终端对抗
Blackout:利用gmer驱动程序禁用或杀死EDR和AV进程
https://github.com/ZeroMemoryEx/Blackout
https://www.loldrivers.io/drivers/7ce8fb06-46eb-4f4f-90d5-5518a6561f15/
Ruy-Lopez:防止EDR DLL加载到新生成进程,绕过用户态挂钩检测
https://github.com/S3cur3Th1sSh1t/Ruy-Lopez
通过特殊CS配置文件及插件规避EDR
https://whiteknightlabs.com/2023/05/23/unleashing-the-unseen-harnessing-the-power-of-cobalt-strike-profiles-for-edr-evasion/
LOOBins:MacOS版LOLBins
https://www.loobins.io/
https://infosecb.medium.com/introducing-loobins-9e732b9e06a6
使用磁盘取证查找恶意的WMI事件Consumer
https://www.sans.org/blog/finding-evil-wmi-event-consumers-with-disk-forensics/
使用内核调用堆栈检测内存威胁
https://www.elastic.co/cn/security-labs/upping-the-ante-detecting-in-memory-threats-with-kernel-call-stacks
漏洞相关
CVE-2023-32369:新的MacOS漏洞可以绕过SIP安全措施
https://www.microsoft.com/en-us/security/blog/2023/05/30/new-macos-vulnerability-migraine-could-bypass-system-integrity-protection/
CVE-2023-24941:NFS远程代码执行漏洞分析与检测
https://www.zerodayinitiative.com/blog/2023/5/31/cve-2023-24941-microsoft-network-file-system-remote-code-execution
云安全
使用Azure AD Graph API篡改条件访问策略
https://www.secureworks.com/research/tampering-with-conditional-access-policies-using-azure-ad-graph-api
其他
技嘉应用中心后门的供应链风险
https://eclypsium.com/blog/supply-chain-risk-from-gigabyte-app-center-backdoor/
Lab52 2023年第一季度威胁报告
https://lab52.io/blog/quarterly-threat-report-q1-2023/
大模型在威胁情报中应用可行性研究报告
https://mp.weixin.qq.com/s/G6JzGDkYJ1oQ4BHoYu5HlQ
从Office诱饵到鸡肋RCE
https://blog.xlab.app/p/8fbece25/
Botconf 2023议题速递
https://www.secrss.com/articles/54915
M01N Team公众号
聚焦高级攻防对抗热点技术
绿盟科技蓝军技术研究战队
官方攻防交流群
网络安全一手资讯
攻防技术答疑解惑
扫码加好友即可拉群
往期推荐
如有侵权请联系:admin#unsafe.sh