每周蓝军技术推送(2023.3.4-3.10)
2023-3-10 18:4:28 Author: M01N Team(查看原文) 阅读量:16 收藏

内网渗透

使用Codecepticon混淆Rubeus

https://www.pavel.gr/blog/obfuscating-rubeus-using-codecepticon

通过HTTP请求走私获取Active Directory凭据

https://tij.me/blog/harvesting-active-directory-credentials-via-http-request-smuggling/

Locksmith:用于定位和修复AD CS中错误配置的工具

https://github.com/TrimarcJake/Locksmith

Timeroast攻击和Trustroast攻击技术:在Active Directory域中离线破解密码的新思路

https://www.secura.com/uploads/whitepapers/Secura-WP-Timeroasting-v3.pdf
https://github.com/SecuraBV/Timeroast

终端对抗

Cobalt Strike 4.8发布:默认支持syscall、Guardrails上线条件限制、ETW致盲等防御规避新特性

https://www.cobaltstrike.com/blog/cobalt-strike-4-8-system-call-me-maybe/

通过DLL劫持和Hook API提取KeePass2密码

https://skr1x.github.io/keepass-dll-hijacking/

Amsi-Killer:通过搜索每条指令首字节获得跳转指令的地址绕过AMSI,在目标数据集更改后仍然有效

https://github.com/ZeroMemoryEx/Amsi-Killer

Lolbin-poc:windbg.exe与dbgeng.dll的白加黑利用组合

https://github.com/mrexodia/lolbin-poc

漏洞相关

通过伪造调用堆栈阻碍指纹识别

https://www.coresecurity.com/blog/hardware-call-stack

CVE-2023-21716:Microsoft Word远程代码执行漏洞POC公开

https://www.bleepingcomputer.com/news/security/proof-of-concept-released-for-critical-microsoft-word-rce-bug/

CVE-2023-21768:Windows辅助功能驱动本地提权漏洞EXP公开

https://github.com/chompie1337/Windows_LPE_AFD_CVE-2023-21768

云安全

Azure渗透:攻击者如何利用配置错误的环境

https://medium.com/@laythchebbi/azure-infiltrated-how-attackers-exploit-misconfigured-environments-to-breach-data-and-cause-damage-f24ba5342bfe

在Cosmos DB Explorer中通过基于DOM的XSS接管Microsoft Azure帐户

https://starlabs.sg/blog/2023/02-microsoft-azure-account-takeover-via-dom-based-xss-in-cosmos-db-explorer/

在不重置密码的情况下从Azure AD本地账户提升到全局管理员

https://cloudbrothers.info/en/prem-global-admin-password-reset/

CI/CD密钥提取技巧

https://www.synacktiv.com/en/publications/cicd-secrets-extraction-tips-and-tricks.html

利用谷歌云的恶意文档分发

https://fortynorthsecurity.com/blog/redirecting-maldoc-transfers-in-the-cloud/

其他

利用AI生成的语音接管银行账户

https://www.vice.com/en/article/dy7axa/how-i-broke-into-a-bank-account-with-an-ai-generated-voice

SpiderCat:使用webhook将目标连接到黑曜石网络爬虫框架,跟踪目标网络连接链路,收集用户电子邮件、系统信息、地理位置等情报

https://github.com/CosmodiumCS/SpiderCat

使用Isolation Forest和SHAP的Microsoft Sentinel Notebooks的异常检测和解释

https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/anomaly-detection-and-explanation-with-isolation-forest-and-shap/ba-p/3750086

M01N Team公众号

聚焦高级攻防对抗热点技术

绿盟科技蓝军技术研究战队

官方攻防交流群

网络安全一手资讯

攻防技术答疑解惑

扫码加好友即可拉群

往期推荐

每周蓝军技术推送(2023.2.25-3.3)

每周蓝军技术推送(2023.2.18-2.24)

每周蓝军技术推送(2023.2.11-2.17)


文章来源: http://mp.weixin.qq.com/s?__biz=MzkyMTI0NjA3OA==&mid=2247490953&idx=1&sn=15797463cd742951eeeaed2b900a5683&chksm=c187dd98f6f0548e4650fa66364c5f65df39c0d287bceeead5aa30d25cd72ee6c3ddd6ccefe6#rd
如有侵权请联系:admin#unsafe.sh