最新消息:

【第五期】国内外技术牛文每周精选

安全眼 demon 12108浏览 0评论

1.Linux内核(Ubuntu 17.04) – ‘XFRM’本地特权升级

https://www.exploit-db.com/exploits/44049/?rss&utm_source=dlvr.it&utm_medium=twitter

2.Evilgrade:一个用于更新劫持的工具

https://github.com/infobyte/evilgrade

3.集合misc IT安全相关的白皮书

https://github.com/bl4de/security_whitepapers

4.Injectify:一款执行MiTM 渗透测试的工具

https://github.com/samdenty99/injectify#513701257-tw#1517258399413

5. X86 Shellcode混淆 – 第1部分

https://breakdev.org/x86-shellcode-obfuscation-part-1/

6.用户帐户控制(UAC)绕过技术 – 第2部分

User Account Control(UAC) Bypass Techniques-Part 2

7.onlinesetup.cmd

C:\Windows\System32\onlinesetup.cmd->cmd.exe

 

https://twitter.com/i/web/status/958977746952118272

8.ScriptRunner.exe

C:\Windows\system32\ScriptRunner.exe -appvscript cmd.exe

 

9.psetsys.ps1

https://github.com/decoder-it/psgetsystem/blob/master/psgetsys.ps1

 

10.RedTrooperFM – Empire Module Wiki

https://github.com/SadProcessor/Cheats/blob/master/RedTrooperFM.md

11.DccwBypassUAC

https://github.com/L3cr0f/DccwBypassUAC

 

12.两种编码的恶意XML

https://mohemiv.com/all/evil-xml/

13.WordPress站点使用键盘记录窃取凭证

https://www.zscaler.com/blogs/research/compromised-wordpress-sites-stealing-credentials-keylogger

14.PoshC2:一个完全由PowerShell编写的红队渗透测试框架

https://github.com/nettitude/PoshC2

 

15.DNS反向代理

https://github.com/StalkR/dns-reverse-proxy

16.RFSec-ToolKit

https://github.com/cn0xroot/RFSec-ToolKit

 

17.Hardentools:一款用于个人的通过禁用系统不必要的功能减少用户的攻击面

https://github.com/securitywithoutborders/hardentools/releases/tag/v1.0

 

18.Attack Detection

https://github.com/ptresearch/AttackDetection

 

19.特权升级和后利用

https://github.com/rmusser01/Infosec_Reference/blob/master/Draft/Privilege%20Escalation%20%26%20Post-Exploitation.md#linpriv

20.WMI开发基础

https://blog.ropnop.com/using-credentials-to-own-windows-boxes-part-3-wmi-and-winrm/

 

21.黄金票据

https://www.christophertruncer.com/golden-ticket-generation/

 

22.GoogleProjectZero成员教你如何入门搞安全

https://paper.seebug.org/530/

23.attler:DLL自动枚举工具

https://n0where.net/automated-dll-enumerator-rattler

24. Green-hat-suite? ——meterpreter bypass av

https://howucan.gr/scripts-tools/2860-green-hat-suite-tool-to-make-meterpreter-evade-antivirus

25.vshadow.exe?(前提需要管理员权限)

Vshadow: Abusing the Volume Shadow Service for Evasion, Persistence, and Active Directory Database Extraction

 

26.winlogon_regedit

https://twitter.com/subTee/status/962767403464577024

https://attack.mitre.org/wiki/Technique/T1122

https://gist.github.com/anonymous/3929d9df4035abec725bcdc36659fce5

 

27.关于冬奥病毒的分析

http://blog.talosintelligence.com/2018/02/olympic-destroyer.html

28.Shellcode Reflective DLL Injection

https://github.com/monoxgas/sRDI

29.MITM PE文件感染者:PEInjector

https://n0where.net/mitm-pe-file-infector-peinjector

https://github.com/JonDoNym/peinjector

30.一些在后渗透测试中可能会用到的PowerShell脚本

https://github.com/xorrior/RandomPS-Scripts

32.普通权限下的Active Directory枚举

Low Privilege Active Directory Enumeration from a non-Domain Joined Host

33.使用空字符绕过AMSI

http://standa-note.blogspot.in/2018/02/amsi-bypass-with-null-character.html?m=1

34.使用msiex/amp绕过白名单限制

https://homjxi0e.wordpress.com/2018/02/17/whitelisting-bypassing-using-msiex/amp/?__twitter_impression=true

35.PSAttack

https://github.com/jaredhaight/PSAttack/releases/tag/v1.99.1

祝:大家在新的一年里,万事如意!幸福安康!

转载请注明:即刻安全 » 【第五期】国内外技术牛文每周精选

您必须 登录 才能发表评论!



合作伙伴