Field Effect 安全团队对微软 6 个提权漏洞以及 1 个内核信息泄漏漏洞的分析报告
https://hello.fieldeffect.com/hubfs/Blackswan/Blackswan_Technical_Write%20Up_Field_Effect.pdf
Windows WSL 中运行的 Visual Studio Code server 被发现存在 RCE 漏洞
https://parsiya.net/blog/2021-12-20-rce-in-visual-studio-codes-remote-wsl-for-fun-and-negative-profit/
NTFS 文件驱动 CVE-2021-31956 整数溢出漏洞分析
https://dawnslab.jd.com/CVE-2021-31956/
CVE-2021-38163:sap netweaver 危险类型文件的不加限制上传漏洞
https://twitter.com/ptswarm/status/1472929717938532353
Microsoft Team 链接预览欺骗、IP 地址泄漏等漏洞的分析
https://positive.security/blog/ms-teams-1-feature-4-vulns
微软 Azure App Service 在 Local Git 方式部署代码时存在漏洞,泄漏用户源码库
https://www.wiz.io/blog/azure-app-service-source-code-leak
2021 年云安全事件回顾
https://blog.christophetd.fr/cloud-security-breaches-and-vulnerabilities-2021-in-review/
KernelBypassSharp:C# 编写的内核驱动,用于读写受保护进程的内存
https://github.com/VollRagm/KernelBypassSharp
Moonwalk:Linux攻击痕迹清理的工具
https://github.com/mufeedvh/moonwalk
Mortar Loader: 通过内存加密绕过免杀的加载器
https://github.com/0xsp-SRD/mortar
将Shellcode注入已加载DLL内存完成进程注入
https://www.netero1010-securitylab.com/eavsion/alternative-process-injection
利用C++实现的WSASocket反连shell,可绕过Defender
https://github.com/tihanyin/Simple-Reverse-Shell/
Cobalt Strike 4.5:自定义反射加载器更新情况
https://www.cobaltstrike.com/blog/user-defined-reflective-loader-udrl-update-in-cobalt-strike-4-5/
利用Hook实现堆加密,对抗BeaconEye内存检测
https://www.cyberark.com/resources/threat-research-blog/hook-heaps-and-live-free
BOF编译最佳实践:涵盖变通性,隐匿性和兼容性
https://www.coresecurity.com/core-labs/articles/writing-beacon-object-files-flexibie-stealthy-and-compatible
安全研究员发现的一些免杀的Powershell Dropper
https://isc.sans.edu/diary/28158
AD Schema错误配置也可构成sAMAccountName欺骗攻击前置条件
https://twitter.com/remiescourrou/status/1472984929726308357
Responder现支持IPv6场景下的攻击
https://g-laurent.blogspot.com/2021/12/responder-and-ipv6-attacks.html
Invoke-noPac:Powershell实现的任意用户提升至域管权限漏洞
https://github.com/ricardojba/Invoke-noPac
GO实现的轻量级Meterpreter Stager
https://security.humanativaspa.it/letme-go-a-minimalistic-meterpreter-stager-written-in-go/
缓存投毒技术
https://youst.in/posts/cache-poisoning-at-scale/
5G 网络的两种类型,以及经典漏洞在 5G 网络的攻击场景
https://penthertz.com/blog/Intruding-5G-core-networks-from-outside-and_inside.html
M01N Team
聚焦高级攻防对抗热点技术
绿盟科技蓝军技术研究战队
原文始发于微信公众号(M01N Team):每周蓝军技术推送(2021.12.18-12.24)