每周蓝军技术推送(2024.9.21-9.27)
2024-9-27 16:10:34 Author: mp.weixin.qq.com(查看原文) 阅读量:7 收藏

内网渗透

remotechrome:借助atexec与CDP远程转储Chrome Cookies

https://github.com/zimnyaa/remotechrome

终端对抗

Windows平台ARM64/AArch64架构Shellcode编写

https://modexp.wordpress.com/2024/09/16/windows_arm64/

延迟导入表phantomDLL的机会探究

https://www.hexacorn.com/blog/2024/09/14/the-delayed-import-table-phantomdll-opportunities/

NyxInvoke:基于Rust的.NET程序集、Powershell命令与BOF加载器,集成AMSI/ETW修补

https://github.com/BlackSnufkin/NyxInvoke

BYOSI:借助自带PHP脚本解释器绕过EDR执行恶意代码

https://github.com/oldkingcone/BYOSI

PolyDrop:BYOSI快速载荷部署工具箱

https://github.com/MalwareSupportGroup/PolyDrop

PPLrevenant:借助BYODLL技术绕过LSA保护

https://github.com/itm4n/PPLrevenant

DLL代理攻击技术介绍

https://www.blackhillsinfosec.com/a-different-take-on-dll-hijacking/

借助恶意软件虚拟化规避终端检测

https://blog.fox-it.com/2024/09/25/red-teaming-in-the-age-of-edr-evasion-of-endpoint-detection-through-malware-virtualisation/

NamelessC2:基于Rust的轻量级C2

https://github.com/trickster0/NamelessC2

漏洞相关

UNIX CPUS远程代码执行系列高危漏洞技术细节披露分析

https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/

cupshax:UNIX CPUS远程代码执行系列高危漏洞POC利用工具

https://github.com/RickdeJager/cupshax

从sudo iptables到本地权限提升的旅程

https://www.shielder.com/blog/2024/09/a-journey-from-sudo-iptables-to-local-privilege-escalation/

利用 Realtek 驱动程序 RtsPer.sys 的 Windows 本地权限提升

https://github.com/SpiralBL0CK/CVE-2024-40431-CVE-2022-25479-EOP-CHAIN

CVE-2024-45488:Safeguard for Privileged Passwords 产品身份验证绕过漏洞披露分析

https://blog.amberwolf.com/blog/2024/september/skeleton-cookie-breaking-into-safeguard-with-cve-2024-45488/

云安全

滥用 Entra ID 管理单元实现粘性持久性

https://securitylabs.datadoghq.com/articles/abusing-entra-id-administrative-units/

MFASweep:用于检查多个Microsoft服务是否启用MFA的工具

https://github.com/dafthack/MFASweep

CloudShovel:扫描公开/私有Amazon机器镜像(AMIs)中的敏感信息

https://github.com/saw-your-packet/CloudShovel

人工智能和安全

CVE-2024-0132:AI基础设施安全风险,NVIDIA容器工具包容器逃逸漏洞

https://www.wiz.io/blog/wiz-research-critical-nvidia-ai-vulnerability

人工智能和数据保护:LLM合规性和风险缓解策略

https://normalyze.ai/blog/ai-and-data-protection-strategies-for-llm-compliance-and-risk-mitigation/

FAIR风险分析模型视角看人工智能风险和框架

https://www.elastic.co/cn/blog/fair-generative-ai-risks-frameworks

Broken Hill:用于针对大型语言模型的生产化贪婪梯度坐标攻击工具

https://bishopfox.com/blog/brokenhill-attack-tool-largelanguagemodels-llm

社工钓鱼

借助Google演示文档内嵌Youtube路径重定向,点击后获取云盘机密文件编辑权限

https://lyra.horse/blog/2024/09/using-youtube-to-steal-your-files/

其他

从Stomped PE头中恢复导入表的Binary Ninja插件

https://labs.nettitude.com/blog/binary-ninja-plugin-fix-stomped-imports/

https://github.com/nettitude/binja-fix-stomped-imports

winacl:操作Windows 访问控制列表、安全描述符等的跨平台Go库

https://github.com/p0dalirius/winacl

M01N Team公众号

聚焦高级攻防对抗热点技术

绿盟科技蓝军技术研究战队

官方攻防交流群

网络安全一手资讯

攻防技术答疑解惑

扫码加好友即可拉群

往期推荐

每周蓝军技术推送(2024.9.14-9.20)

每周蓝军技术推送(2024.9.7-9.13)

每周蓝军技术推送(2024.8.31-9.6)


文章来源: https://mp.weixin.qq.com/s?__biz=MzkyMTI0NjA3OA==&mid=2247493811&idx=1&sn=a3735e2857c1e1bc5bcf464b37b84997&chksm=c18428a2f6f3a1b44d3c3c274a89fd2c8c5bf7d640c36a88598147bb5e11f983b16bdad57b1f&scene=58&subscene=0#rd
如有侵权请联系:admin#unsafe.sh