内网渗透
跨外部非传递信任对森林中的其他域进行身份验证
https://exploit.ph/external-trusts-are-evil.html
终端对抗
使用内存分析检测具备EDR无效化能力的恶意软件
https://www.volexity.com/blog/2023/03/07/using-memory-analysis-to-detect-edr-nullifying-malware/
ChatGPT驱动的具备EDR绕过能力的恶意软件
https://www.hyas.com/hubfs/Downloadable%20Content/HYAS-AI-Augmented-Cyber-Attack-WP-1.1.pdf
https://systemweakness.com/chatgpt-powered-malware-bypasses-edr-c9a66af5cec1
OfflineAddAdmin2:在Windows 11上通过非典型API创建离线管理员
https://www.reddit.com/r/blueteamsec/comments/11oems2/offlineaddadmin2_create_an_offline_administrator/
Meterpreter Payload生命周期分析:生成、执行、Staging与反射加载
https://attl4s.github.io/assets/pdf/Understanding_a_Payloads_Life.pdf
漏洞相关
CVE-2023-23397:利用Microsoft Outlook特权提升漏洞及检测规则
https://www.mdsec.co.uk/2023/03/exploiting-cve-2023-23397-microsoft-outlook-elevation-of-privilege-vulnerability/
https://github.com/Neo23x0/signature-base/blob/master/yara/expl_outlook_cve_2023_23397.yar
CVE-2023-27898、CVE-2023-27905:Jenkins服务器RCE
https://blog.aquasec.com/jenkins-server-vulnerabilities
CVE-2023-24749:Netgear RAX路由器RCE
https://mahaloz.re/2023/02/25/pwnagent-netgear.html
CVE-2023–24625:PHP Laravel框架的票证支持系统Faveo中出现IDOR漏洞
https://cupc4k3.lol/cve-2023-24625-idor-in-faveo-service-desk-37a63f53d896
云安全
ZeusCloud:开源云安全平台
https://github.com/Zeus-Labs/ZeusCloud
Goblob:用于公开Azure存储blob的快速枚举工具
https://github.com/Macmod/goblob
其他
防御OneNote恶意软件的注册表配置
https://www.huntress.com/blog/addressing-initial-access
Kimsuky组织2022威胁趋势报告
https://asec.ahnlab.com/wp-content/uploads/2023/03/2022-Threat-Trend-Report-on-Kimsuky.pdf
MSRC BlueHat 2023视频
https://www.youtube.com/playlist?list=PLXkmvDo4MfusWp9f7IHT9xAPCkN2ZSm2L
网络事件报告框架:全球版
https://securityandtechnology.org/virtual-library/reports/cyber-incident-reporting-framework-global-edition/
反思战术:2022年度网络安全综述
https://www.trendmicro.com/vinfo/us/security/research-and-analysis/threat-reports/roundup/rethinking-tactics-annual-cybersecurity-roundup-2022?
网络威胁检测系统深度学习模型调查
https://easychair.org/publications/preprint/DL2D
M01N Team公众号
聚焦高级攻防对抗热点技术
绿盟科技蓝军技术研究战队
官方攻防交流群
网络安全一手资讯
攻防技术答疑解惑
扫码加好友即可拉群
往期推荐