列化浅析

https://tttang.com/archive/1782/

内网渗透

AD域渗透获取Domain信息方法对比

https://rastamouse.me/getdomain-vs-getcomputerdomain-vs-getcurrentdomain/

终端对抗

通过Microsoft Speech API写入二进制文件

https://red.0xbad53c.com/red-team-operations/initial-access/macro-attacks/binary-file-write-via-microsoft-speech-api

DeleteShadowCopies:在纯C++中删除卷影复制

https://github.com/ORCx41/DeleteShadowCopies

Play With Windows Defender -- ASR篇

https://mp.weixin.qq.com/s/Mbs2E3_zjp5BFPd_99iGvQ

TerraLdr:具有高级规避功能的载荷加载器

https://github.com/ORCx41/TerraLdr

BOF-herpaderping:进程Herpaderping技术的Beacon Object File部分实现

https://github.com/MrAle98/BOF-herpaderping

Spartacus:DLL劫持发现工具

https://github.com/Accenture/Spartacus

siphon:在Linux中拦截任何进程输入输出和监视用户Shell

https://github.com/liamg/siphon

漏洞相关

CVE-2022-37969:Windows CLFS 0 day漏洞的技术分析,漏洞成因及利用

https://www.zscaler.com/blogs/security-research/technical-analysis-windows-clfs-zero-day-vulnerability-cve-2022-37969-part

https://www.zscaler.com/blogs/security-research/technical-analysis-windows-clfs-zero-day-vulnerability-cve-2022-37969-part2-exploit-analysis

Visual Studio Code .ipynb Jupyter Notebook RCE漏洞分析

https://blog.doyensec.com/2022/10/27/jupytervscode.html

Fugu15:IOS15越狱,包含代码签名绕过、内核利用、内核PAC绕过和PPL绕过

https://github.com/pinauten/Fugu15

CVE-2022-3602 OpenSSL漏洞分析与检测建议

https://securitylabs.datadoghq.com/articles/openssl-november-1-vulnerabilities/

CVE-2022-34169:JIT编译器整数截断错误,导致可在支持SAML单点登录的Java  Web应用程序和身份提供程序中执行任意代码

https://googleprojectzero.blogspot.com/2022/11/gregor-samsa-exploiting-java-xml.html

云安全

GCP身份与访问控制最佳实践

https://www.praetorian.com/blog/iam-best-practices-gcp/

利用Github Action实现对目标植入后门容器

https://www.praetorian.com/blog/self-hosted-github-runners-are-backdoors/

AWS中危险的信任策略

https://blog.nviso.eu/2022/10/25/the-dangers-of-trust-policies-in-aws/

其他

ariadne:二进制文件Ninja可视化分析插件

https://github.com/seeinglogic/ariadne

USENIX Security 22技术会议研讨会出版的完整论文集

https://www.usenix.org/conference/usenixsecurity22/technical-sessions

使用贴纸干扰人脸识别

https://adversarial-designs.shop/blogs/blog/faceoff-using-stickers-to-fool-face-id

M01N Team公众号

聚焦高级攻防对抗热点技术

绿盟科技蓝军技术研究战队

官方攻防交流群

网络安全一手资讯

攻防技术答疑解惑

扫码加好友即可拉群

往期推荐

每周蓝军技术推送(2022.10.22-10.28)

每周蓝军技术推送(2022.10.15-10.21)

每周蓝军技术推送(2022.10.1-10.14)


文章来源: http://mp.weixin.qq.com/s?__biz=MzkyMTI0NjA3OA==&mid=2247490071&idx=1&sn=a5c7a972efa0a76173f2ea40e8ea7d6a&chksm=c187da06f6f053107d3bbeba4df43d2ec0241d085b62db406bf611d860990f7b2b0431094ce4#rd
如有侵权请联系:admin#unsafe.sh