KaynLdr: C/ASM实现的反射DLL加载器
https://github.com/MrLion7/Lmap
复制句柄,进行LSASS Dump
https://rastamouse.me/dumping-lsass-with-duplicated-handles/
Nim语言实现Process Hollowing技术
https://github.com/snovvcrash/NimHollow
利用恶意 MSBuild 文件执行CS shellcode
https://isc.sans.edu/diary/rss/28180
Perun’s Fart: C#实现的unhooking AV/EDR工具
https://github.com/plackyhacker/Peruns-Fart
CmdLineSpoofer: 注入木马进程伪造命令行的检测规避工具
https://github.com/plackyhacker/CmdLineSpoofer
添加Lsasrv注册表Extensions实现隐匿持久化(可规避Autoruns检测)
https://twitter.com/0gtweet/status/1476286368385019906
Nginx 环境中 PHP LFI 漏洞的利用
https://bierbaumer.net/security/php-lfi-with-nginx-assistance/
Websphere Portal SSRF漏洞挖掘
https://blog.assetnote.io/2021/12/26/chained-ssrf-websphere/
自动鉴别API Key/Token所属服务
https://api-guesser.netlify.app
https://twitter.com/daffainfo/status/1475725873575698437
Vertex:VPN 攻击框架
https://github.com/klezVirus/vortex
ADExplorerSnapshot: AD浏览器,可创建快照并导入BloodHound
https://github.com/c3c/ADExplorerSnapshot.py
ShadowCoerce:强制MS-FSRVP协议对攻击者进行验证
https://github.com/ShutdownRepo/ShadowCoerce
CVE-2021-44832: Apache Log4j 2.17.0 JDBCAppender任意代码执行漏洞
https://checkmarx.com/blog/cve-2021-44832-apache-log4j-2-17-0-arbitrary-code-execution-via-jdbcappender-datasource-element/
Javascript JIT 类混乱漏洞Writeup
https://zerodayengineering.com/research/javascript-engines-exploitation-jscript9.html
CVE-2019-11707+ CVE-2019-11708火狐浏览器远程代码执行和沙箱逃逸攻击链
https://github.com/forrest-orr/Exploits/tree/main/Chains/Hydseven
Talos 对 2021 年的恶意软件、网络攻击、重要漏洞的总结回顾
http://blog.talosintelligence.com/2021/12/2021-looking-back-on-year-in-malware.html
2021年十大漏洞利用
https://mp.weixin.qq.com/s/M5xcnU_TTtMCTVUp-vrvFQ
Hacking The Cloud – AWS 云环境安全测试教程,后续也会涵盖微软云和谷歌云
https://hackingthe.cloud/aws/general-knowledge/assume_role_logic/
基于QUIC 的SMB,意味着SMB可从公网直接访问
https://docs.microsoft.com/en-us/windows-server/storage/file-server/smb-over-quic
通过修改协议状态,绕过防火墙不出网设定
https://arxiv.org/pdf/2112.09604.pdf
M01N Team
聚焦高级攻防对抗热点技术
绿盟科技蓝军技术研究战队
原文始发于微信公众号(M01N Team):每周蓝军技术推送(2021.12.25-12.31)