Web安全
利用DNSSEC进行子域名枚举
https://medium.com/sse-blog/subdomain-enumeration-with-dnssec-9911459ee7b6
从Deserialization和覆盖trustURLCodebase进行JNDI注入
https://mp.weixin.qq.com/s/o7iD0u90ezyOyFb7DQwiUg
HTTP2 request smuggling
https://tttang.com/archive/1837
CVE-2022-22954 VMware Workspace ONE Access SSTI RCE漏洞分析
https://paper.seebug.org/2026/
CVE-2022-43781:Bitbucket Server and Data Center命令注入漏洞
https://xz.aliyun.com/t/11902
YApi <1.12.0 远程命令执行漏洞
https://paper.seebug.org/2028
内网渗透
微软对于LAPS关键概念的官方文档
https://learn.microsoft.com/en-us/windows-server/identity/laps/laps-concepts
使用Havoc C2和从工作站到域控制器并绕过Microsoft EDR
https://assume-breach.medium.com/home-grown-red-team-from-workstation-to-domain-controller-with-havoc-c2-and-microsoft-edr-6b17018e32f6
终端对抗
使用HTTP转发器隐藏C2服务器
https://alwanwijayaxd.medium.com/hide-c2-server-with-http-forwarders-6e7fb7ca451
ScreenshotBOF:使用WinAPI并且不执行fork & run在Cobalt Strike中截屏并下载到内存中
https://github.com/CodeXTF2/ScreenshotBOF
用于解码C2框架NightHawk字符串IDAPython脚本
https://github.com/struppigel/hedgehog-tools/blob/main/nighthawk_str_decoder.py
Windows 11 22H2多键全内存加密
https://techcommunity.microsoft.com/t5/windows-kernel-internals-blog/multi-key-total-memory-encryption-on-windows-11-22h2/ba-p/3683043
漏洞相关
heap_detective:在C++和C. Beta中检测堆内存缺陷的简单方法
https://github.com/CoolerVoid/heap_detective
CVE-2022-33917:Mali GPU内核驱动程序可能会将CPU RO页面提升为可写
https://googleprojectzero.blogspot.com/2022/11/mind-the-gap.html
CVE-2022-3328:snap-confine条件竞争漏洞,结合CVE-2022-41974和CVE-2022-41973可以将普通用户提升到root
https://www.qualys.com/2022/11/30/cve-2022-3328/advisory-snap.txt
CVE-2022-23093:FreeBSDping中的栈溢出漏洞:
https://www.freebsd.org/security/advisories/FreeBSD-SA-22:15.ping.asc
云安全
在SaaS优先的环境中保持持久化
https://pushsecurity.com/blog/maintaining-persistent-access-in-a-saas-first-world/
对Docker Hub恶意软件镜像的分析:通过公共容器镜像进行攻击
https://sysdig.com/blog/analysis-of-supply-chain-attacks-through-public-docker-images/
深入了解MICROSOFT DEFENDER FOR IDENTITY
https://www.synacktiv.com/en/publications/a-dive-into-microsoft-defender-for-identity.html
亚马逊网络服务AppSync漏洞
https://securityaffairs.co/wordpress/139045/hacking/amazon-web-services-flaw.html
Docker逃逸那些事儿
https://mp.weixin.qq.com/s/tiniAQ5AhCXm2_mqj_j7iA
nuvola:一款针对AWS环境的自动化安全分析工具
https://www.freebuf.com/articles/network/350781.html
M01N Team公众号
聚焦高级攻防对抗热点技术
绿盟科技蓝军技术研究战队
官方攻防交流群
网络安全一手资讯
攻防技术答疑解惑
扫码加好友即可拉群
往期推荐