攻防技战术动态一周更新 - 20250602 - 新鲜讯息

漏洞相关

1、

红队技术

1、FriendlyFire BOF: Selective Process Freezing

https://kreep.in/friendlyfire-bof-selective-process-freezing/

2、Postgresql JDBC Attack and Stuff

https://su18.org/post/postgresql-jdbc-attack-and-stuff/

3、UCgMSAExploitation

https://nothingspecialforu.github.io/UCgMSAExploitation/

4、Spying On Screen Activity Using Chromium Browsers

https://mrd0x.com/spying-with-chromium-browsers-screensharing/

5、Camera and Microphone Spying Using Chromium Browsers

https://mrd0x.com/spying-with-chromium-browsers-camera/

6、Tokenization Confusion

https://specterops.io/blog/2025/06/03/tokenization-confusion/

7、The Ultimate Guide to Windows Coercion Techniques in 2025

https://blog.redteam-pentesting.de/2025/windows-coercion/

8、Dynamically Instrumenting Beacon With BeaconGate - For All Your Call Stack Spoofing Needs!

https://www.cobaltstrike.com/blog/instrumenting-beacon-with-beacongate-for-call-stack-spoofing

9、Modern Adversary TTPs: The Rise of 'Read Teaming'

https://deceptiq.com/blog/rise-of-read-teaming

10、2025 Red Team Tools – C2 Frameworks, Active Directory & Network Exploitation

https://bishopfox.com/blog/2025-red-team-tools-c2-frameworks-active-directory-network-exploitation

11、From Zero Creds to Enterprise Admin

https://xbz0n.sh/blog/from-zero-creds-to-ea

12、Defeating AV/EDRs: Advanced Evasion Techniques

https://medium.com/@s12deff/defeating-av-edrs-advanced-evasion-techniques-d389fb21478d

13、Going Native - Malicious Native Applications

https://www.protexity.com/post/going-native-malicious-native-applications

14、Hijacking the Windows "MareBackup" Scheduled Task for Privilege Escalation

https://itm4n.github.io/hijacking-the-windows-marebackup-scheduled-task-for-privilege-escalation/

15、MalDev Myths

https://blog.deeb.ch/posts/maldev-myths/

16、通过两字节修改实现的Windows内核函数Hook框架

17、C2 重定向器：现代红队行动的高级基础设施

18、Planting a Tradecraft Garden

https://aff-wg.org/2025/06/04/planting-a-tradecraft-garden/

蓝队技术

1、Remote Desktop Application vs MSTSC Forensics: The RDP Artifacts You Might Be Missing

https://www.zerofox.com/blog/remote-desktop-application-vs-mstsc-forensics-the-rdp-artifacts-you-might-be-missing/

2、No Agent, No Problem: Discovering Remote EDR

https://jonny-johnson.medium.com/no-agent-no-problem-discovering-remote-edr-8ca60596559f

https://github.com/jonny-jhnson/JonMon-Lite

3、Hypervisors for Memory Introspection and Reverse Engineering

https://secret.club/2025/06/02/hypervisors-for-memory-introspection-and-reverse-engineering.html

4、defendnot? Defend YES! Detecting Malicious Security Product Bypass Techniques

https://www.huntress.com/blog/defendnot-detecting-malicious-security-product-bypass-techniques

工具类

1、Offensive-Windows-Drivers-Development

https://github.com/CyberSecurityUP/Offensive-Windows-Drivers-Development

2、evil-winrm-py

https://github.com/adityatelange/evil-winrm-py

3、VSCode-Backdoor

https://github.com/SaadAhla/VSCode-Backdoor

4、Obfusk8: C++17-Based Obfuscation Library

https://github.com/x86byte/Obfusk8

5、QDoctor

https://github.com/QAX-Anti-Virus/QDoctor

The first Computer Emergency Response (ARK) Tools for young people ;) 年轻人的第一款应急响应(ARK)工具；）

6、Delegations

https://github.com/TheManticoreProject/Delegations

7、Offensive-Windows-Drivers-Development