2025-12-29 00:40:07 网络安全文章来源：ZONE.CI 全球网 0 阅读模式

文章总结： 本周更新涵盖红队内存规避、AMSI与UAC绕过、Python免杀等进阶技术及蓝队墨龙行动分析。工具推荐包含CobaltStrikeBOF、EDR中和器GhostLocker、红队框架Wyrm与GateSentinel及凭据转储工具，汇总了最新攻防实战资源与恶意软件开发进展。 综合评分： 85 文章分类： 红队,免杀,安全工具,恶意软件,内网渗透

cover_image

攻防技战术动态一周更新 – 20251222

原创

红蓝对抗技术

红蓝对抗技战术

2025年12月27日 21:47 北京

漏洞相关

1、

红队技术

1、Evading Signature Based Memory Detection – Shellcode Fragmentation and Staged Reassembly

https://g3tsyst3m.com/shellcode%20fragmentation/in-memory%20evasion/Evading-Signature-Based-Memory-Detection-Shellcode-Fragmentation-and-Staged-Reassembly/

2、Callback hell: abusing callbacks, tail-calls, and proxy frames to obfuscate the stack

https://klezvirus.github.io/posts/Callback-Hell/

3、Patchless AMSI Bypass via Page Guard Exceptions

https://shigshag.com/blog/amsi_page_guard

4、User Access Control Bypass via CMSTP

https://medium.com/@s12deff/user-access-control-bypass-via-cmstp-07bf78be0ce2

5、Understanding the Process Environment Block (PEB) for Malware Analysis

https://metehan-bulut.medium.com/understanding-the-process-environment-block-peb-for-malware-analysis-26315453793f#27b8

6、36x核x免杀之Python代码自修改技术

https://mp.weixin.qq.com/s/s9VfC54Bnp9bD41ArdIcAg

7、Registry Writes Without Registry Callbacks

https://deceptiq.com/blog/ntuser-man-registry-persistence

蓝队技术

1、Inside Ink Dragon: Revealing the Relay Network and Inner Workings of a Stealthy Offensive Operation

https://research.checkpoint.com/2025/ink-dragons-relay-network-and-offensive-operation/

2、The Complete Guide to Hunting Cobalt Strike – Part 2: 10+ HuntSQL Recipes to Find Cobalt Strike

https://hunt.io/blog/guide-hunting-cobalt-strike-part-2-huntsql-recipes

工具类

1、cSessionHop

https://github.com/jhalon/cSessionHop

Beacon Object File (BOF) for Windows Session Hijacking via IHxHelpPaneServer COM

2、BOF Execute-Assembly

https://github.com/NtDallas/BOF_ExecuteAssembly

3、CPLDCOMTrigger

https://github.com/sud0Ru/CPLDCOMTrigger

CPL remote trigger

4、GhostLocker: AppLocker-Based EDR Neutralization

https://github.com/zero2504/EDR-GhostLocker

5、Founding

https://github.com/SenSecurity/Founding

Founding is a generator that will create a loader encrypted or obfuscated with different execution types

6、BOFs

https://github.com/RayRRT/BOFs/tree/main

Beacon Object Files (BOFs) for Cobalt Strike and Havoc C2. Implementations of Active Directory attacks and post-exploitation techniques.

7、Wyrm – v0.7.1 Hatchling

https://github.com/0xflux/Wyrm/

The dragon in the dark. A red team post exploitation framework for testing security controls during red team assessments.

8、AxiomDumper

https://github.com/mallo-m/AxiomDumper

Lsass dumper evading (all ?) EDR detection

9、BounceBack

https://github.com/D00Movenok/BounceBack

↕️🤫 Stealth redirector for your red team operation security

10、DumpChromeSecrets

https://github.com/Maldev-Academy/DumpChromeSecrets

11、bof(link) template

https://github.com/CodeXTF2/bof_template

12、VectoredOverloading in Rust

https://github.com/Whitecat18/Rust-for-Malware-Development/tree/main/VectoredOverloading

13、GateSentinel

https://github.com/Jackstem/GateSentinel-C2-Rat-Hvnc

GateSentinel is a modern C2 (Command and Control) framework designed for security research and penetration testing.

14、Earlycascade Injeciton in Rust [Re-Implemented]

https://github.com/Whitecat18/earlycascade-injection

Early cascade injection PoC based on Outflanks blog post written in Rust

其他类

1、

免责声明：

本文所载程序、技术方法仅面向合法合规的安全研究与教学场景，旨在提升网络安全防护能力，具有明确的技术研究属性。

任何单位或个人未经授权，将本文内容用于攻击、破坏等非法用途的，由此引发的全部法律责任、民事赔偿及连带责任，均由行为人独立承担，本站不承担任何连带责任。

本站内容均为技术交流与知识分享目的发布，若存在版权侵权或其他异议，请通过邮件联系处理，具体联系方式可点击页面上方的联系我。

本文转载自：红蓝对抗技战术红蓝对抗技术《攻防技战术动态一周更新 – 20251222》