CVE-2021-44228:Log4j 漏洞复现和分析
https://lorexxar.cn/2021/12/10/log4j2-jndi/
CVE-2021-44228:Log4j 武器化攻击案例
https://twitter.com/an0n_r0/status/1469416507440615425
CVE-2021-44228:Log4j 攻击云端窃取密钥
https://twitter.com/christophetd/status/1470727116341878790
CVE-2021-44228:Log4j 受该漏洞影响的软件列表
https://twitter.com/wdormann/status/1470804255552557064
CVE-2021-45046: Log4shell补丁被绕过后产生的新漏洞
https://www.lunasec.io/docs/blog/log4j-zero-day-update-on-cve-2021-45046/
https://twitter.com/wdormann/status/1470804255552557064
CVE-2021-42287/CVE-2021-42278:任意用户提升至域管权限漏洞的武器化过程, poc
https://exploit.ph/cve-2021-42287-cve-2021-42278-weaponisation.html
https://github.com/cube0x0/noPac
CVE-2021-42278:任意用户提升至域管权限漏洞的python武器化脚本
https://github.com/ly4k/Pachine
Windows 10 URL处理器远程代码执行漏洞Demo和详细分析
https://positive.security/blog/ms-officecmd-rce#teams-drive-by-exploit-for-ie11edge-legacy-via—gpu-launcher-command-injection
CVE-2021-3939:Ubuntu 账户服务本地权限提升漏洞利用分析
https://securitylab.github.com/research/ubuntu-accountsservice-CVE-2021-3939/
用户态Unhooking杀软对抗技术研究
https://rp.os3.nl/2020-2021/p68/report.pdf
现代终端对抗免杀技术介绍
https://docs.google.com/presentation/d/19CZ0ufddtOHAQ78RoEawM7_9VSN3aFglRiHQDyr1yZw/edit
内核对抗技术:安装自带易受攻击的驱动程序(BYOVD)达到持久化和权限提升
https://www.rapid7.com/blog/post/2021/12/13/driver-based-attacks-past-and-present/
内核对抗实战系列第六部分
https://blog.nviso.eu/2021/12/09/kernel-karnage-part-6-last-call/
JavaScript原型链污染攻击原理分析与复现
https://www.youtube.com/watch?v=XS_UMqQalLI
HeySeria:自动化检测反序列化漏洞
https://www.mandiant.com/resources/hunting-deserialization-exploits
https://github.com/mandiant/heyserial
内存级别攻防利器-UnSafe的各种利用姿势
https://g1asssy.com/2021/12/09/unsafe/
LOLBAS:Sqldumper.exe仍可绕过Defender进行Lsass dump
https://twitter.com/mrd0x/status/1471310869506273283
Cobalt-Clip: 读取,写入,监控剪切板的CS插件
https://github.com/DallasFR/Cobalt-Clip
针对Kerberos的samAccountName欺骗攻击
https://cloudbrothers.info/en/exploit-kerberos-samaccountname-spoofing/#attribution
利用 Azure Run Commands 实现 MSP 的虚拟机横向渗透
https://www.mandiant.com/resources/azure-run-command-dummies
暴露Docker Socket从代码执行、容器逃逸到持久化
https://blog.quarkslab.com/why-is-exposing-the-docker-socket-a-really-bad-idea.html
Project Zero 对 NSO zero-click iMessage exploit 的深度分析
https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html
M01N Team
聚焦高级攻防对抗热点技术
绿盟科技蓝军技术研究战队
原文始发于微信公众号(M01N Team):每周蓝军技术推送(2021.12.11-12.17)