文章总结： 本周攻防动态涵盖漏洞、红蓝队技术及工具。漏洞方面涉及NTLM反射攻击AD及Windows驱动漏洞。红队技术聚焦EDR绕过与静默、自定义DLL加载及反Rootkit对抗。蓝队更新Sysmon指南。工具推荐包括AdrenalineBOF套件、Shellcode测试框架、WSLBOF、AD收集工具及端口转发工具，助力后渗透与系统管理。 综合评分： 85 文章分类： 红队,安全工具,漏洞分析,内网渗透,安全运营

攻防技战术动态一周更新 – 20260112

原创

红蓝对抗技术 红蓝对抗技术

红蓝对抗技战术

2026年1月17日 20:59 北京

漏洞相关

1、Using NTLM Reflection to Own Active Directory (CVE-2025-33073)

Using NTLM Reflection to Own Active Directory (CVE-2025-33073)

2、PoC Repository for Vulnerable Windows Drivers

https://github.com/ghostbyt3/WinDriver-EXP

红队技术

1、EDRStartupHinder: EDR Startup Process Blocker

https://www.zerosalarium.com/2026/01/edrstartuphinder-edr-startup-process-blocker.html

2、EDR Silencing

EDR Silencing

3、Custom DLL Loading Technique in Windows

https://medium.com/@s12deff/custom-dll-loading-technique-in-windows-c84ba0496a6f

4、Creating a Rust VBS Enclave DLL running in VTL1

https://fluxsec.red/creating-a-rust-application-running-in-vtl1

5、(Anti-)Anti-Rootkit Techniques – Part I: UnKovering mapped rootkits

https://eversinc33.com/2024/03/23/anti-anti-rootkit-techniques-part-i-unkovering-mapped-rootkits

蓝队技术

1、Updating the Sysmon Community Guide: Lessons Learned from the Front Lines

https://trustedsec.com/blog/updating-the-sysmon-community-guide-lessons-learned-from-the-front-lines

工具类

1、Adrenaline BOF Kit

https://github.com/atomiczsec/Adrenaline

Collection of BOFs created for red team/adversary engagements. Created to be small and interchangeable, for quick recon or eventing.

2、Windows 11 Shadow Copies

https://github.com/ricardojoserf/w11_shadow_copies

Create, delete or list Shadows Copies using the VSS API using C++, C# or Python. Working on Windows 11

3、Shellcode Test Harness

https://github.com/bitStream93/Shellcode-Test-Harness

A lightweight test harness designed to speed up shellcode development by providing an execution environment with integrated crash diagnostics and debug output redirection.

4、WSL BOF – Windows Subsystem for Linux Beacon Object File

https://github.com/MayerDaniel/the-one-wsl-bof

One WSL BOF to rule them all

5、PortBuddy 🚀

https://github.com/amak-tech/port-buddy

Expose local ports to the internet in seconds

6、cc-agent

https://github.com/JeanBonBeurre34/cc-agent

The agent is a comprehensive solution designed to facilitate remote command execution and management through a Go-based agent.

7、AfterShell

https://github.com/Logisek/AfterShell

Fast Windows post-exploitation wins after initial access.

8、flashingestor

https://github.com/Macmod/flashingestor

A TUI for Active Directory collection.

其他类

1、

免责声明：

本文所载程序、技术方法仅面向合法合规的安全研究与教学场景，旨在提升网络安全防护能力，具有明确的技术研究属性。

任何单位或个人未经授权，将本文内容用于攻击、破坏等非法用途的，由此引发的全部法律责任、民事赔偿及连带责任，均由行为人独立承担，本站不承担任何连带责任。

本站内容均为技术交流与知识分享目的发布，若存在版权侵权或其他异议，请通过邮件联系处理，具体联系方式可点击页面上方的联系我。

本文转载自：红蓝对抗技战术 红蓝对抗技术 红蓝对抗技术《攻防技战术动态一周更新 – 20260112》