每周蓝军技术推送(2024.1.6-1.12)
2024-1-12 17:34:56 Author: mp.weixin.qq.com(查看原文) 阅读量:20 收藏

Web安全

GAP-Burp-Extension:Burp扩展工具,识别请求响应参数、潜在链接、提取包含特定单词的响应等

https://github.com/xnl-h4ck3r/GAP-Burp-Extension

gogo:红队自动化漏洞扫描引擎

https://github.com/chainreactors/gogo

内网渗透

利用内部代理实现横向移动和防火墙规避

https://practicalsecurityanalytics.com/how-to-leverage-internal-proxies-for-lateral-movement-firewall-evasion-and-trust-exploitation/

终端对抗

Linux睡眠混淆技术

https://github.com/kyleavery/pendulum

Cobalt Strke C#有效负载生成器

https://github.com/Workingdaturah/Payload-Generator

漏洞相关

利用CVE-2023-29357 & CVE-2023-24955实现SharePoint未授权RCE

https://github.com/DebugPrivilege/InsightEngineering/blob/main/Debugging%20Case%20Studies/Debug%20Case%20Study%3A%20SharePoint%20Pre-Auth%20Code%20Injection%20RCE%20chain%20CVE-2023-29357%20%26%20CVE-2023-24955/README.md

CVE-2023-46805、CVE-2024-21887:ICS VPN中的身份验证与命令注入漏洞

https://www.volexity.com/blog/2024/01/10/active-exploitation-of-two-zero-day-vulnerabilities-in-ivanti-connect-secure-vpn/

CVE-2024-21633:MobSF中的路径穿越漏洞

https://github.com/0x33c0unt/CVE-2024-21633

CVE-2024-20287:Cisco Access Point中的后台RCE漏洞

https://www.synacktiv.com/advisories/remote-code-execution-on-cisco-access-point-wap371-firmware-1307

云安全

Swarm:云主机攻击面管理工具

https://github.com/swarmsecurity/swarm

在Azure容器注册表中自动提取托管身份令牌

https://www.netspi.com/blog/technical/cloud-penetration-testing/automating-managed-identity-token-extraction-in-azure-container-registries/

利用GKE中的监控和服务网格配置和权限来获取Kubernetes中未经授权的访问

https://unit42.paloaltonetworks.com/google-kubernetes-engine-privilege-escalation-fluentbit-anthos/

利用Azure FrontDoor CDN保护C2基础设施

https://medium.com/r3d-buck3t/red-teaming-in-cloud-leverage-azure-frontdoor-cdn-for-c2-redirectors-79dd9ca98178

社工钓鱼

CanaryTokenScanner:扫描Office文档、Zip文件中的可疑URL

https://github.com/0xNslabs/CanaryTokenScanner

利用良性的号召性用语CTA URL绕过安全检查

https://www.trellix.com/about/newsroom/stories/research/saints-turned-evil/

其他

llamafile:支持将大语言模型权重转换为可执行文件

https://github.com/Mozilla-Ocho/llamafile

https://hacks.mozilla.org/2023/11/introducing-llamafile/

Portkey's AI Gateway:对OpenAI、Anthropic、LLama2等的统一API接口

https://github.com/Portkey-AI/gateway

Aqua Nautilus安全研究团队预测2024年网络安全趋势:人工智能、云和威胁情报

https://blog.aquasec.com/2024-cybersecurity-trends-ai-cloud-and-threat-intelligence

McAfee对2024年网络安全趋势的6大预测

https://www.mcafee.com/blogs/internet-security/6-cybersecurity-predictions-for-2024-staying-ahead-of-the-latest-hacks-and-attacks/

YARA Toolkit:在线Yara规则编写与验证

https://yaratoolkit.securitybreak.io/

M01N Team公众号

聚焦高级攻防对抗热点技术

绿盟科技蓝军技术研究战队

官方攻防交流群

网络安全一手资讯

攻防技术答疑解惑

扫码加好友即可拉群

往期推荐

每周蓝军技术推送(2023.12.30-2024.1.5)

每周蓝军技术推送(2023.12.23-12.29)

每周蓝军技术推送(2023.12.16-12.22)


文章来源: https://mp.weixin.qq.com/s?__biz=MzkyMTI0NjA3OA==&mid=2247493274&idx=1&sn=98910a392ad35ecbe6647988ad561811&chksm=c184268bf6f3af9daf290042ab21aa5a4c49e00ef17919610e61c73bc77aca4a87902b0e42b7&scene=58&subscene=0#rd
如有侵权请联系:admin#unsafe.sh