攻防技战术动态一周更新 - 20250310 - 新鲜讯息

漏洞相关

1、CVE-2025–21333 Windows heap-based buffer overflow analysis

https://medium.com/@ale18109800/cve-2025-21333-windows-heap-based-buffer-overflow-analysis-d1b597ae4bae

https://github.com/MrAle98/CVE-2025-21333-POC

红队技术

1、Diving Into AD CS: Exploring Some Common Error Messages

https://sensepost.com/blog/2025/diving-into-ad-cs-exploring-some-common-error-messages/

2、Havoc: SharePoint with Microsoft Graph API turns into FUD C2

https://www.fortinet.com/blog/threat-research/havoc-sharepoint-with-microsoft-graph-api-turns-into-fud-c2

3、Evilginx loves Temporary Access Passes too

https://janbakker.tech/evilginx-loves-temporary-access-passes-too/

4、Ghostly Reflective PE Loader — how to make an existing remote process inject a PE in itself

https://captain-woof.medium.com/ghostly-reflective-pe-loader-how-to-make-a-remote-process-inject-a-pe-in-itself-3b65f2083de0

5、Impossible XXE in PHP

https://swarm.ptsecurity.com/impossible-xxe-in-php/

6、Beyond the Hook: A Technical Deep Dive into Modern Phishing Methodologies

https://blog.quarkslab.com/technical-dive-into-modern-phishing.html

7、Node is a loader

https://www.atredis.com/blog/2025/3/7/node-is-a-loader

8、Kerberoasting w/o the TGS-REQ

https://rastamouse.me/kerberoasting-without-tgs-reqs/

9、Decrypting the Forest From the Trees

https://posts.specterops.io/decrypting-the-forest-from-the-trees-661694ed1616

10、Abusing VS Code’s Bootstrapping Functionality To Quietly Load Malicious Extensions

https://casvancooten.com/posts/2025/02/abusing-vs-codes-bootstrapping-functionality-to-quietly-load-malicious-extensions/

11、ABUSING PUPPET FOR RED TEAM OPERATIONS

https://www.tommacdonald.co.uk/abusing-puppet-for-red-team-operations/

12、Setup and weaponize Mythic C2 using DarwinOps to target MacOS

https://blog.balliskit.com/setup-and-weaponize-mythic-c2-using-darwinops-to-target-macos-9c7d45a44d8b

蓝队技术

1、Catching Potential Indirect Syscalls

https://xacone.github.io/mitigate-indirect-syscalls.html

2、How to monitor .NET applications startup

https://chnasarre.medium.com/how-to-monitor-net-applications-startup-ff3721dc3faf

工具类

1、phisherman

https://github.com/jfmaes/phisherman

A real fake social engineering app

2、ACLViewer

https://github.com/WildByDesign/ACLViewer

ACL Viewer for Windows

3、AMSI-Bypass-HWBP

https://github.com/winsecurity/AMSI-Bypass-HWBP

4、KrbRelayEx-RPC

https://github.com/decoder-it/KrbRelayEx-RPC

Kerberos Relay and Forwarder for (Fake) RPC/DCOM MiTM Server

6、goLAPS

https://github.com/sensepost/goLAPS

Retrieve LAPS passwords from a domain. The tools is inspired in pyLAPS.

7、ZeroProbe Enumration Framework

https://github.com/yehia-mamdouh/ZeroProbe

ZeroProbe is an advanced enumeration and analysis framework designed for exploit developers, security researchers, and red teamers. It provides a set of enumeration tools to identify security vulnerabilities, analyze system protections, and facilitate exploit development.