Web安全
在当代JS引擎中挖掘和利用条件竞争漏洞
https://github.com/singularseclab/Slides/blob/main/2023/find_and_exploit_race_condition_bugs_in_modern_JS_engines-zer0con2023.pdf
内网渗透
利用AD CS中的ESC5从域管理员到域森林企业管理员
https://posts.specterops.io/from-da-to-ea-with-esc5-f9f045aa105c
终端对抗
HyperDeceit:模拟Hyper-V并拦截Windows内核执行的调用库
https://github.com/Xyrem/HyperDeceit
寻找杀软卸载程序中的可利用LOLBins
https://nasbench.medium.com/lolbined-finding-lolbins-in-av-uninstallers-bf29427d3cd8
CompMgmtLauncher_DLL_UACBypass:利用DLL搜索顺序劫持Onedrive绕过UAC和利用Sharepoint权限维持
https://github.com/hackerhouse-opensource/CompMgmtLauncher_DLL_UACBypass
LooneysMeteorologist:ChatGPT生成的HTTP/S Beacon Implant的第一次迭代
https://github.com/fullspectrumdev/LooneysMeteorologist
https://www.fullspectrum.dev/chatgpt-assisted-implant-dev-part-1/
PeExports:多线程PE导出表收集工具,在逆向工程时帮助API散列
https://github.com/c3rb3ru5d3d53c/peexports
使用socket注入来实现WSUS客户端的远程命令执行
https://www.immunit.ch/blog/2023/05/11/wsus-rce-inject/
漏洞相关
CVE-2023-27951、CVE-2023-27943:在Mac Monitor的帮助下查找和报告Gatekeeper绕过漏洞
https://redcanary.com/blog/gatekeeper-bypass-vulnerabilities/
CVE-2023-26818:通过Telegram绕过MacOS TCC保护
https://danrevah.github.io/2023/05/15/CVE-2023-26818-Bypass-TCC-with-Telegram/
CVE-2023-2156:Linux IPv6 "Route of Death" 0day分析
https://www.interruptlabs.co.uk/articles/linux-ipv6-route-of-death
通过CS:GO的4个逻辑错误组成的错误链在客户端实现RCE
https://neodyme.io/blog/csgo_from_zero_to_0day/
CVE-2023-27363:福昕PDF Reader exportXFAData远程代码执行漏洞
https://github.com/j00sean/SecBugs/tree/main/CVEs/CVE-2023-27363
buzzer:eBPF模糊测试框架,通过随机生成eBPF程序验证逻辑错误
https://security.googleblog.com/2023/05/introducing-new-way-to-buzz-for-ebpf.html
https://github.com/google/buzzer
CVE-2023-20869/20870:Pwn2Own 2023中使用的VMware Workstation虚拟机逃逸漏洞链
https://www.zerodayinitiative.com/blog/2023/5/17/cve-2023-2086920870-exploiting-vmware-workstation-at-pwn2own-vancouver
From Zero to Hero:从零开始的Pwn2Own夺冠之路
https://conf.devco.re/2023/keynote/2023-Orange&Angelboy-From-Zero-to-Hero-A-Journey-to-the-Championship-of-Pwn2Own.pdf
云安全
2023年云安全风险Top 5
https://orca.security/resources/blog/the-top-5-cloud-security-risks-of-2023/
基于CloudFlare Tunnel实现对AWS ECS上私有Web应用的零信任访问
https://blog.marcolancini.it/2023/blog-cloudflare-tunnel-zero-trust-ecs/
其他
AI攻击面图v1.0
https://danielmiessler.com/blog/the-ai-attack-surface-map-v1-0/
使用JARM指纹和HTTP响应寻找恶意基础设施
https://michaelkoczwara.medium.com/hunting-malicious-infrastructure-using-jarm-and-http-response-bb4a039d4119
无源码动态调试DOTNET的几种方式
https://pulsesecurity.co.nz/articles/dotnet-dynamic-analysis
M01N Team公众号
聚焦高级攻防对抗热点技术
绿盟科技蓝军技术研究战队
官方攻防交流群
网络安全一手资讯
攻防技术答疑解惑
扫码加好友即可拉群
往期推荐