供应链攻击:利用域名供应商漏洞,实现域名接管
https://palisade.consulting/blog/tld-hacking
供应链攻击:抢注同名WordPress插件,通过恶意更新攻陷WordPress站点
https://vavkamil.cz/2021/11/25/wordpress-plugin-confusion-update-can-get-you-pwned/
开源Web Application指纹
https://github.com/p0dalirius/webapp-wordlists
微软云:滥用API权限进行权限提升
https://posts.specterops.io/azure-privilege-escalation-via-azure-api-permissions-abuse-74aee1006f48
微软云:利用虚拟机Managed Identities进行横向移动
https://m365internals.com/2021/11/30/lateral-movement-with-managed-identities-of-azure-virtual-machines/
内核对抗实战系列第五部分
https://blog.nviso.eu/2021/11/30/kernel-karnage-part-5-i-o-callbacks/
Tartarus’ Gate:改进Halo’s Gate绕过不同的EDR hooking方式
https://trickster0.github.io/posts/Halo’s-Gate-Evolves-to-Tartarus-Gate/
滥用Windows进程fork功能,绕过EDR读取敏感进程内存
https://billdemirkapi.me/abusing-windows-implementation-of-fork-for-stealthy-memory-operations/
LOLBAS:mpiexec.exe和smpd.exe 文件执行
https://twitter.com/mrd0x/status/1465058133303246867
创建MSIX包伪造厂商与微软信任标签,可用于钓鱼载荷投递
https://twitter.com/wdormann/status/1466039420684021761
句柄复制AV对抗技术C#实现
https://rastamouse.me/duplicating-handles-in-csharp/
EDR情报及对抗技术汇总
https://github.com/Mr-Un1k0d3r/EDRs
CVE-2021-21234:Spring Boot Actuator Logview 目录遍历漏洞分析
https://pyn3rd.github.io/2021/10/25/CVE-2021-21234-Spring-Boot-Actuator-Logview-Directory-Traversal/
Vmware vCenter(7.0.2.00100)未授权任意文件读取+SSRF+XSS
https://github.com/l0ggg/VMware_vCenter
CVE-2021-22205:Gitlab未授权RCE深入分析
https://mp.weixin.qq.com/s/Y4mGVhbc3agp1adnUs1GmA
CVE-2021-3156:Sudo溢出本地提权漏洞
https://github.com/worawit/CVE-2021-3156
M01N Team
聚焦高级攻防对抗热点技术
绿盟科技蓝军技术研究战队
原文始发于微信公众号(M01N Team):每周蓝军技术推送(2021.11.27-12.3)