2025-12-22 04:42:29 网络安全文章来源：ZONE.CI 全球网 0 阅读模式

文章总结： 本周攻防技战术动态聚焦于多个安全领域：红队方面包括C2流量代理技术、GPO横向移动、Hypervisor利用、Linux进程注入和弹性植入通信；蓝队技术部分内容空缺；工具类发布多个实用工具如CobaltStrikeAPI客户端、Hook绕过库、EDR禁用工具、AD属性扩展、LDAPBOF集和会话劫持工具；漏洞方面重点关注了ReactServerComponents的RCE漏洞CVE-2025-55182，该漏洞通过FlightPayload反序列化实现远程代码执行。 综合评分： 85 文章分类： 红队,漏洞分析,内网渗透,安全工具,WEB安全

cover_image

攻防技战术动态一周更新 – 20251208

原创

红蓝对抗技术

红蓝对抗技战术

2025年12月13日 17:11 北京

漏洞相关

1、CVE-2025-55182 – React Server Components RCE via Flight Payload Deserialization

https://www.offsec.com/blog/cve-2025-55182/?utm_campaign=9872414-2025-Technical-Blog&utm_content=360856436&utm_medium=social&utm_source=twitter&hss_channel=tw-134994790

红队技术

1、Stillepost – Or: How to Proxy your C2s HTTP-Traffic through Chromium

https://x90x90.dev/posts/stillepost/

https://github.com/dis0rder0x00/stillepost

2、Hide the threat – GPO lateral movement

Hide the threat – GPO lateral movement

3、Living off the Hypervisor – LOLPROX

https://blog.zsec.uk/lolprox/

4、Linux Process Injection via Seccomp Notifier

https://www.outflank.nl/blog/2025/12/09/seccomp-notify-injection/

5、Ideas for Meshed and Resilient Implant Communications

Ideas for Meshed and Resilient Implant Communications

蓝队技术

1、

工具类

1、csrest

https://github.com/Xenov-X/csrest

Golang Cobalt Strike Rest API Client

2、LazyHook

https://github.com/hwbp/LazyHook Evade behavioral analysis by executing malicious code within trusted Microsoft call stacks, patchless hooking library IAT/EAT.

3、Fairy-Law

https://github.com/zero2504/Fairy-Law

Fairy Law – Compromise or disable EDR security solutions

4、CLR Unhooking Tool

https://github.com/hwbp/CLR-Unhook

Modern security products (CrowdStrike, Bitdefender, SentinelOne, etc.) hook the nLoadImage function inside clr.dll to intercept and scan in-memory .NET assembly loads. This tool unhooks that function.