淘先锋技术网

首页 1 2 3 4 5 6 7

0x00 如题

记录2月份阅读过的有价值的文章。

0x01 顶尖内网红队的基本能力

熟悉 Impacket, Rubeus,Certipy,kekeo等AD域和ADCS 域证书工具。

https://cloud.tencent.com/developer/article/1946138 如何使用Certipy检测活动目录证书安全

https://www.cnblogs.com/dajjjjjj/articles/10796015.html Rubeus域渗透

https://www.freebuf.com/articles/network/348684.html AWS S3 Bucket子域接管实现可信钓鱼服务攻击

https://m.imooc.com/article/326488 域安全|AD CS Relay—ESC8

https://blog.compass-security.com/2022/11/relaying-to-ad-certificate-services-over-rpc/ Relaying to AD Certificate Services over RPC

0x02 顶尖外网红队的基本能力

https://zhuanlan.zhihu.com/p/516836433 Shiro与Fastjson两种不同的反序列化注入内存马姿势

0x03 攻防对抗--蓝队

http://www.hackdig.com/06/hack-701940.htm DCSync 技术的攻击和检测

https://www.netwrix.com/privilege_escalation_using_mimikatz_dcsync.html DCSync Attack Using Mimikatz Detection

https://blog.csdn.net/qq_41860201/article/details/122876693 log4j2实战复现

https://www.wangan.com/p/7fygfy821ab69036 渗透技巧 | Bypass Powershell执行策略的N种方式

Set-ExecutionPolicy Bypass -Scope Process

https://xz.aliyun.com/t/10727 一款根据ASM污点流扫描 Jsp Webshell的工具(https://github.com/flowerwind/JspFinder )

https://he1m4n6a.github.io/2019/04/01/%E5%8F%8D%E5%85%A5%E4%BE%B5%E7%AD%96%E7%95%A5%E6%80%BB%E7%BB%93-%E5%9F%BA%E7%A1%80%E4%BF%A1%E6%81%AF%E6%90%9C%E9%9B%86/ 反入侵策略总结-基础信息搜集(HIDS建设)

动态监控进程

watch -n 1 -d 'ps -ef | grep passwd'

0x04 安全产品

https://www.dynarose.com/ 微隔离--蔷薇灵动

0x05 安全运营

https://docs.splunk.com/Documentation/Splunk/9.0.3/Forwarding/Forwarddatatothird-partysystemsd Forward data to third-party systems

0x06 其他

https://blog.csdn.net/weixin_53588804/article/details/123801132 若依-Ruo Yi(分离版学习笔记)

https://hack.zkaq.cn/battle/target?id=5a768e0ca6938ffd 封神台-掌控安全在线演练靶场

https://mp.weixin.qq.com/s/2Egwbsf1RdPv52jf_g605g CVE-2023-24055 Keepass密码管理工具漏洞复现

https://cloud.tencent.com/document/product/213/65719 迁移到指定云服务器教程

https://portal.immuniweb.com/client/login/ 情报网站

https://blog.csdn.net/amhoho/article/details/107955271 华为云服务器快速迁移方案(最多十几分钟)

https://blog.csdn.net/aladinggao/article/details/121674681 【M365运维】匹配用户UPN和Email地址