攻防技战术动态一周更新 - 20250526

漏洞相关

1、

红队技术

1、Red Team Gold: Extracting Credentials from MDT Shares

https://trustedsec.com/blog/red-team-gold-extracting-credentials-from-mdt-shares

2、Offensive Threat Intelligence

https://blog.zsec.uk/offensive-cti/

3、Sliver C2 Tutorial - Exploring The Hacker's Armory

https://www.youtube.com/watch?v=-zBxsb0yThc&t=5s

4、Understanding & Mitigating BadSuccessor

https://specterops.io/blog/2025/05/27/understanding-mitigating-badsuccessor/

5、C2 Redirectors: Advanced Infrastructure for Modern Red Team Operations

https://xbz0n.sh/blog/c2-redirectors

6、Ghostly Hollowing

https://medium.com/@s12deff/ghostly-hollowing-3de4831c7a83

7、(Why) IAM demands an #AttackGraph First Approach

https://specterops.io/blog/2025/05/27/why-iam-demands-an-attack-graph-first-approach/

8、BlueHat IL 2025 - Yarden Shafir - Look, Ma—No Privileges! How Windows Gives You Kernel Pointers...

https://www.youtube.com/watch?v=Dk2rLO2LC6I

9、Revisiting COM Hijacking

https://specterops.io/blog/2025/05/28/revisiting-com-hijacking/

10、Introduction to Ghost Files

https://medium.com/@s12deff/introduction-to-ghost-files-12cd3657eb26

11、A Journey From sudo iptables To Local Privilege Escalation

https://www.shielder.com/blog/2024/09/a-journey-from-sudo-iptables-to-local-privilege-escalation/

12、Stealth Syscall Execution: Bypassing ETW, Sysmon, and EDR Detection

https://www.darkrelay.com/post/stealth-syscall-execution-bypass-edr-detection

13、Rude Awakening: Unmasking Sleep Obfuscation With TTTracer

https://blog.felixm.pw/rude_awakening.html

14、Augmenting Penetration Testing Methodology with Artificial Intelligence – Part 1: Burpference

https://www.blackhillsinfosec.com/penetration-testing-with-ai-part-1/

15、Boflink: A Linker For Beacon Object Files

https://blog.cybershenanigans.space/posts/boflink-a-linker-for-beacon-object-files/

16、Beyond HTTP: InterceptSuite for TCP/TLS Traffic Interception in Windows

https://blog.souravkalal.tech/beyond-http-interceptsuite-for-tcp-tls-traffic-interception-in-windows-518934bba22f

17、NTLMv2 Hash Leak via COM + Auto-Execution

https://medium.com/@andreabocchetti88/ntlmv2-hash-leak-via-com-auto-execution-543919e577cb

18、VMP源码阅读(二)

蓝队技术

1、Velvet Chollima APT Adversary Simulation

https://medium.com/@S3N4T0R/velvet-chollima-apt-adversary-simulation-89c5159e7fc1

2、Sanctum EDR

https://github.com/0xflux/Sanctum/

Sanctum is an experimental proof-of-concept EDR, designed to detect modern malware techniques, above and beyond the capabilities of antivirus. Built in Rust.

3、Leveraging Sysmon to Complement EDR and Address Evasion Techniques

https://medium.com/@siddhantalokmishra/leveraging-sysmon-to-complement-edr-and-address-evasion-techniques-deb8c96fb7f7

工具类

1、OnionC2

https://github.com/zarkones/OnionC2

2、BRC4 Profile Maker

https://github.com/cyndicatelabs/brc4_profile_maker

3、dMSASync.py

https://gist.github.com/snovvcrash/a1ae180ab3b49acb43da8fd34e7e93df

4、KoviD

https://github.com/carloslack/KoviD

Red-Team Linux kernel rootkit

其他类

1、BlueHat IL 2025

https://www.youtube.com/playlist?app=desktop&list=PLnWGkkkDVeqjWP-oK99CVniETkci-elS0