每周蓝军技术推送（2024.7.6-7.12）

终端对抗

dirDevil：在文件夹结构中隐藏代码和内容

https://trustedsec.com/blog/dirdevil-hiding-code-and-content-within-folder-structures

在VBA宏中可靠地覆盖RWX内存实现更稳定代码劫持

https://adepts.of0x.cc/vba-rwx-addendum/

https://adepts.of0x.cc/vba-hijack-pointers-rwa/

40+43+74 种权限提升方法集合（Linux/Windows/macOS）

https://github.com/HadessCS/Awesome-Privilege-Escalation

借助注册表打印功能绕过EDR获取Windows启动密钥

https://sensepost.com/blog/2024/dumping-lsa-secrets-a-story-about-task-decorrelation/

使用自定义内核回调禁用EDR

https://www.alteredsecurity.com/post/when-the-hunter-becomes-the-hunted-using-custom-callbacks-to-disable-edrs

删除WFP监控滤网致盲EDR流量层检测

https://mp.weixin.qq.com/s/KjUcZKyS78QhVCDzjAvU9g

探索恶意软件中编译 V8 JAVASCRIPT 的使用情况

https://research.checkpoint.com/2024/exploring-compiled-v8-javascript-usage-in-malware/

漏洞相关

CVE-2024-38112：构造特殊.url文件触发RCE，已被在野利用

https://research.checkpoint.com/2024/resurrecting-internet-explorer-threat-actors-using-zero-day-tricks-in-internet-shortcut-file-to-lure-victims-cve-2024-38112/

CVE-2024-38094/CVE-2024-38024/CVE-2024-38023：微软SharePoint RCE漏洞POC

https://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC

CVE-2024-38021：微软Outlook Moniker零点击RCE漏洞

https://blog.morphisec.com/cve-2024-38021-microsoft-outlook-moniker-rce-vulnerability

CVE-2024-37081：Vmware vCenter RCE漏洞POC

https://github.com/Mr-r00t11/CVE-2024-37081

Evernote客户端全平台RCE分析

https://0reg.dev/blog/evernote-rce

False File Immutability：Elastic提出的新Window漏洞类型及攻击面分析

https://www.elastic.co/security-labs/false-file-immutability

云安全

微软AzureAD Graph API攻击面分析

https://github.com/mdsecresearch/Publications/blob/master/presentations/MDSec%20-%20Now%20youre%20not%20thinking%20with%20portals.pdf

azurehound-queries：适用于微软Azure的BloodHound查询

https://github.com/emiliensocchi/azurehound-queries

人工智能和安全

Uber的GenAI 网关创新实践

https://www.uber.com/en-HK/blog/genai-gateway/

LLM 安全性：使用自动化工具进行漏洞扫描

https://www.linkedin.com/pulse/llm-security-using-automated-tools-vulnerability-scans-rutam-bhagat-zailc/

MARKLLM：用于 LLM 水印的开源工具包

https://www.unite.ai/markllm-an-open-source-toolkit-for-llm-watermarking/

社工钓鱼

绕过安全电子邮件网关的链接爬虫

https://posts.specterops.io/like-shooting-phish-in-a-barrel-926c1905bb4b

其他

近期SSH RCE漏洞POC投毒恶意代码分析

https://santandersecurityresearch.github.io/blog/sshing\_the\_masses.html

运维工具Puppet的模块仓库Github Actions CI/CD配置错误，允许恶意模块上传

https://adnanthekhan.com/2024/07/02/roguepuppet-a-critical-puppet-forge-supply-chain-vulnerability/

检测 Entra ID 中的横向移动：跨租户同步

https://www.xintra.org/blog/lateral-movement-entraid-cross-tenant-synchronization

SnailLoad：借助网络延迟泄露用户行为的侧信道攻击

https://www.snailload.com/

SpecterOps SO-CON 2024会议视频

https://www.youtube.com/playlist?list=PLJK0fZNGiFU\_Zh8PkjCws\_Rw\_8WdWKyd7

M01N Team公众号

聚焦高级攻防对抗热点技术

绿盟科技蓝军技术研究战队

官方攻防交流群

网络安全一手资讯

攻防技术答疑解惑

扫码加好友即可拉群

往期推荐

每周蓝军技术推送（2024.6.29-7.5）

每周蓝军技术推送（2024.6.22-6.28）

每周蓝军技术推送（2024.6.15-6.21）