Web安全
使用Pass-the-Cookie攻击绕过MFA
https://blog.netwrix.com/2022/11/29/bypassing-mfa-with-pass-the-cookie-attack/
Wiretap:透明、类似VPN的无需特殊执行权限的代理服务器,通过WireGuard传输流量
https://github.com/sandialabs/wiretap
绕过Akamai WAF实现基于SpringBoot错误页面的SSTI RCE攻击
https://h1pmnh.github.io/post/writeup_spring_el_waf_bypass/
内网渗透
CertPotato:使用ADCS将虚拟和网络服务帐户的权限提升到Local System
https://sensepost.com/blog/2022/certpotato-using-adcs-to-privesc-from-virtual-and-network-service-accounts-to-local-system/
如何使用反射RBCD模拟Kerberos协议转换
https://medium.com/tenable-techblog/how-to-mimic-kerberos-protocol-transition-using-reflective-rbcd-a4984bb7c4cb
终端对抗
Shoggoth:提供对Shellcode、PE和COFF文件的多态加密
https://github.com/frkngksl/Shoggoth
使用SystemFunction033进行Shellcode编码
https://www.redteam.cafe/red-team/shellcode-injection/inmemory-shellcode-encryption-and-decryption-using-systemfunction033
NimDllSideload:使用Nim进行DLL侧加载/代理
https://github.com/byt3bl33d3r/NimDllSideload
在Windows 11 22H2中类似Avast的系统调用Hook方法的研究、分析和绕过
https://the-deniss.github.io/posts/2022/12/08/hooking-system-calls-in-windows-11-22h2-like-avast-antivirus.html
Defender_Exclusions-BOF:用于确定Windows Defender排除项的BOF
https://github.com/EspressoCake/Defender_Exclusions-BOF
Windows Defender内存扫描功能分析
https://mp.weixin.qq.com/s/C6CePu9albvGTj3_9aUxeg
WindowSpy:用于目标用户监视Cobalt Strike Beacon对象文件
https://github.com/CodeXTF2/WindowSpy
监视Chromium浏览器中的用户活动
https://posts.specterops.io/stalking-inside-of-your-chromium-browser-757848b67949
PrintNotifyPotato:使用PrintNotify COM服务进行提权
https://github.com/BeichenDream/PrintNotifyPotato
SilentMoonwalk:真正调用堆栈欺骗的PoC,实现了从调用堆栈中删除原始调用者,使用ROP使控制流的展开不同步
https://github.com/klezVirus/SilentMoonwalk
通过SMB武器化Discord Shell
https://medium.com/@lsecqt/weaponizing-discord-shell-via-smb-92375e730e26
漏洞相关
Visual Studio Code Jypiter Notebook远程代码执行漏洞
https://github.com/google/security-research/security/advisories/GHSA-pw56-c55x-cm9m
CVE-2022-41120:Sysmon中任意文件删除/写入的PoC
https://github.com/Wh04m1001/SysmonEoP
在Rust编程语言中发现利用Artifact Poisoning攻击
https://www.legitsecurity.com/blog/artifact-poisoning-vulnerability-discovered-in-rust
CVE-2022-41057:HTTP.SYS Kerberos PAC验证绕过EoP
https://bugs.chromium.org/p/project-zero/issues/detail?id=2346
Netgear RAX30的几个漏洞分析
https://starlabs.sg/blog/2022/12-the-last-breath-of-our-netgear-rax30-bugs-a-tragic-tale-before-pwn2own-toronto-2022/
云安全
绕过Microsoft Graph API分页限制并使用Graph API令牌转储所有用户的对象
https://github.com/lutzenfried/OffensiveCloud/blob/4de3846faffa13d813872ffae6b990fa670dae6e/Azure/Tools/graphAPIDump.py
基于Microsoft Graph上的Azure AD信息收集工具
https://github.com/JoelGMSec/AzureGraph
GCPGoat:基于GCP的云基础设施靶场环境
https://github.com/ine-labs/GCPGoat
AWS AppSync服务滥用实现跨租户资源访问
https://securitylabs.datadoghq.com/articles/appsync-vulnerability-disclosure/
其他
修改Word文件外部和RTF以避免检测
https://asec.ahnlab.com/en/41472/
YAWNING-TITAN:抽象的、基于图形的网络安全模拟环境
https://github.com/dstl/YAWNING-TITAN
https://dstl.github.io/YAWNING-TITAN/index.html
emailGPT:使用ChatGPT生成电子邮件的快速简便界面
https://github.com/lucasmccabe/emailGPT
ida_gpt:基本的idapython脚本,可用于GPT分析反汇编
https://github.com/MayerDaniel/ida_gpt
DAILA:反编译器人工智能语言助手,使用ChatGPT提升反编译体验
https://github.com/mahaloz/DAILA
Gepetto:查询OpenAI ChatGPT解释反编译函数的IDA插件
https://github.com/JusticeRage/Gepetto
M01N Team公众号
聚焦高级攻防对抗热点技术
绿盟科技蓝军技术研究战队
官方攻防交流群
网络安全一手资讯
攻防技术答疑解惑
扫码加好友即可拉群
往期推荐
原文始发于微信公众号(M01N Team):每周蓝军技术推送(2022.12.3-12.9)
