每周蓝军技术推送(2023.5.6-5.12)
2023-5-12 18:1:25 Author: M01N Team(查看原文) 阅读量:11 收藏

内网渗透

sccmhunter:查询LDAP以获取潜在的SCCM相关资产

https://github.com/garrettfoster13/sccmhunter

GetLAPSPassword:使用impacket库编写的LAPS转储脚本

https://github.com/dru1d-foofus/GetLAPSPassword/

终端对抗

delivr.to社工钓鱼评估平台有效载荷Top 10排名:突出重点和趋势技术

https://blog.delivr.to/delivr-tos-top-10-payloads-highlighting-notable-and-trending-techniques-fb5e9fdd9356

exec2shel:将PE、ELF或Mach-O可执行文件的TEXT部分提取到shellcode

https://github.com/Binject/exec2shell

RunAsPasswd:支持参数指定密码的RunAS.exe工具,适用非交互式shell

https://github.com/Sq00ky/RunAsPasswd

Freeze.rs:基于Rust的EDR绕过载荷工具箱

https://github.com/optiv/Freeze.rs

Dump Windows NTFS扩展属性

https://github.com/daem0nc0re/TangledWinExec/tree/main/Misc/EaDumper

CustomEntryPoint:修改DLL中的任何导出函数作为新入口点

https://github.com/Kudaes/CustomEntryPoint

借助XFG签名识别辅助逆向分析,识别目标函数

https://m417z.com/Leveraging-XFG-to-help-with-reverse-engineering/

漏洞相关

CVE-2022-37985:Windows图形组件信息泄露漏洞

https://www.trellix.com/en-us/about/newsroom/stories/research/the-art-of-information-disclosure.html

CVE-2023-29324:CVE-2023-23397的补丁导致的MSHTML平台安全功能绕过漏洞

https://www.akamai.com/blog/security-research/important-outlook-vulnerability-bypass-windows-api

CVE-2023-25394:macOS VideoStream本地提权漏洞

https://danrevah.github.io/2023/05/03/CVE-2023-25394-VideoStream-LPE/

CVE-2023-0386:Linux OverlayFS子系统中的提权漏洞

https://github.com/xkaneiki/CVE-2023-0386

Cisco AnyConnect 4.x和5.x中存在恶意DLL加载漏洞

https://medium.com/@urshilaravindran/dll-side-loading-vulnerability-in-cisco-anyconnect-4-x-and-5-x-de81b1395102

云安全

 Azure API管理服务漏洞

https://ermetic.com/blog/azure/when-good-apis-go-bad-uncovering-3-azure-api-management-vulnerabilities/

其他

ESET APT活动报告 2022Q4–2023Q1

https://www.welivesecurity.com/wp-content/uploads/2023/05/eset_apt_activity_report_q42022_q12023.pdf

snapchange:使用KVM对内存快照进行轻量级模糊测试

https://github.com/awslabs/snapchange

stealthscraper:社交媒体抓取工具,通过使用GUI自动化模拟用户逃避检测

https://github.com/TheKevinWang/stealthscraper

利用maskcat和rulecat创建Hash破解规则

https://jakewnuk.com/posts/brewing-hash-cracking-resources-w-the-twin-cats/

M01N Team公众号

聚焦高级攻防对抗热点技术

绿盟科技蓝军技术研究战队

官方攻防交流群

网络安全一手资讯

攻防技术答疑解惑

扫码加好友即可拉群

往期推荐

每周蓝军技术推送(2023.4.29-5.5)

每周蓝军技术推送(2023.4.22-4.28)

每周蓝军技术推送(2023.4.15-4.21)


文章来源: http://mp.weixin.qq.com/s?__biz=MzkyMTI0NjA3OA==&mid=2247491376&idx=1&sn=1ddf2a4d0faaf489777c7d22c68f18a6&chksm=c187df21f6f05637e029c0b1c0c0ecb4c55a1bf502b77cf42343dc837103f32b2554f830ebd5#rd
如有侵权请联系:admin#unsafe.sh