WEB安全
CVE-2024-23897:从Jenkins上的有限文件读取到完全访问权限
https://xphantom.nl/posts/crypto-attack-jenkins/
内网渗透
SCCMSecrets:利用SCCM进行凭据获取、初始访问与横向移动
https://github.com/synacktiv/SCCMSecrets
https://www.synacktiv.com/publications/sccmsecretspy-exploiting-sccm-policies-distribution-for-credentials-harvesting-initial
udp-over-tcp:通过TCP协议代理UDP流量
https://github.com/jonhoo/udp-over-tcp
终端对抗
obj2shellcode:基于链接器的shellcode生成框架
https://github.com/jseclab/obj2shellcode
滥用MSC文件进行初始访问
https://www.outflank.nl/blog/2024/08/13/will-the-real-grimresource-please-stand-up-abusing-the-msc-file-format
借助微软Office侦测云沙箱信息,以及利用asd格式规避沙箱
https://bartblaze.blogspot.com/2024/08/microsoft-word-and-sandboxes.html
DeadPotato:借助DCOM处理OXID时的RPCSS缺陷获取SYSTEM权限
https://github.com/lypd0/DeadPotato
不同Windows进程权限的滥用方式汇总
https://redteamrecipe.com/windows-privileges-for-fun-and-profit
BYOVDLL:携带易受攻击的DLL文件突破PPL保护
https://blog.scrt.ch/2024/08/09/ghost-in-the-ppl-part-1-byovdll
滥用IObitUnlocker漏洞驱动以低权限操作任意文件
https://github.com/Aterror2be/CVE-2020-14974
滥用例外规则规避AV/EDR
https://medium.com/seercurity-spotlight/abusing-av-edr-exclusions-to-evade-detections-21fe31d7ed49
漏洞
CVE-2024-38063:Windows TCP/IP堆栈零点击RCE漏洞
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063
CVE-2024-38106:Windows内核本地权限提升漏洞
https://twitter.com/NikitaTarakanov/status/1823481987014791309
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38106
CVE-2024-36036、CVE-2024-26037:挖掘Windows RPC服务RCE漏洞
https://www.shelltrail.com/research/manageengine-adaudit-reverse-engineering-windows-rpc-to-find-cve-2024-36036-and-cve-2024-36037-part1/
https://www.shelltrail.com/research/manageengine-adaudit-reverse-engineering-windows-rpc-to-find-cve-2024-36036-and-cve-2024-36037-part2/
https://www.shelltrail.com/research/manageengine-adaudit-reverse-engineering-windows-rpc-to-find-cve-2024-36036-and-cve-2024-36037-part3/
CVE-2204-5830:Chrome浏览器沙箱渲染器RCE漏洞
https://github.blog/security/vulnerability-research/from-object-transition-to-rce-in-the-chrome-renderer/
CVE-2024-2887变体:Chrome WASM类型混淆漏洞技术分析
https://ssd-disclosure.com/ssd-advisory-google-chrome-rce/
CVE-2024-7593:Ivanti vTM虚拟流量管理系统身份验证绕过漏洞POC
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Virtual-Traffic-Manager-vTM-CVE-2024-7593
https://github.com/rapid7/metasploit-framework/pull/19386
Living off the VPN:针对VPN漏洞的后利用技术分析
https://www.akamai.com/blog/security-research/2024/aug/2024-august-vpn-post-exploitation-techniques-black-hat
云安全
ArtiPACKED:GitHub Actions Artifacts条件竞争攻击利用分析
https://unit42.paloaltonetworks.com/github-repo-artifacts-leak-tokens/
CVE-2024-38162、CVE-38098:Azure Connected Machine Agent权限提升漏洞
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38162
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38098
人工智能和安全
M365 Copilot 易受 RCE 攻击,攻击者可搜索和分析敏感数据
https://labs.zenity.io/p/rce
如何创建第一个对话式 AI 云安全分析师
https://sysdig.com/blog/how-we-created-the-first-conversational-ai-cloud-security-analyst/
LLM Agentic系统安全CTF挑战:窃取密码
https://invariantlabs.ai/ctf-challenge-24
社工钓鱼
绕过邮件发件人身份验证的18种攻击方式
https://www.usenix.org/system/files/sec20fall_chen-jianjun_prepub_0.pdf
https://i.blackhat.com/USA-20/Thursday/us-20-Chen-You-Have-No-Idea-Who-Sent-That-Email-18-Attacks-On-Email-Sender-Authentication.pdf
针对邮件地址的Unicode字符fuzz实现账户接管
https://medium.com/@pranshux0x/account-takeover-on-8-years-old-public-program-c0c0a30cfdd2
通过CSS结合水坑攻击与浏览器访问历史泄露
https://adepts.of0x.cc/css-history-leaks/
其他
DEFCON 2024相关材料下载
https://media.defcon.org/DEF%20CON%2032/
微软与Forta如何联合打击被滥用的破解CobaltStrike
https://thecyberwire.com/podcasts/microsoft-threat-intelligence/25/notes
NIST发布首批能对抗量子计算的加密标准
https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards
M01N Team公众号
聚焦高级攻防对抗热点技术
绿盟科技蓝军技术研究战队
官方攻防交流群
网络安全一手资讯
攻防技术答疑解惑
扫码加好友即可拉群
往期推荐
如有侵权请联系:admin#unsafe.sh