每周蓝军技术推送(2023.4.29-5.5)
2023-5-5 18:1:28 Author: M01N Team(查看原文) 阅读量:21 收藏

Web安全

CVE-2023-29489:cPanel XSS 漏洞

https://blog.assetnote.io/2023/04/26/xss-million-websites-cpanel/

利用预身份验证漏洞在Oracle Opera中实现RCE

https://blog.assetnote.io/2023/04/30/rce-oracle-opera/

内网渗透

ETWHash:从ETW提供程序中提取NetNTLMv1/v2哈希

https://github.com/nettitude/ETWHash

https://labs.nettitude.com/blog/etwhash-he-who-listens-shall-receive/

hashmuncher:使用具有管理权限的ETW获取NetNTLMv2哈希

https://github.com/lkarlslund/hashmuncher

类似Psexec的横向移动程序检测

https://bherunda.medium.com/procedural-detections-to-uncover-psexec-style-lateral-movement-5e83932eeb7e

终端对抗

StackMask:使用堆栈加密掩盖植入的Shellcode

https://whiteknightlabs.com/2023/05/02/masking-the-implant-with-stack-encryption/

https://github.com/WKL-Sec/StackMask

StackCrypt:创建能挂起每个线程并加密堆栈进入睡眠状态,恢复线程时解密堆栈

https://github.com/TheD1rkMtr/StackCrypt/

sc2pe:使用AsmResolver将Shellcode转换为PE的dotnet Native AOT程序

https://github.com/Dump-GUY/sc2pe

BlockOpenHandle:只允许SYSTEM权限打开进程句柄,规避远程内存扫描器

https://github.com/TheD1rkMtr/BlockOpenHandle

解除恶意DLL与PEB的链接隐藏注入的DLL

https://blog.christophetd.fr/dll-unlinking/

通过DLL代理武器化DLL劫持

https://medium.com/@lsecqt/weaponizing-dll-hijacking-via-dll-proxying-3983a8249de0

漏洞相关

CVE-2023-27524:Apache Superset中不安全的默认配置导致远程代码执行

https://www.horizon3.ai/cve-2023-27524-insecure-default-configuration-in-apache-superset-leads-to-remote-code-execution/

CVE-2023-28231:dhcp服务远程代码执行漏洞分析

https://www.zerodayinitiative.com/blog/2023/5/1/cve-2023-28231-rce-in-the-microsoft-windows-dhcpv6-service

CVE-2023-21707:Microsoft Exchange Powershell远程反序列化导致RCE

https://starlabs.sg/blog/2023/04-microsoft-exchange-powershell-remoting-deserialization-leading-to-rce-cve-2023-21707/

CVE-2022-46718:利用IOS逻辑漏洞实现未经授权获取用户敏感信息

https://securityonline.info/cve-2022-46718-ios-vulnerability-exposes-sensitive-location-data/

https://github.com/biscuitehh/cve-2022-46718-leaky-location

CVE-2023-23525:通过虚假安装程序获取MacOS Root权限 

https://jhftss.github.io/CVE-2023-23525-Get-Root-via-A-Fake-Installer/

云安全

通过GitHub Actions窃取GitHub员工的访问令牌

https://blog.ryotak.net/post/github-actions-staff-access-token-en/

GCP已开始使用生成式AI提升安全能力

https://cloud.google.com/blog/products/identity-security/rsa-google-cloud-security-ai-workbench-generative-ai

Azure威胁研究矩阵

https://microsoft.github.io/Azure-Threat-Research-Matrix/

其他

Dual LLM模式,用于构建可抵抗快速注入的AI助手

https://simonwillison.net/2023/Apr/25/dual-llm-pattern/

bitlocker-attacks:对BitLocker的公开攻击列表

https://github.com/Wack0/bitlocker-attacks

AIMOD2:一种结构化的威胁搜寻方法,可主动识别、参与和防止网络威胁

https://github.com/darkquasar/AIMOD2

MacOSThreatTrack:检测MacOS系统恶意活动的Bash工具

https://github.com/ab2pentest/MacOSThreatTrack

微软切换至新的威胁实施者命名分类方式

https://www.microsoft.com/en-us/security/blog/2023/04/18/microsoft-shifts-to-a-new-threat-actor-naming-taxonomy/

Meta 2023年第一季度对抗性威胁报告

https://about.fb.com/news/2023/05/metas-adversarial-threat-report-first-quarter-2023/

M01N Team公众号

聚焦高级攻防对抗热点技术

绿盟科技蓝军技术研究战队

官方攻防交流群

网络安全一手资讯

攻防技术答疑解惑

扫码加好友即可拉群

往期推荐

每周蓝军技术推送(2023.4.22-4.28)

每周蓝军技术推送(2023.4.15-4.21)

每周蓝军技术推送(2023.4.8-4.14)


文章来源: http://mp.weixin.qq.com/s?__biz=MzkyMTI0NjA3OA==&mid=2247491334&idx=1&sn=57332f67414b2ca92757dab36bc1faaa&chksm=c187df17f6f05601eefe7c9a7a8040909524461a4bebb5f339afb27adc886b97cd6c4e2b914d#rd
如有侵权请联系:admin#unsafe.sh