每周蓝军技术推送(2023.5.13-5.19)
2023-5-19 18:1:33 Author: M01N Team(查看原文) 阅读量:24 收藏

Web安全

在当代JS引擎中挖掘和利用条件竞争漏洞

https://github.com/singularseclab/Slides/blob/main/2023/find_and_exploit_race_condition_bugs_in_modern_JS_engines-zer0con2023.pdf

内网渗透

利用AD CS中的ESC5从域管理员到域森林企业管理员

https://posts.specterops.io/from-da-to-ea-with-esc5-f9f045aa105c

终端对抗

HyperDeceit:模拟Hyper-V并拦截Windows内核执行的调用库

https://github.com/Xyrem/HyperDeceit

寻找杀软卸载程序中的可利用LOLBins

https://nasbench.medium.com/lolbined-finding-lolbins-in-av-uninstallers-bf29427d3cd8

CompMgmtLauncher_DLL_UACBypass:利用DLL搜索顺序劫持Onedrive绕过UAC和利用Sharepoint权限维持

https://github.com/hackerhouse-opensource/CompMgmtLauncher_DLL_UACBypass

LooneysMeteorologist:ChatGPT生成的HTTP/S Beacon Implant的第一次迭代

https://github.com/fullspectrumdev/LooneysMeteorologist

https://www.fullspectrum.dev/chatgpt-assisted-implant-dev-part-1/

PeExports:多线程PE导出表收集工具,在逆向工程时帮助API散列

https://github.com/c3rb3ru5d3d53c/peexports

使用socket注入来实现WSUS客户端的远程命令执行

https://www.immunit.ch/blog/2023/05/11/wsus-rce-inject/

漏洞相关

CVE-2023-27951、CVE-2023-27943:在Mac Monitor的帮助下查找和报告Gatekeeper绕过漏洞

https://redcanary.com/blog/gatekeeper-bypass-vulnerabilities/

CVE-2023-26818:通过Telegram绕过MacOS TCC保护

https://danrevah.github.io/2023/05/15/CVE-2023-26818-Bypass-TCC-with-Telegram/

CVE-2023-2156:Linux IPv6 "Route of Death" 0day分析

https://www.interruptlabs.co.uk/articles/linux-ipv6-route-of-death

通过CS:GO的4个逻辑错误组成的错误链在客户端实现RCE

https://neodyme.io/blog/csgo_from_zero_to_0day/

CVE-2023-27363:福昕PDF Reader exportXFAData远程代码执行漏洞

https://github.com/j00sean/SecBugs/tree/main/CVEs/CVE-2023-27363

buzzer:eBPF模糊测试框架,通过随机生成eBPF程序验证逻辑错误

https://security.googleblog.com/2023/05/introducing-new-way-to-buzz-for-ebpf.html

https://github.com/google/buzzer

CVE-2023-20869/20870:Pwn2Own 2023中使用的VMware Workstation虚拟机逃逸漏洞链

https://www.zerodayinitiative.com/blog/2023/5/17/cve-2023-2086920870-exploiting-vmware-workstation-at-pwn2own-vancouver

From Zero to Hero:从零开始的Pwn2Own夺冠之路

https://conf.devco.re/2023/keynote/2023-Orange&Angelboy-From-Zero-to-Hero-A-Journey-to-the-Championship-of-Pwn2Own.pdf

云安全

2023年云安全风险Top 5

https://orca.security/resources/blog/the-top-5-cloud-security-risks-of-2023/

基于CloudFlare Tunnel实现对AWS ECS上私有Web应用的零信任访问

https://blog.marcolancini.it/2023/blog-cloudflare-tunnel-zero-trust-ecs/

其他

AI攻击面图v1.0

https://danielmiessler.com/blog/the-ai-attack-surface-map-v1-0/

使用JARM指纹和HTTP响应寻找恶意基础设施

https://michaelkoczwara.medium.com/hunting-malicious-infrastructure-using-jarm-and-http-response-bb4a039d4119

无源码动态调试DOTNET的几种方式

https://pulsesecurity.co.nz/articles/dotnet-dynamic-analysis

M01N Team公众号

聚焦高级攻防对抗热点技术

绿盟科技蓝军技术研究战队

官方攻防交流群

网络安全一手资讯

攻防技术答疑解惑

扫码加好友即可拉群

往期推荐

每周蓝军技术推送(2023.5.6-5.12)

每周蓝军技术推送(2023.4.29-5.5)

每周蓝军技术推送(2023.4.22-4.28)


文章来源: http://mp.weixin.qq.com/s?__biz=MzkyMTI0NjA3OA==&mid=2247491394&idx=1&sn=0a99e672a5267d8ee14cba1d9bfd78ec&chksm=c187df53f6f05645b227a24591623cba7f2185263d0eb066bb2a467f49fd8ff22417f8fae0c2#rd
如有侵权请联系:admin#unsafe.sh