Web安全
Linux下无文件Java agent探究
https://tttang.com/archive/1525/
源码层面梳理Java RMI交互流程
https://tttang.com/archive/1530/
Ruby 2.x-3.x新通用反序列化Gadget
https://devcraft.io/2022/04/04/universal-deserialisation-gadget-for-ruby-2-x-3-x.html
利用Javascript/JPEG Polyglot实现XSS
https://systemweakness.com/exploiting-xss-with-javascript-jpeg-polyglot-4cff06f8201a
内网渗透
强制SCCM发起NTLM认证
https://posts.specterops.io/coercing-ntlm-authentication-from-sccm-e6e23ea8260a
终端对抗
修改内存中的 PE 头来注入 DLL 的一种方法
https://www.x86matthew.com/view_post?id=import_dll_injection
针对Office的DLL劫持研究
https://medium.com/@tamirye94/office-multiple-search-order-dll-hijacking-67e76001ecf1
自动化提取防病毒软件的静态检测特征以实现检测逃逸
https://blog.scrt.ch/2022/04/05/automatically-extracting-static-antivirus-signatures/
分析 Cortex XDR并绕过限制
https://mrd0x.com/cortex-xdr-analysis-and-bypass/
AMSI Bypass 的多种方法整理
https://www.hackingarticles.in/a-detailed-guide-on-amsi-bypass/
滥用LargePageDrivers复制shellcode到合法内核模块
https://vollragm.github.io/posts/abusing-large-page-drivers/
Windows特权句柄利用分析
https://mp.weixin.qq.com/s/VJEgxfcuDRKMGBdkrXyRlA
探索Windows 内核中的系统调用
https://alice.climent-pommeret.red/posts/a-syscall-journey-in-the-windows-kernel/
漏洞相关
CVE-2022-21882: Win32k Windows 对象类型混淆漏洞分析
https://www.coresecurity.com/core-labs/articles/analysis-cve-2022-21882-win32k-window-object-type-confusion-exploit
CVE-2022-26381: 在firefox下执行UAF
https://www.thezdi.com/blog/2022/4/7/cve-2022-26381-gone-by-others-triggering-a-uaf-in-firefox
Chrome Mojo 组件的沙箱逃逸漏洞分析
https://mp.weixin.qq.com/s/tGwCwOQ8eAwm26fHXTCy5A
Windows 版本 AWS VPN Client 被发现 SYSTEM 本地提权漏洞
https://rhinosecuritylabs.com/aws/cve-2022-25165-aws-vpn-client
CVE-2022-21907:HTTP协议栈远程代码执行漏洞
https://www.coresecurity.com/core-labs/articles/proof-concept-cve-2022-21907-http-protocol-stack-remote-code-execution
云安全
利用 AWS RDS EC2 实例的本地文件读漏洞窃取 AWS 内部服务的密钥
https://blog.lightspin.io/aws-rds-critical-security-vulnerability
公有云 IP 重用的威胁和防御方法分析 Paper
https://arxiv.org/pdf/2204.05122.pdf
新的Office文档钓鱼姿势-VSTO插件
https://medium.com/@airlockdigital/make-phishing-great-again-vsto-office-files-are-the-new-macro-nightmare-e09fcadef010
其他
攻击技术研判:利用开源软件包安装程序Chocolately落地的新型后门
https://mp.weixin.qq.com/s/qywbXyHDPvZpqY0GABDbwg
漂亮侧信道:从timeless attack到pipeline的放大攻击
https://mp.weixin.qq.com/s/N6CWX9ZVnbyeYBIibwb0SA
利用Pickl3和Insiderman伪造Windows窗口钓鱼
https://assume-breach.medium.com/home-grown-red-team-internal-windows-phishing-with-pickl3-and-insideman-2cd2e92f7d3e
ESA实验卫星漏洞挖掘及渗透
https://tttang.com/archive/1542/
M01N Team
聚焦高级攻防对抗热点技术
绿盟科技蓝军技术研究战队
往期推荐
原文始发于微信公众号(M01N Team):每周蓝军技术推送(2022.4.9-4.15)
