Web安全
faction:渗透测试报告生成和评估协作框架
https://github.com/factionsecurity/faction
内网渗透
AD-Canaries:AD域 Canary自动化部署Powershell脚本
https://github.com/AirbusProtect/AD-Canaries
ADCS特定用户组Cert Publishers Group研究
https://decoder.cloud/2023/11/20/a-deep-dive-in-cert-publishers-group/
SharpRODCL:用于审计RODC相关错误配置的.net工具
https://github.com/wh0amitz/SharpRODC
终端对抗
以PG兼容的方式进行Hook
https://revers.engineering/fun-with-pg-compliant-hook/
使用sRDI进行进程stomping和bencon加载
https://www.naksyn.com/edr%20evasion/2023/11/18/mockingjay-revisited-process-stomping-srdi-beacon.html
使用CreateThreadPoolWait实现bypass EDR的轻量化加载器
https://labs.nettitude.com/blog/creating-an-opsec-safe-loader-for-red-team-operations/
避免内核触发内存扫描的进程注入
https://www.r-tec.net/r-tec-blog-process-injection-avoiding-kernel-triggered-memory-scans.html
Unwinder:Rust实现的堆栈调用欺骗
https://github.com/Kudaes/Unwinder
Darkside:使用Rogue反恶意软件驱动3.3实现的AV/EDR杀手
https://github.com/ph4nt0mbyt3/Darkside
GhostMapper:定制幽灵驱动程序
https://github.com/Oliver-1-1/GhostMapper
LocklessBof:枚举打开的文件句柄和促进锁定文件的无文件下载的BOF
https://github.com/antroguy/LocklessBof
LyinEagle:使用JS implant的Python C2
https://github.com/MrDomainAdmin/LyinEagle
CoercedPotatoRDLL:将NT Service提升到SYSTEM权限的反射DLL
https://github.com/sokaRepo/CoercedPotatoRDLL
漏洞相关
CVE-2023-33127:.Net Core CLR中的条件竞争漏洞导致权限提升
https://bohops.com/2023/11/27/abusing-net-core-clr-diagnostic-features-cve-2023-33127/
CVE-2023-36036:Windows cloud files mini filter driver权限提升漏洞分析
https://www.ch35tnut.site/zh-cn/vulnerability/cve-2023-36036-windows-cloud-files-mini-filter-driver-eop/
CVE-2023-36719:Chromium中的可沙箱逃逸漏洞
https://microsoftedge.github.io/edgevr/posts/Escaping-the-sandbox-A-bug-that-speaks-for-itself/
CVE-2023-32422:MacOS TCC绕过
https://gergelykalman.com/sqlol-CVE-2023-32422-a-macos-tcc-bypass.html
云安全
IceKube:辅助查找K8S Cluster中低权限节点到高价值目标路径的工具
https://github.com/WithSecureLabs/IceKube
IMDSpoof:欺骗AWS IMDS服务返回可触发告警的HoneyToken
https://github.com/grahamhelton/IMDSpoof
其他
提取ChatGPT训练数据
https://not-just-memorization.github.io/extracting-training-data-from-chatgpt.html
Windows Hello指纹身份认证绕过
https://blackwinghq.com/blog/posts/a-touch-of-pwn-part-i/
EvilSlackbot:Slack机器人钓鱼框架
https://github.com/Drew-Sec/EvilSlackbot
M01N Team公众号
聚焦高级攻防对抗热点技术
绿盟科技蓝军技术研究战队
官方攻防交流群
网络安全一手资讯
攻防技术答疑解惑
扫码加好友即可拉群
往期推荐
原文始发于微信公众号(M01N Team):每周蓝军技术推送(2023.11.25-12.1)
