每周蓝军技术推送(2024.9.14-9.20)

每周蓝军技术推送(2024.9.14-9.20)


Web安全


CVE-2024-38816:Spring框架路径遍历漏洞

https://spring.io/security/cve-2024-38816


内网渗透


DGPOEdit:欺骗组策略本地主机已入域,以自非域主机编辑域组策略

https://www.pentestpartners.com/security-blog/living-off-the-land-gpo-style/

https://github.com/CCob/DGPOEdit

利用Agent任务劫持SQL服务器凭据以域内权限提升

https://www.netspi.com/blog/technical-blog/network-pentesting/hijacking-sql-server-credentials-with-agent-jobs-for-domain-privilege-escalation/

kcmdump:从SSSD的KCM数据库中转储 Kerberos票据

https://github.com/synacktiv/kcmdump

AD域攻击十年盘点与未来展望

https://35950c24-b118-4502-b087-73855692e67c.usrfiles.com/ugd/35950c_a8f1e3659cc5402e9d732e6f8693fbbe.pdf


终端对抗


JarPlant:向JAR文件中植入恶意载荷

https://github.com/w1th4d/JarPlant

EXE-or-DLL-or-ShellCode:构建可同时作为EXE/DLL与Shellcode加载的特殊载荷

https://github.com/Dump-GUY/EXE-or-DLL-or-ShellCode

GlobalUnProtect:解密VPN身份验证令牌Cookie并重放使用

https://rotarydrone.medium.com/decrypting-and-replaying-vpn-cookies-4a1d8fc7773e

https://github.com/rotarydrone/GlobalUnProtect

Bear C2:内置Russia背景APT攻击模拟TTPs的C2框架

https://github.com/S3N4T0R-0X0/BEAR

规避EDR与SOC的终端对抗技巧

https://docs.google.com/presentation/d/1yUaalv-a_5oI9qYMUC7VCRqgkwIQFtlJcRWxI5TaAaE/edit

https://github.com/magisterquis/alpt4ats

zpoline:Linux syscall hook工具

https://github.com/yasukata/zpoline


漏洞相关


Sliver、Havoc等多个开源C2框架漏洞利用被公开

https://blog.includesecurity.com/2024/09/vulnerabilities-in-open-source-c2-frameworks/

https://github.com/hyperreality/c2-vulnerabilities

CVE-2024-7965:Chrome V8引擎历史0day漏洞POC公布 

https://github.com/bi-zone/CVE-2024-7965

CVE-2024-45409:ruby-saml库身份验证绕过漏洞,影响GitLab多个版本

https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-jw9c-mfg7-9rx2

https://about.gitlab.com/releases/2024/09/17/patch-release-gitlab-17-3-3-released/

CVE-2023-28324:Ivati EPM AgentPortal RCE漏洞POC

https://github.com/horizon3ai/CVE-2023-28324

AlcaWASM挑战赛WP,挖掘并利用浏览器Lua解释器内的漏洞

https://deda.lol/posts/2024-09-12-escape_alcawasm/


云安全


标准化Multi-Cloud特权访问架构白皮书,保护AWS、Azure和GCP中的 IAM

https://services.google.com/fh/files/misc/standardizing-privileged-access-architecture-for-multi-cloud.pdf

CloudGoat AWS攻击靶场提权利用场景“glue_privesc”

https://rhinosecuritylabs.com/cloud-security/cloudgoat-walkthrough-glue_privesc/

cloudkicker:自建Azure OSINT情报收集工具

https://github.com/nyxgeek/cloudkicker

借助Typosquatting技术攻击Github Actions

https://orca.security/resources/blog/typosquatting-in-github-actions/


人工智能和安全


local-llm-ctf:本地LLM越狱CTF挑战,突破安全围栏获取Flag

https://bishopfox.com/blog/large-language-models-llm-ctf-lab

https://github.com/BishopFox/local-llm-ctf

利用大型语言模型(LLM)进行恶意攻击的手段与防范

https://www.helpnetsecurity.com/2024/09/09/ai-cybersecurity-needs/

Hackphyr:针对网络安全环境的本地微调LLM Agent

https://arxiv.org/abs/2409.11276

LLMjacking安全风险

https://sysdig.com/blog/growing-dangers-of-llmjacking/


社工钓鱼


recaptcha-phish:使用假reCAPTCHA验证器钓鱼

https://github.com/JohnHammond/recaptcha-phish


其他


通过域名抢注劫持MOBI域名WHOIS服务器,进而欺骗CA认证与RCE攻击

https://labs.watchtowr.com/we-spent-20-to-achieve-rce-and-accidentally-became-the-admins-of-mobi/

binsider:ELF二进制分析工具

https://github.com/orhun/binsider

Linux常见持久化技术与检测手段

https://www.elastic.co/security-labs/sequel-on-persistence-mechanisms


每周蓝军技术推送(2024.9.14-9.20)

M01N Team公众号

聚焦高级攻防对抗热点技术

绿盟科技蓝军技术研究战队

每周蓝军技术推送(2024.9.14-9.20)

官方攻防交流群

网络安全一手资讯

攻防技术答疑解惑

扫码加好友即可拉群


往期推荐

每周蓝军技术推送(2024.9.7-9.13)

每周蓝军技术推送(2024.8.31-9.6)

每周蓝军技术推送(2024.8.24-8.30)

原文始发于微信公众号(M01N Team):每周蓝军技术推送(2024.9.14-9.20)

版权声明:admin 发表于 2024年9月20日 下午6:02。
转载请注明:每周蓝军技术推送(2024.9.14-9.20) | CTF导航

相关文章