每周蓝军技术推送(2023.4.21-4.28)
2023-4-28 18:1:41 Author: M01N Team(查看原文) 阅读量:20 收藏

内网渗透

通过Cloudflare连接到任何TCP服务的隧道

https://iq.thc.org/tunnel-via-cloudflare-to-any-tcp-service

终端对抗

Discord-DLL-Hijacking:通过Excel宏实现Discord自动化DLL劫持

https://github.com/MitchHS/Discord-DLL-Hijacking

Office宏安全性、常用安全配置及绕过方法

https://outflank.nl/blog/2023/04/25/so-you-think-you-can-block-macros/

Trawler:帮助事件响应者发现对手持久性机制的PowerShell脚本

https://github.com/joeavanzato/Trawler

Hunt-Weird-Syscalls:基于ETW识别直接和间接系统调用

https://github.com/thefLink/Hunt-Weird-Syscalls

漏洞相关

CVE-2023-23410:HTTP协议本地提权漏洞分析

https://www.freebuf.com/vuls/364920.html

CVE-2023-21987、CVE-2023-21991:VirtualBox VM漏洞分析

https://qriousec.github.io/post/vbox-pwn2own-2023/

CVE-2023-1585 、CVE-2023-1587:Avast中的特权提升漏洞

https://the-deniss.github.io/posts/2023/04/26/avast-privileged-arbitrary-file-create-on-quarantine.html

云安全

GhostToken:利用GCP应用基础设施在谷歌账户上创建隐形且不可移除的恶意应用

https://astrix.security/ghosttoken-exploiting-gcp-application-infrastructure-to-create-invisible-unremovable-trojan-app-on-google-accounts/

其他

PentestGPT:ChatGPT赋能的自动化渗透测试工具

https://github.com/GreyDGL/PentestGPT

利用ChatGPT搭建蜜罐

https://cyberdeception.substack.com/p/building-a-honeypot-with-chatgpt

人工智能驱动的低误报率安全运营架构

https://towardsdatascience.com/architecture-of-ai-driven-security-operations-with-a-low-false-positive-rate-a33dbbad55b4

使用机器学习对加壳的恶意软件进行分类

https://www.accidentalrebel.com/classifying-malware-packers-using-machine-learning.html

iOS:使用LLDB绕过越狱检测

https://blog.snoopbees.com/ios-bypass-jailbreak-detection-with-lldb-242b65c1ab94

Mergen:MacOS审计和安全检查工具

https://github.com/sametsazak/mergen

RSA 2023:解决网络风险量化问题仍然是安全领导者的关键

https://www.picussecurity.com/resource/blog/rsa-2023-addressing-cyber-risk-quantification-remains-key-for-security-leaders

Botconf 2023视频

https://www.youtube.com/playlist?list=PL8fFmUArVzKhanPzq5HlGAUHhzRB3qDLE

adversary_emulation_library:开源对手模拟计划库,旨在使组织能够根据真实的TTP测试防御能力

https://github.com/center-for-threat-informed-defense/adversary_emulation_library

Outlook添加Authenticator Lite扩展以提高身份认证安全强度

https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/public-preview-authenticator-lite-in-outlook/ba-p/3773139

M01N Team公众号

聚焦高级攻防对抗热点技术

绿盟科技蓝军技术研究战队

官方攻防交流群

网络安全一手资讯

攻防技术答疑解惑

扫码加好友即可拉群

往期推荐

每周蓝军技术推送(2023.4.15-4.21)

每周蓝军技术推送(2023.4.8-4.14)

每周蓝军技术推送(2023.4.1-4.7)


文章来源: http://mp.weixin.qq.com/s?__biz=MzkyMTI0NjA3OA==&mid=2247491322&idx=1&sn=ad77ca789a41929f7be4ce375fe3652b&chksm=c187deebf6f057fd9bb072d40ac96166cd1b22107ab18150e1d81315643d46c4ce4e33114047#rd
如有侵权请联系:admin#unsafe.sh