每周蓝军技术推送(2022.12.10-12.16)
2022-12-16 18:2:24 Author: M01N Team(查看原文) 阅读量:29 收藏

Web安全

osv-scanner:用Go编写的漏洞扫描器

https://github.com/google/osv-scanner

使用SVG图像进行HTML走私

https://blog.talosintelligence.com/html-smugglers-turn-to-svg-images/

ReverseSock5Proxy:一个微型反向Sock5代理

https://github.com/Coldzer0/ReverseSock5Proxy

内网渗透

评估独立托管服务帐户

https://simondotsh.com/infosec/2022/12/12/assessing-smsa.html

Kerberos票据伪造检测方法

https://unit42.paloaltonetworks.com/next-gen-kerberos-attacks/

Coercer:通过12种方法自动强制Windows服务器在任意机器上进行身份验证

https://github.com/p0dalirius/Coercer

终端对抗

LOLBAS:使用Type命令和WebDAV中被遗忘的功能上传/下载文件

https://mr0range.com/a-new-lolbin-using-the-windows-type-command-to-upload-download-files-81d7b6179e22

IATelligence:提取PE文件的IAT并请求GPT以获取有关API和ATT&CK矩阵相关的更多信息

https://github.com/fr0gger/IATelligence

psmsi:使用Powershell创建MSI

https://github.com/ironmansoftware/psmsi

Bypass Cortex XDR

https://medium.com/@bentamam/bypassing-cortex-xdr-a-case-study-in-the-power-of-simplicity-b436f4f570ad

aikido_wiper:使用0 day漏洞利用将EDR转化为恶意擦除器

https://github.com/SafeBreach-Labs/aikido_wiper

RedditC2:滥用Reddit API托管C2流量

https://github.com/kleiton0x00/RedditC2

绕过macOS隐私机制的20多种新方法

https://i.blackhat.com/EU-22/Thursday-Briefings/EU-22-Fitzl-Knockout-Win-Against-TCC.pdf

一种新的MacOS持久性和欺骗技术:默认应用程序劫持

https://medium.com/@marcusthebrody/a-new-macos-persistence-and-deception-technique-default-application-hijacking-52de66955a16

漏洞相关

CVE-2022-33942:通过欺骗Kerberos和LDAP响应绕过英特尔DCM的身份验证

https://www.rcesecurity.com/2022/11/from-zero-to-hero-part-1-bypassing-intel-dcms-authentication-cve-2022-33942/

CVE-2022-21225:从SQL注入到英特尔DCM上的RCE

https://www.rcesecurity.com/2022/12/from-zero-to-hero-part-2-intel-dcm-sql-injection-to-rce-cve-2022-21225/

CVE-2022–42889:Text4Shell,Apache Commons Text Library RCE

https://medium.com/mii-cybersec/cve-2022-42889-text4shell-vulnerability-17b703a48dcd

CVE-2022-42703:Linux内核的内存管理(MM)子系统UAF漏洞

https://googleprojectzero.blogspot.com/2022/12/exploiting-CVE-2022-42703-bringing-back-the-stack-attack.html

CVE-2022-44721 Crowdstrike Falcon:绕过Windows终端设备上的令牌检查,并在未经适当授权的情况下从设备上卸载sensor,从而有效地移除设备的EDR和AV保护

https://github.com/gmh5225/CVE-2022-44721-CsFalconUninstaller

逐步使用自定义污点分析来检测堆安全问题

https://antonio-cooler.gitbook.io/coolervoid-tavern/detecting-heap-memory-pitfalls

MicrosoftEdgeUpdate权限提升问题

https://bugs.chromium.org/p/chromium/issues/detail?id=1332924

CVE-2022-24528:Windows Defender DoS漏洞Fuzz思路讲解与漏洞分析

https://medium.com/s2wblog/fuzzing-the-shield-cve-2022-24548-96f568980c0

云安全

可视化多云IAM概念

https://julian-wieg.medium.com/visualizing-multi-cloud-iam-concepts-63525967c0a7

AWS OIDC——利用EKS执行任务

https://pswalia2u.medium.com/aws-oidc-eks-abuse-632e13ec01b1

AWS OIDC——Github操作滥用

https://pswalia2u.medium.com/oidc-github-actions-abuse-dbef1d4cd559

BlueMap:Azure的交互式开发工具包

https://github.com/SikretaLabs/BlueMap

其他

检测恶意OAuth设备代码钓鱼

https://www.inversecos.com/2022/12/how-to-detect-malicious-oauth-device.html

noseyparker:在文本数据和Git历史记录中查找秘密和敏感信息

https://github.com/praetorian-inc/noseyparker

M01N Team公众号

聚焦高级攻防对抗热点技术

绿盟科技蓝军技术研究战队

官方攻防交流群

网络安全一手资讯

攻防技术答疑解惑

扫码加好友即可拉群

往期推荐

每周蓝军技术推送(2022.12.3-12.9)

每周蓝军技术推送(2022.11.26-12.2)

每周蓝军技术推送(2022.11.19-11.25)


文章来源: http://mp.weixin.qq.com/s?__biz=MzkyMTI0NjA3OA==&mid=2247490319&idx=1&sn=d09fda37fd428a7d799beabf4b41b6d4&chksm=c187db1ef6f052082d78719b36ccb71f67632624b84a9f37b48d70968d5548599762e8a7d67b#rd
如有侵权请联系:admin#unsafe.sh