每周蓝军技术推送(2024.5.25-5.31)
2024-5-31 16:15:26 Author: mp.weixin.qq.com(查看原文) 阅读量:21 收藏

Web安全

BadDNS:子域接管检测及其他DNS安全性测试

https://blog.blacklanternsecurity.com/p/introducing-baddns

https://github.com/blacklanternsecurity/baddns

NGINX修复与HTTP/3有关的多个漏洞

https://securityonline.info/nginx-releases-security-updates-http-3-vulnerabilities-patched/

通过Suricata识别潜在Kerberos攻击流量

https://blog.exploit.org/caster-kerbhammer/

 内网渗透

微软Exchange攻击路径挖掘与防御建议

https://posts.specterops.io/pwned-by-the-mail-carrier-0750edfad43b

SharpPersistSD:滥用安全描述符实现对远程计算机持久化

https://github.com/cybersectroll/SharpPersistSD

介绍五种不常见的NTLM中继攻击技术

https://www.guidepointsecurity.com/blog/beyond-the-basics-exploring-uncommon-ntlm-relay-attack-techniques/

SCCM攻击利用技术

https://swisskyrepo.github.io/InternalAllTheThings/active-directory/deployment-sccm/

JS-Tap WEB应用攻击工具2.0添加C2控制功能

https://trustedsec.com/blog/js-tap-mark-ii-now-with-c2-shenanigans

nmap-did-what:轻量级Nmap可视化面板

https://github.com/hackertarget/nmap-did-what

终端对抗

no-defender:借助逆向的WSC API禁用微软Defender与防火墙

https://github.com/es3n1n/no-defender

滥用SeRelabelPrivilege用户权限获取SYSTEM权限

https://decoder.cloud/2024/05/30/abusing-the-serelabelprivilege/

利用NtSystemDebugControl系统调用在Window11中注入PPL进程

https://blog.slowerzs.net/posts/pplsystem/

滥用Windows fork API实现不分配RWX内存注入OneDrive进程

https://github.com/Offensive-Panda/RWX_MEMEORY_HUNT_AND_INJECTION_DV

对Mockingjay 进程自注入技术的改进,消除了对带有RWX的可信DLL的依赖

https://github.com/thiagopeixoto/mystique-self-injection

Elastic开源规则添加对多步骤/分割进程注入的新检测

https://twitter.com/SBousseaden/status/1796230041384210480

https://github.com/elastic/protections-artifacts/commit/294605e71fadcd4b050721a9295fc2ade6281281#diff-87b10b92ba9aa8e5a0502e764d4edc2c8a580b411b2c11ca586b9e599920cfd0R8

SWAPPALA:内存特征检测规避新方案,包含硬件断点、Ekko ROP与内核对象枚举

https://oldboy21.github.io/posts/2024/05/swappala-why-change-when-you-can-hide/

https://github.com/oldboy21/SWAPPALA

C2植入物的新设计思路方式探究

https://medium.com/@sapientflow/finding-pastures-new-an-alternate-approach-for-implant-design-644611c526ca

ETWInspector:ETW提供程序枚举与日志收集工具

https://github.com/jsecurity101/ETWInspector

Linux系统中利用bind mount特性隐藏进程

https://dfir.ch/posts/slash-proc/

在野攻击者利用Foxit PDF阅读器设计缺陷实施攻击

https://research.checkpoint.com/2024/foxit-pdf-flawed-design-exploitation/

漏洞相关

CVE-2024-2961:利用GLIBC ICONV攻击PHP引擎漏洞利用POC

https://www.ambionics.io/blog/iconv-cve-2024-2961-p1

CVE-2024-32002:Git RCE漏洞分析及武器化POC

https://amalmurali.me/posts/git-rce/

https://github.com/amalmurali47/git_rce

CVE-2024-27804:Apple iOS设备内核越狱漏洞POC

https://github.com/R00tkitSMM/CVE-2024-27804

https://www.idownloadblog.com/2024/05/14/cve-2024-27804-no-jailbreak/

CVE-2024-27842:Apple macOS UDF内存破坏漏洞POC

https://github.com/wangtielei/POCs/blob/main/CVE-2024-27842/poc.m

CVE-2024-24919:CheckPoint SSL VPN任意文件读取漏洞挖掘思路分析

https://labs.watchtowr.com/check-point-wrong-check-point-cve-2024-24919/

CVE-2024-27130:QNAP QTS NAS系统未授权堆栈溢出RCE漏洞分析

https://labs.watchtowr.com/qnap-qts-qnapping-at-the-wheel-cve-2024-27130-and-friends/

云安全

规避EntraID/M365的令牌保护

https://rootsecdev.medium.com/evading-token-protection-for-entraid-m365-2024-edition-b0827407b6f5

人工智能和安全

滥用微软Copilot+Recall自动化窃密演示截图

https://cyberplace.social/@GossiTheDog/112531054138802168

https://twitter.com/GossiTheDog/status/1796218726808748367

Replicate AI服务商具有恶意模型RCE漏洞,并存在跨租户横向攻击风险

https://www.wiz.io/blog/wiz-research-discovers-critical-vulnerability-in-replicate

社工钓鱼

如何提升网络钓鱼成功率

https://posts.specterops.io/phish-sticks-hate-the-smell-love-the-taste-f4db9de888f7

其他

Squeege:利用OCR从RDP截图中提取潜在用户名密码

https://github.com/OOAFA/squeegee

通过早期样本中的图片和特征追踪威胁行为者

https://blog.virustotal.com/2024/05/tracking-threat-actors-using-images-and.html

M01N Team公众号

聚焦高级攻防对抗热点技术

绿盟科技蓝军技术研究战队

官方攻防交流群

网络安全一手资讯

攻防技术答疑解惑

扫码加好友即可拉群

往期推荐

每周蓝军技术推送(2024.5.18-5.24)

每周蓝军技术推送(2024.5.11-5.17)

每周蓝军技术推送(2024.4.27-5.10)


文章来源: https://mp.weixin.qq.com/s?__biz=MzkyMTI0NjA3OA==&mid=2247493549&idx=1&sn=377c7a70d5b6c56cafcfd9018ff18f7f&chksm=c18427bcf6f3aeaaef740a364bede189c31cfe1577452130bc2aeb79d09f87a72af0eec910b1&scene=58&subscene=0#rd
如有侵权请联系:admin#unsafe.sh