每周蓝军技术推送(2023.9.9-9.15)
2023-9-15 15:29:51 Author: mp.weixin.qq.com(查看原文) 阅读量:3 收藏

Web安全

protoburp:Burp Suite扩展实现自定义Protobuf消息的编解码以及模糊测试

https://github.com/doyensec/protoburp

Session-Hijacking-Visual-Exploitation:通过注入恶意JavaScript代码劫持用户会话的工具

https://github.com/doyensec/Session-Hijacking-Visual-Exploitation/

Web条件竞争攻击的深入研究

https://portswigger.net/research/smashing-the-state-machine

内网渗透

目前Windows内置SMB服务器SMB协议版本选择

https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-dialect-management-now-supported-in-windows-insider/ba-p/3916368

目前Windows内置阻止SMB进行NTLM认证的策略

https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-ntlm-blocking-now-supported-in-windows-insider/ba-p/3916206

从普通域用户到Azure AD全局管理员

https://www.shaunography.com/from-domain-user-to-domain-admin-da-from-da-to-global-admin-ga.html

GPODDITY:通过NTLM中继手段等利用GPO

https://github.com/synacktiv/GPOddity

https://www.synacktiv.com/publications/gpoddity-exploiting-active-directory-gpos-through-ntlm-relaying-and-more

从NTAuthCertificates到白银证书

https://decoder.cloud/2023/09/05/from-ntauthcertificates-to-silver-certificate/

终端对抗

使用SSPI Datagram上下文绕过UAC

https://splintercod3.blogspot.com/p/bypassing-uac-with-sspi-datagram.html?m=1

apppoolcreddecrypt:不使用appcmd.exe解密IIS App Pool凭据

https://github.com/xpn/RandomTSScripts/tree/master/apppoolcreddecrypt

POSTDump:ReactOS minidump函数(如 nanodump)的 C#实现,避免调用MiniDumpWriteDump API规避检测

https://github.com/YOLOP0wn/POSTDump

SharpShellPipe:通过命名管道与SMB协议与远程Shell交互的轻量级C# demo

https://github.com/DarkCoderSc/SharpShellPipe

ETWListicle:从进程中Dump ETW提供程序

https://github.com/whokilleddb/ETWListicle

滥用echo_driver.sys驱动实现内核任意地址读写

https://github.com/YOLOP0wn/EchoDrv

调试Windows隔离用户模式(IUM)进程

https://blog.quarkslab.com/debugging-windows-isolated-user-mode-ium-processes.html

漏洞相关

CVE-2023-35359:Windows文件历史服务本地提权漏洞分析与PoC

https://ssd-disclosure.com/ssd-advisory-file-history-service-fhsvc-dll-elevation-of-privilege/

CVE-2023-38146:Windows主题远程代码执行漏洞PoC

https://github.com/gabe-k/themebleed

Windows系统驱动器在模拟期间被链接替换可导致权限提升漏洞

https://bugs.chromium.org/p/project-zero/issues/detail?id=2451

CVE-2023-35001:Ubuntu内核提权漏洞分析

https://www.synacktiv.com/en/publications/old-bug-shallow-bug-exploiting-ubuntu-at-pwn2own-vancouver-2023

云安全

容器逃逸的7种方式

https://www.panoptica.app/research/7-ways-to-escape-a-container

Microsoft云存储安全威胁矩阵

https://www.microsoft.com/en-us/security/blog/2023/09/07/cloud-storage-security-whats-new-in-the-threat-matrix/

其他

规避基于网页签名的钓鱼检测

https://www.r-tec.net/r-tec-blog-evade-signature-based-phishing-detections.html

mellon:针对工控协议OSDP的攻击工具

https://github.com/BishopFox/mellon

M01N Team公众号

聚焦高级攻防对抗热点技术

绿盟科技蓝军技术研究战队

官方攻防交流群

网络安全一手资讯

攻防技术答疑解惑

扫码加好友即可拉群

往期推荐

每周蓝军技术推送(2023.9.2-9.8)

每周蓝军技术推送(2023.8.26-9.1)

每周蓝军技术推送(2023.8.19-8.25)


文章来源: https://mp.weixin.qq.com/s?__biz=MzkyMTI0NjA3OA==&mid=2247492302&idx=1&sn=4e0d0569abe6bc601d537040a63b1737&chksm=c18422dff6f3abc9895383f44c4ce91cb97dd094e3f4f3f9540518b6825200072c96c06a0823&scene=58&subscene=0#rd
如有侵权请联系:admin#unsafe.sh