每周蓝军技术推送(2023.11.25-12.1)
2023-12-1 18:1:27 Author: M01N Team(查看原文) 阅读量:21 收藏

Web安全

faction:渗透测试报告生成和评估协作框架

https://github.com/factionsecurity/faction

内网渗透

AD-Canaries:AD域 Canary自动化部署Powershell脚本

https://github.com/AirbusProtect/AD-Canaries

ADCS特定用户组Cert Publishers Group研究

https://decoder.cloud/2023/11/20/a-deep-dive-in-cert-publishers-group/

SharpRODCL:用于审计RODC相关错误配置的.net工具

https://github.com/wh0amitz/SharpRODC

终端对抗

以PG兼容的方式进行Hook

https://revers.engineering/fun-with-pg-compliant-hook/

使用sRDI进行进程stomping和bencon加载

https://www.naksyn.com/edr%20evasion/2023/11/18/mockingjay-revisited-process-stomping-srdi-beacon.html

使用CreateThreadPoolWait实现bypass EDR的轻量化加载器

https://labs.nettitude.com/blog/creating-an-opsec-safe-loader-for-red-team-operations/

避免内核触发内存扫描的进程注入

https://www.r-tec.net/r-tec-blog-process-injection-avoiding-kernel-triggered-memory-scans.html

Unwinder:Rust实现的堆栈调用欺骗

https://github.com/Kudaes/Unwinder

Darkside:使用Rogue反恶意软件驱动3.3实现的AV/EDR杀手

https://github.com/ph4nt0mbyt3/Darkside

GhostMapper:定制幽灵驱动程序

https://github.com/Oliver-1-1/GhostMapper

LocklessBof:枚举打开的文件句柄和促进锁定文件的无文件下载的BOF

https://github.com/antroguy/LocklessBof

LyinEagle:使用JS implant的Python C2

https://github.com/MrDomainAdmin/LyinEagle

CoercedPotatoRDLL:将NT Service提升到SYSTEM权限的反射DLL

https://github.com/sokaRepo/CoercedPotatoRDLL

漏洞相关

CVE-2023-33127:.Net Core CLR中的条件竞争漏洞导致权限提升

https://bohops.com/2023/11/27/abusing-net-core-clr-diagnostic-features-cve-2023-33127/

CVE-2023-36036:Windows cloud files mini filter driver权限提升漏洞分析

https://www.ch35tnut.site/zh-cn/vulnerability/cve-2023-36036-windows-cloud-files-mini-filter-driver-eop/

CVE-2023-36719:Chromium中的可沙箱逃逸漏洞

https://microsoftedge.github.io/edgevr/posts/Escaping-the-sandbox-A-bug-that-speaks-for-itself/

CVE-2023-32422:MacOS TCC绕过

https://gergelykalman.com/sqlol-CVE-2023-32422-a-macos-tcc-bypass.html

云安全

IceKube:辅助查找K8S Cluster中低权限节点到高价值目标路径的工具

https://github.com/WithSecureLabs/IceKube

IMDSpoof:欺骗AWS IMDS服务返回可触发告警的HoneyToken

https://github.com/grahamhelton/IMDSpoof

其他

提取ChatGPT训练数据

https://not-just-memorization.github.io/extracting-training-data-from-chatgpt.html

Windows Hello指纹身份认证绕过

https://blackwinghq.com/blog/posts/a-touch-of-pwn-part-i/

EvilSlackbot:Slack机器人钓鱼框架

https://github.com/Drew-Sec/EvilSlackbot

M01N Team公众号

聚焦高级攻防对抗热点技术

绿盟科技蓝军技术研究战队

官方攻防交流群

网络安全一手资讯

攻防技术答疑解惑

扫码加好友即可拉群

往期推荐

每周蓝军技术推送(2023.11.18-11.24)

每周蓝军技术推送(2023.11.11-11.17)

每周蓝军技术推送(2023.11.4-11.10)


文章来源: http://mp.weixin.qq.com/s?__biz=MzkyMTI0NjA3OA==&mid=2247492817&idx=1&sn=b0820469ca57aa39909611d08ba43619&chksm=c18424c0f6f3add6b29bd04a3c7834c4f2666c5e354910387106e90ace868860af631917d626&scene=0&xtrack=1#rd
如有侵权请联系:admin#unsafe.sh