每周蓝军技术推送(2023.3.25-3.31)
2023-3-31 18:6:40 Author: M01N Team(查看原文) 阅读量:15 收藏

Web安全

MinIO从信息泄漏到RCE复现

https://mp.weixin.qq.com/s/GNhQLuzD8up3VcBRIinmgQ

JVM核心对抗术 

https://mp.weixin.qq.com/s/89Bmvy_uY97TZm3vR9lyWw

内网渗透

如何手动将objectSID属性添加到AD CS证书

https://elkement.blog/2023/03/30/lord-of-the-sid-how-to-add-the-objectsid-attribute-to-a-certificate-manually/

终端对抗

攻击Visual Studio以获得初始访问权限

https://outflank.nl/blog/2023/03/28/attacking-visual-studio-for-initial-access/

逐步讲解,如何绕过AMSI并攻陷Windows 11

https://medium.com/@sharonms3377/how-i-bypassed-amsi-in-2023-ff2cd81bda6c

使用Microsoft Linux 子系统 (WSL) 绕过Defender Endpoint中的设备隔离

https://sec1.dk/blog.html

防御削弱:利用进程暂停禁用反病毒软件

https://www.trustedsec.com/blog/disabling-av-with-process-suspension/

ZwProcessHollowing:使用直接系统调用、Dll脱钩和RC4 payload加密的x64进程镂空武器化项目

https://github.com/XaFF-XaFF/ZwProcessHollowing

HeapCrypt:利用函数Hook实现睡眠时堆加密

https://github.com/TheD1rkMtr/HeapCrypt

Chaos-Rootkit:具有进程隐藏和特权升级功能的x64 Ring0 Rootkit

https://github.com/ZeroMemoryEx/Chaos-Rootkit

漏洞相关

CVE-2023-23752:Joomla 4.2.8版本前CMS未授权信息泄漏

https://github.com/Acceis/exploit-CVE-2023-23752

CVE-2023-23397:微软发布该漏洞攻击利用的调查指南

https://www.microsoft.com/en-us/security/blog/2023/03/24/guidance-for-investigating-attacks-using-cve-2023-23397/

云安全

Terraform安全配置最佳实践

https://sysdig.com/blog/terraform-security-best-practices/

Untitled Goose Tool:对AzureAD、Azure和M365环境进行全面调查搜索和事件响应的工具

https://github.com/cisagov/untitledgoosetool

容器安全基础:从系统进程的角度探索容器

https://securitylabs.datadoghq.com/articles/container-security-fundamentals-part-1/

https://securitylabs.datadoghq.com/articles/container-security-fundamentals-part-2/

Recon365:从连接到AzureAD或Office 365的电子邮件地址收集信息

https://github.com/netsecurity-as/recon365

其他

3CX Desktop App供应链攻击跟踪与防护

https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/

https://www.elastic.co/cn/security-labs/elastic-users-protected-from-suddenicon-supply-chain-attack

Red Canary 2023威胁检测报告

https://resource.redcanary.com/rs/003-YRU-314/images/2023_ThreatDetectionReport_RedCanary.pdf

Threatmon社交媒体数据泄漏报告

https://threatmon.io/report-on-data-leaks-reported-in-social-media/

ChatGPT-大型语言模型对执法的影响

https://www.europol.europa.eu/publications-events/publications/chatgpt-impact-of-large-language-models-law-enforcement

M01N Team公众号

聚焦高级攻防对抗热点技术

绿盟科技蓝军技术研究战队

官方攻防交流群

网络安全一手资讯

攻防技术答疑解惑

扫码加好友即可拉群

往期推荐

每周蓝军技术推送(2023.3.18-3.24)

每周蓝军技术推送(2023.3.11-3.17)

每周蓝军技术推送(2023.3.4-3.10)


文章来源: http://mp.weixin.qq.com/s?__biz=MzkyMTI0NjA3OA==&mid=2247491146&idx=1&sn=88b21c805b77eaf8fcf82a2c407a7575&chksm=c187de5bf6f0574db730a0a2b44cb6b9ce1e04970025fff3cbb0f5c46fdbddbdc065dec33b0f#rd
如有侵权请联系:admin#unsafe.sh