每周蓝军技术推送(2022.11.26-12.2)
2022-12-2 18:2:15 Author: M01N Team(查看原文) 阅读量:17 收藏

Web安全

利用DNSSEC进行子域名枚举

https://medium.com/sse-blog/subdomain-enumeration-with-dnssec-9911459ee7b6

从Deserialization和覆盖trustURLCodebase进行JNDI注入

https://mp.weixin.qq.com/s/o7iD0u90ezyOyFb7DQwiUg

HTTP2 request smuggling

https://tttang.com/archive/1837

CVE-2022-22954 VMware Workspace ONE Access SSTI RCE漏洞分析

https://paper.seebug.org/2026/

CVE-2022-43781:Bitbucket Server and Data Center命令注入漏洞

https://xz.aliyun.com/t/11902

YApi <1.12.0 远程命令执行漏洞

https://paper.seebug.org/2028

内网渗透

微软对于LAPS关键概念的官方文档

https://learn.microsoft.com/en-us/windows-server/identity/laps/laps-concepts

使用Havoc C2和从工作站到域控制器并绕过Microsoft EDR

https://assume-breach.medium.com/home-grown-red-team-from-workstation-to-domain-controller-with-havoc-c2-and-microsoft-edr-6b17018e32f6

终端对抗

使用HTTP转发器隐藏C2服务器

https://alwanwijayaxd.medium.com/hide-c2-server-with-http-forwarders-6e7fb7ca451

ScreenshotBOF:使用WinAPI并且不执行fork & run在Cobalt Strike中截屏并下载到内存中

https://github.com/CodeXTF2/ScreenshotBOF

用于解码C2框架NightHawk字符串IDAPython脚本

https://github.com/struppigel/hedgehog-tools/blob/main/nighthawk_str_decoder.py

Windows 11 22H2多键全内存加密

https://techcommunity.microsoft.com/t5/windows-kernel-internals-blog/multi-key-total-memory-encryption-on-windows-11-22h2/ba-p/3683043

漏洞相关

heap_detective:在C++和C. Beta中检测堆内存缺陷的简单方法

https://github.com/CoolerVoid/heap_detective

CVE-2022-33917:Mali GPU内核驱动程序可能会将CPU RO页面提升为可写

https://googleprojectzero.blogspot.com/2022/11/mind-the-gap.html

CVE-2022-3328:snap-confine条件竞争漏洞,结合CVE-2022-41974和CVE-2022-41973可以将普通用户提升到root

https://www.qualys.com/2022/11/30/cve-2022-3328/advisory-snap.txt

CVE-2022-23093:FreeBSDping中的栈溢出漏洞:

https://www.freebsd.org/security/advisories/FreeBSD-SA-22:15.ping.asc

云安全

在SaaS优先的环境中保持持久化

https://pushsecurity.com/blog/maintaining-persistent-access-in-a-saas-first-world/

对Docker Hub恶意软件镜像的分析:通过公共容器镜像进行攻击

https://sysdig.com/blog/analysis-of-supply-chain-attacks-through-public-docker-images/

深入了解MICROSOFT DEFENDER FOR IDENTITY

https://www.synacktiv.com/en/publications/a-dive-into-microsoft-defender-for-identity.html

亚马逊网络服务AppSync漏洞

https://securityaffairs.co/wordpress/139045/hacking/amazon-web-services-flaw.html

Docker逃逸那些事儿

https://mp.weixin.qq.com/s/tiniAQ5AhCXm2_mqj_j7iA

nuvola:一款针对AWS环境的自动化安全分析工具

https://www.freebuf.com/articles/network/350781.html

M01N Team公众号

聚焦高级攻防对抗热点技术

绿盟科技蓝军技术研究战队

官方攻防交流群

网络安全一手资讯

攻防技术答疑解惑

扫码加好友即可拉群

往期推荐

每周蓝军技术推送(2022.11.19-11.25)

每周蓝军技术推送(2022.11.12-11.18)

每周蓝军技术推送(2022.11.5-11.11)


文章来源: http://mp.weixin.qq.com/s?__biz=MzkyMTI0NjA3OA==&mid=2247490261&idx=1&sn=1f476a551ea8b43785037eda5d0def7d&chksm=c187dac4f6f053d287f9457643f63adae7b3c346fae712317839354d19a736b62ca06435f49d#rd
如有侵权请联系:admin#unsafe.sh