终端对抗
dirDevil:在文件夹结构中隐藏代码和内容
https://trustedsec.com/blog/dirdevil-hiding-code-and-content-within-folder-structures
在VBA宏中可靠地覆盖RWX内存实现更稳定代码劫持
https://adepts.of0x.cc/vba-rwx-addendum/
https://adepts.of0x.cc/vba-hijack-pointers-rwa/
40+43+74 种权限提升方法集合(Linux/Windows/macOS)
https://github.com/HadessCS/Awesome-Privilege-Escalation
借助注册表打印功能绕过EDR获取Windows启动密钥
https://sensepost.com/blog/2024/dumping-lsa-secrets-a-story-about-task-decorrelation/
使用自定义内核回调禁用EDR
删除WFP监控滤网致盲EDR流量层检测
https://mp.weixin.qq.com/s/KjUcZKyS78QhVCDzjAvU9g
探索恶意软件中编译 V8 JAVASCRIPT 的使用情况
https://research.checkpoint.com/2024/exploring-compiled-v8-javascript-usage-in-malware/
漏洞相关
CVE-2024-38112:构造特殊.url文件触发RCE,已被在野利用
CVE-2024-38094/CVE-2024-38024/CVE-2024-38023:微软SharePoint RCE漏洞POC
https://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC
CVE-2024-38021:微软Outlook Moniker零点击RCE漏洞
https://blog.morphisec.com/cve-2024-38021-microsoft-outlook-moniker-rce-vulnerability
CVE-2024-37081:Vmware vCenter RCE漏洞POC
https://github.com/Mr-r00t11/CVE-2024-37081
Evernote客户端全平台RCE分析
https://0reg.dev/blog/evernote-rce
False File Immutability:Elastic提出的新Window漏洞类型及攻击面分析
https://www.elastic.co/security-labs/false-file-immutability
云安全
微软AzureAD Graph API攻击面分析
azurehound-queries:适用于微软Azure的BloodHound查询
https://github.com/emiliensocchi/azurehound-queries
人工智能和安全
Uber的GenAI 网关创新实践
https://www.uber.com/en-HK/blog/genai-gateway/
LLM 安全性:使用自动化工具进行漏洞扫描
MARKLLM:用于 LLM 水印的开源工具包
https://www.unite.ai/markllm-an-open-source-toolkit-for-llm-watermarking/
社工钓鱼
绕过安全电子邮件网关的链接爬虫
https://posts.specterops.io/like-shooting-phish-in-a-barrel-926c1905bb4b
其他
近期SSH RCE漏洞POC投毒恶意代码分析
https://santandersecurityresearch.github.io/blog/sshing\_the\_masses.html
运维工具Puppet的模块仓库Github Actions CI/CD配置错误,允许恶意模块上传
https://adnanthekhan.com/2024/07/02/roguepuppet-a-critical-puppet-forge-supply-chain-vulnerability/
检测 Entra ID 中的横向移动:跨租户同步
https://www.xintra.org/blog/lateral-movement-entraid-cross-tenant-synchronization
SnailLoad:借助网络延迟泄露用户行为的侧信道攻击
SpecterOps SO-CON 2024会议视频
https://www.youtube.com/playlist?list=PLJK0fZNGiFU\_Zh8PkjCws\_Rw\_8WdWKyd7
M01N Team公众号
聚焦高级攻防对抗热点技术
绿盟科技蓝军技术研究战队
官方攻防交流群
网络安全一手资讯
攻防技术答疑解惑
扫码加好友即可拉群
往期推荐