Web安全
CVE-2024-38816:Spring框架路径遍历漏洞
https://spring.io/security/cve-2024-38816
内网渗透
DGPOEdit:欺骗组策略本地主机已入域,以自非域主机编辑域组策略
https://www.pentestpartners.com/security-blog/living-off-the-land-gpo-style/
https://github.com/CCob/DGPOEdit
利用Agent任务劫持SQL服务器凭据以域内权限提升
https://www.netspi.com/blog/technical-blog/network-pentesting/hijacking-sql-server-credentials-with-agent-jobs-for-domain-privilege-escalation/
kcmdump:从SSSD的KCM数据库中转储 Kerberos票据
https://github.com/synacktiv/kcmdump
AD域攻击十年盘点与未来展望
https://35950c24-b118-4502-b087-73855692e67c.usrfiles.com/ugd/35950c_a8f1e3659cc5402e9d732e6f8693fbbe.pdf
终端对抗
JarPlant:向JAR文件中植入恶意载荷
https://github.com/w1th4d/JarPlant
EXE-or-DLL-or-ShellCode:构建可同时作为EXE/DLL与Shellcode加载的特殊载荷
https://github.com/Dump-GUY/EXE-or-DLL-or-ShellCode
GlobalUnProtect:解密VPN身份验证令牌Cookie并重放使用
https://rotarydrone.medium.com/decrypting-and-replaying-vpn-cookies-4a1d8fc7773e
https://github.com/rotarydrone/GlobalUnProtect
Bear C2:内置Russia背景APT攻击模拟TTPs的C2框架
https://github.com/S3N4T0R-0X0/BEAR
规避EDR与SOC的终端对抗技巧
https://docs.google.com/presentation/d/1yUaalv-a_5oI9qYMUC7VCRqgkwIQFtlJcRWxI5TaAaE/edit
https://github.com/magisterquis/alpt4ats
zpoline:Linux syscall hook工具
https://github.com/yasukata/zpoline
漏洞相关
Sliver、Havoc等多个开源C2框架漏洞利用被公开
https://blog.includesecurity.com/2024/09/vulnerabilities-in-open-source-c2-frameworks/
https://github.com/hyperreality/c2-vulnerabilities
CVE-2024-7965:Chrome V8引擎历史0day漏洞POC公布
https://github.com/bi-zone/CVE-2024-7965
CVE-2024-45409:ruby-saml库身份验证绕过漏洞,影响GitLab多个版本
https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2
https://about.gitlab.com/releases/2024/09/17/patch-release-gitlab-17-3-3-released/
CVE-2023-28324:Ivati EPM AgentPortal RCE漏洞POC
https://github.com/horizon3ai/CVE-2023-28324
AlcaWASM挑战赛WP,挖掘并利用浏览器Lua解释器内的漏洞
https://deda.lol/posts/2024-09-12-escape_alcawasm/
云安全
标准化Multi-Cloud特权访问架构白皮书,保护AWS、Azure和GCP中的 IAM
https://services.google.com/fh/files/misc/standardizing-privileged-access-architecture-for-multi-cloud.pdf
CloudGoat AWS攻击靶场提权利用场景“glue_privesc”
https://rhinosecuritylabs.com/cloud-security/cloudgoat-walkthrough-glue_privesc/
cloudkicker:自建Azure OSINT情报收集工具
https://github.com/nyxgeek/cloudkicker
借助Typosquatting技术攻击Github Actions
https://orca.security/resources/blog/typosquatting-in-github-actions/
人工智能和安全
local-llm-ctf:本地LLM越狱CTF挑战,突破安全围栏获取Flag
https://bishopfox.com/blog/large-language-models-llm-ctf-lab
https://github.com/BishopFox/local-llm-ctf
利用大型语言模型(LLM)进行恶意攻击的手段与防范
https://www.helpnetsecurity.com/2024/09/09/ai-cybersecurity-needs/
Hackphyr:针对网络安全环境的本地微调LLM Agent
https://arxiv.org/abs/2409.11276
LLMjacking安全风险
https://sysdig.com/blog/growing-dangers-of-llmjacking/
社工钓鱼
recaptcha-phish:使用假reCAPTCHA验证器钓鱼
https://github.com/JohnHammond/recaptcha-phish
其他
通过域名抢注劫持MOBI域名WHOIS服务器,进而欺骗CA认证与RCE攻击
https://labs.watchtowr.com/we-spent-20-to-achieve-rce-and-accidentally-became-the-admins-of-mobi/
binsider:ELF二进制分析工具
https://github.com/orhun/binsider
Linux常见持久化技术与检测手段
https://www.elastic.co/security-labs/sequel-on-persistence-mechanisms
M01N Team公众号
聚焦高级攻防对抗热点技术
绿盟科技蓝军技术研究战队
官方攻防交流群
网络安全一手资讯
攻防技术答疑解惑
扫码加好友即可拉群
往期推荐
原文始发于微信公众号(M01N Team):每周蓝军技术推送(2024.9.14-9.20)