每周蓝军技术推送(2023.7.29-8.4)
2023-8-4 16:46:7 Author: mp.weixin.qq.com(查看原文) 阅读量:6 收藏

内网渗透

secretsdump.py:多线程版的Impacket Secretsdump.py凭据获取方式

https://github.com/fin3ss3g0d/secretsdump.py

基于证书TGT请求的异常检测

https://securelist.com/anomaly-detection-in-certificate-based-tgt-requests/110242/

终端对抗

DarkWidow:集成各类规避技术的Dropper/后渗透工具

https://github.com/reveng007/DarkWidow

高级模块Stomping和堆栈加密

https://labs.cognisys.group/posts/Advanced-Module-Stomping-and-Heap-Stack-Encryption/

针对Windows恶意软件持久化技术的动态检测和分类

http://essay.utwente.nl/94945/1/van%20Nielen_MA_EEMCS.pdf

了解你的敌人:通过对抗性指纹对攻击者进行分类

https://adversarial-designs.shop/blogs/blog/know-thy-enemy-classifying-attackers-with-adversarial-fingerprinting

loldriverscan:使用loldrivers.io扫描Windows上易受攻击的驱动程序

https://github.com/FourCoreLabs/loldriverscan

漏洞相关

利用Apple Safari中的整数溢出

https://blog.exodusintel.com/2023/07/20/shifting-boundaries-exploiting-an-integer-overflow-in-apple-safari/

CVE-2023-2640和CVE-2023-32629:Ubuntu Linux的本地提权漏洞

https://www.wiz.io/blog/ubuntu-overlayfs-vulnerability

CVE-2023-21554:MSMQ QueueJumper RCE漏洞分析

https://securityintelligence.com/posts/msmq-queuejumper-rce-vulnerability-technical-analysis/

CVE-2023-35078:Ivanti Endpoint Manager Mobile (EPMM)未经身份验证的API访问漏洞PoC

https://github.com/vchan-in/CVE-2023-35078-Exploit-POC

CVE-2023-21822:Windows Win32k权限提升漏洞分析

https://www.zerodayinitiative.com/blog/2023/8/1/exploiting-a-flaw-in-bitmap-handling-in-windows-user-mode-printer-drivers

绕过Windows HVCI虚拟化安全机制执行代码

https://datafarm-cybersecurity.medium.com/code-execution-against-windows-hvci-f617570e9df0

云安全

AZURE AD CONNECT凭据窃取新技术

https://blog.sygnia.co/guarding-the-bridge-new-attack-vectors-in-azure-ad-connect

滥用KUBERNETES的AMAZON VPC CNI插件

https://www.elttam.com/blog/amazon-vpc-cni/#content

使用纯数据漏洞逃逸Google kCTF容器

https://h0mbre.github.io/kCTF_Data_Only_Exploit/#

其他

新型DDoS攻击?基于QUIC协议的DDoS反射放大攻击研究

https://www.anquanke.com/post/id/289906

对一致语言模型的通用且可转移的对抗性攻击

https://llm-attacks.org/

VirusTotal 恶意软件趋势报告:新兴载荷类型和投递技术

https://blog.virustotal.com/2023/07/virustotal-malware-trends-report.html

深入了解内置macOS应用程序安全性

https://www.picussecurity.com/resource/blog/securing-macos-a-closer-look-at-built-in-macos-application-security

M01N Team公众号

聚焦高级攻防对抗热点技术

绿盟科技蓝军技术研究战队

官方攻防交流群

网络安全一手资讯

攻防技术答疑解惑

扫码加好友即可拉群

往期推荐

每周蓝军技术推送(2023.7.22-7.28)

每周蓝军技术推送(2023.7.15-7.21)

每周蓝军技术推送(2023.7.8-7.14)


文章来源: https://mp.weixin.qq.com/s?__biz=MzkyMTI0NjA3OA==&mid=2247492010&idx=1&sn=3c0c2221f094c7622fe85343df3e3a8d&chksm=c18421bbf6f3a8ad45bd0febc9bfc92d4bedaba116e5c7f18e50b00fa23a530b881ac7277869&scene=58&subscene=0#rd
如有侵权请联系:admin#unsafe.sh