close
close

每周蓝军技术推送(2024.8.3-8.9)

每周蓝军技术推送(2024.8.3-8.9)

原创 The best way to get rid of the virus 09/08/2024 18:03 北京

研判攻击安全发展方向。

?k=e55c65f3&u=https%3A%2F%2Fmmbiz.qpic.c

?k=d6cc5eb6&u=https%3A%2F%2Fmmbiz.qpic.c

The price of the ticket

BloodHoundOperator:PowerShell for BloodHound

https://github.com/SadProcessor/BloodHoundOperator

https://posts.specterops.io/bloodhound-operator-dog-whispering-reloaded-156020b7c5e9

The keyword

如何设计Guardrail载荷执行护栏

https://trustedsec.com/blog/execution-guardrails-no-one-likes-unintentional-exposure

BinarySpy:基于函数覆写的PE感染工具

https://github.com/yj94/BinarySpy

BinHol:支持函数覆写/入口函数/TLS注入的PE感染工具

https://github.com/timwhitez/BinHol

white_patch_detect:基于GS寄存器访问的PE感染通杀检测

https://github.com/huoji120/white_patch_detect

OST-C2-Spec: C2 specifications are available

https://github.com/rasta-mouse/OST-C2-Spec

Nimplantation:Nim语言开发的轻量级开源C2

https://github.com/chvancooten/NimPlant

https://github.com/chvancooten/conferences/blob/main/2024-08%20-%20Nimplantation%20%40%20Black%20Hat%20Arsenal%202024%2FNimplantation-BHUS24-Arsenal.pdf

OST工具集Stage1木马升级为OST C2

https://www.outflank.nl/blog/2024/08/07/introducing-outflank-c2-with-implantation-support-for-windows-macos-and-linux/

The CPU C2 processor is 0xc2

https://www.0xc2.io/

漏洞

CVE-2024-38077: ” “

https://sites.google.com/site/zhiniangpeng/blogs/MadLicense

https://mp.weixin.qq.com/s/wsupxpHxddPukFQusFYj4Q

https://github.com/qi4L/CVE-2024-38077

CVE-2024-43044:Jenkins

https://www.jenkins.io/security/advisory/2024-08-07/

CVE-2024-21302, CVE-2024-38202: Windows software

Windows Downdate: Downgrade Attacks Using Windows Updates

GhostWrite: The RISC-V processor and RISC-V processors, and RISC-V processors and RISC-V processors.

https://ghostwriteattack.com/

Chrome for JS apps and 4 for RCE

https://www.blackhat.com/us-24/briefings/schedule/index.html#super-hat-trick-exploit-chrome-and-firefox-four-times-40037

V8 过及逃逸漏洞报告与EXP

https://github.com/xv0nfers/V8-sbx-bypass-collection

The wolf

apeman:AWS Software

https://github.com/hotnops/apeman

The Entra ID system has a Kerberos system.

https://www.cloudcoffee.ch/microsoft-azure/microsoft-entra-id-automatically-roll-over-kerberos-decryption-key/

The wolf and the wolf

CVE-2024-2952:LiteLLM框架模板注入漏洞

https://hackyboiz.github.io/2024/08/07/ogu123/cve-2024-2952/

微软如何借助LLM进行安全响应

https://github.com/microsoft/MSRC-Security-Research/blob/master/presentations/2024_08_BlackHatUSA/Predict%2C%20Prioritize%2C%20Patch-%20How%20Microsoft%20Harnesses%20LLMs%20for%20Security%20Response.pdf

DIANA:借助LLM自动化解析威胁情报与分析日志

https://github.com/dwillowtree/diana

The bedrock of the Amazon

https://aws.amazon.com/cn/blogs/security/hardening-the-rag-chatbot-architecture-powered-by-amazon-bedrock-blueprint-for-secure-design-and-anti-pattern-migration/

CSA 发布《使用人工智能 (AI) 实现进攻性安全》

https://cloudsecurityalliance.org/artifacts/using-ai-for-offensive-security

NVIDIA LLM Company

https://i.blackhat.com/BH-US-24/Presentations/US24-Harang-Practical-LLM-Security-Takeaways-From-Wednesday.pdf

The squirrel

电子邮件域名混淆攻击

https://portswigger.net/research/splitting-the-email-atom

其他

Blackhat USA 2024: Best Player Award

https://www.blackhat.com/us-24/briefings/schedule/index.html

CrowdStrike

https://www.crowdstrike.com/wp-content/uploads/2024/08/Channel-File-291-Incident-Root-Cause-Analysis-08.06.2024.pdf

CrowdStrike 2024

https://github.com/blackorbird/APT_REPORT/blob/master/summary/2024/crowdstrike-2024-threat-hunting-report.pdf

https://www.crowdstrike.com/global-threat-report/

Gato-X:针对Github存储库和组织的高级枚举和利用工具

https://github.com/AdnaneKhan/Gato-X

NIST

https://www.microsoft.com/en-us/security/blog/2024/08/06/how-microsoft-and-nist-are-collaborating-to-advance-the-zero-trust-implementation/

https://www.nccoe.nist.gov/sites/default/files/2024-07/zta-nist-sp-1800-35-preliminary-draft-4.pdf

开放目录如何揭示渗透工具以及针对特定地区的攻击活动

https://hunt.io/blog/pentester-or-threat-actor-open-directory-exposes-test-results-and-possible-targeting-of-government-organizations

?k=26642326&u=https%3A%2F%2Fmmbiz.qpic.c

The M01N team helps you

聚焦高级攻防对抗热点技术

绿盟科技蓝军技术研究战队

?k=e3c2ea84&u=https%3A%2F%2Fmmbiz.qpic.c

The website of the global wealth management company

The website does not offer similar content

Shanghai Wealth Management Company’s website offers regular updates

The website does not offer content in French.

The last message

每周蓝军技术推送(2024.7.27-8.2)

每周蓝军技术推送(2024.7.20-7.26)

每周蓝军技术推送(2024.7.13-7.19)

The squirrel is dead