攻防技战术动态一周更新 – 20250210
攻防技战术动态一周更新 – 20250210
原创 红蓝对抗技术 红蓝对抗技战术 2025-02-15 12:14
漏洞相关
1、
红队技术
1、Understanding Windows Structured Exception Handling
Understanding Windows Structured Exception Handling Part 1 – The Basics
Understanding Windows Structured Exception Handling Part 2 – Digging Deeper
Understanding Windows Structured Exception Handling Part 3 – Under The Hood
Understanding Windows Structured Exception Handling Part 4 – Pseudo __try/__except
2、Windows X64 SEH(异常分发机制)漫游指南
https://mp.weixin.qq.com/s/mMaARNMnlPm9K_QdlVTw4A?nwr_flag=1#wechat_redirect
3、The Key to COMpromise – Pwning AVs and EDRs by Hijacking COM Interfaces
https://neodyme.io/en/blog/com_hijacking_1/
https://neodyme.io/en/blog/com_hijacking_2/
4、Forging a Better Operator Quality of Life
https://posts.specterops.io/forging-a-better-operator-quality-of-life-e8bf24fc2aba
5、Build Your Own Offensive Security Lab A Step-by-Step Guide with Ludus
https://xphantom.nl/posts/Offensive-Security-Lab/
6、Bring Your Own Trusted Binary (BYOTB) – BSides Edition
https://labs.jumpsec.com/bring-your-own-trusted-binary-byotb-bsides-edition/
7、LOLC2
https://lolc2.github.io/
collection of C2 frameworks that leverage legitimate services to evade detection
8、Changing Windows Passwords in the Most Complex Way
https://github.com/decoder-it/ChgPass
9、PsExec’ing the right way and why zero trust is mandatory
https://sensepost.com/blog/2025/psexecing-the-right-way-and-why-zero-trust-is-mandatory/
10、对抗Cortex XDR之云函数隐藏C2
https://mp.weixin.qq.com/s/jEL8yObx4h0zdKOp_7KSxA
11、Top 10 web hacking techniques of 2024
https://portswigger.net/research/top-10-web-hacking-techniques-of-2024
12、Curious case of AD CS ESC15 vulnerable instance and its manual exploitation
https://www.mannulinux.org/2025/02/Curious-case-of-AD-CS-ESC15-vulnerable-instance-and-its-manual-exploitation.html
13、DLL Hijacking using ShellcodePack
https://blog.balliskit.com/dll-hijacking-using-shellcodepack-6f45c0bdfdec
蓝队技术
1、8 Million Requests Later, We Made The SolarWinds Supply Chain Attack Look Amateur
https://labs.watchtowr.com/8-million-requests-later-we-made-the-solarwinds-supply-chain-attack-look-amateur/
工具类
1、pool_party_rs
https://github.com/Teach2Breach/pool_party_rs
2、Raccoon
https://github.com/nettitude/raccoon
https://www.lrqa.com/en/cyber-labs/introducing-raccoon/
A nasty lil’ targeted screenshoter that will momentarilly open minimized windows.
3、Stifle
https://github.com/logangoins/Stifle
.NET Post-Exploitation Utility for Abusing Explicit Certificate Mappings in ADCS
4、StringReaper
https://github.com/boku7/StringReaper
CobaltStrike BOF designed to carve strings out of remote process memory. This tool allows operators to carve ASCII and UTF-16 strings from targeted processes, making it effective for retrieving JWT tokens, credentials, and other sensitive data directly from memory
5、AzureRedirector
https://github.com/dmcxblue/AzureRedirector
A C# project that builds a Web Applciation which redirects all HTTPS
6、Evil-Go
https://github.com/almounah/evil-go
A fork of the Go language with some tweaks
7、bloudstrike – a (semi-retired) CS bypass loader
https://github.com/redr0nin/bloudstrike
8、CaptainCredz
https://github.com/synacktiv/captaincredz
CaptainCredz is a modular and discreet password-spraying tool.
其他类
1、Exploit Development: Investigating Kernel Mode Shadow Stacks on Windows
https://connormcgarr.github.io/km-shadow-stacks/
2、Take a look into the depths of Windows kernels and reveal more than 60000 undocumented structures
https://www.vergiliusproject.com/