文章总结： 该文档是2026年4月20日至26日的网络安全攻防技战术周报，核心内容包括CVE-2026-32746GNUinetutilsTelnetd32年历史漏洞的预认证远程代码执行分析、红队技术如AppDomain劫持和内存.NET滥用、ActiveDirectory攻击架构更新、进程创建回调枚举与覆盖技术，以及12款蓝队工具如注册表隐匿操作工具swarmer、二进制免杀工具Beatrice.py、Exchange权限关系映射工具ExchangeHound等，提供漏洞预警、攻击技战术和防御工具的可操作参考。 综合评分： 85 文章分类： 漏洞分析,红队,内网渗透,安全工具,威胁情报

攻防技战术动态一周更新 – 20260420

原创

红蓝对抗技术 红蓝对抗技术

红蓝对抗技战术

2026年4月26日 11:40 北京

在小说阅读器读本章

去阅读

漏洞相关

1、A 32-Year-Old Bug Walks Into A Telnet Server (GNU inetutils Telnetd CVE-2026-32746 Pre-Auth RCE)

https://labs.watchtowr.com/a-32-year-old-bug-walks-into-a-telnet-server-gnu-inetutils-telnetd-cve-2026-32746/

红队技术

1、Operation PhantomCLR : Stealth Execution via AppDomain Hijacking and In-Memory .NET Abuse

Operation PhantomCLR : Stealth Execution via AppDomain Hijacking and In-Memory .NET Abuse

2、Active Directory Attack Architecture Map v1.1

https://kypvas.github.io/ad_attack_architecture/

3、Another COM object for RedSun can be used to execute commands through arbitrary file write.

https://x.com/haider_kabibo/status/2045976684692656245

4、Enumerating Windows Process Creation Callbacks

https://medium.com/@s12deff/enumerating-windows-process-creation-callbacks-98e09153e2d7

5、Launch WSL Applications from Windows with WslLaunch

https://trainsec.net/library/windows-kernel/launch-wsl-applications-from-windows-with-wsllaunch/

6、Overwriting Process Creation Kernel Callbacks

https://medium.com/@s12deff/overwriting-process-creation-kernel-callbacks-8c9f73980eb7

7、MSSQLHound Now Available in Go

https://specterops.io/blog/2026/04/23/mssqlhound-now-available-in-go/

8、Kerberos with Titanis

https://trustedsec.com/blog/kerberos-with-titanis?utm_content=376240230&utm_medium=social&utm_source=twitter&hss_channel=tw-403811306

蓝队技术

1、

工具类

1、swarmer

https://github.com/praetorian-inc/swarmer

A tool for sneakily adding registry keys to HKCU without EDR/AV being able to see what’s happening even if you don’t have administrator access.

2、Beatrice.py

https://github.com/raskolnikov90/Beatrice.py

Modify machine code in binaries with alternative x64 assembly opcodes for AV evasion

3、ProcessInspect BOF

https://github.com/whokilleddb/PSI_BOF

A BOF designed to inspect processes memory and addresses

4、ExchangeHound

https://github.com/FilipPwn/ExchangeHound

ExchangeHound is a defensive BloodHound OpenGraph collector for on-prem Microsoft Exchange that maps mailbox delegation and Exchange privilege relationships to help blue teams find abuse paths and permission risks.

5、Clipboard Monitor

https://github.com/jakobfriedl/clipboard-monitor-bof

Async BOF to monitor and detect clipboard changes on a target system and return the clipboard contents.

6、Kerberos TGT Monitor BOF

https://github.com/jakobfriedl/tgt-monitor-bof

Async BOF implementation of ‘Rubeus monitor’ to detect and automatically extract Kerberos TGTs as they appear on a target system.

7、KeeLog

https://github.com/jakobfriedl/keelog-bof

Async BOF to capture KeePass master passwords by detecting and keylogging locked database windows.

8、KSLDBYOVD

https://github.com/ANYLNK/KSLDBYOVDARK

Abusing Some Defects in KSLD Ark driver

9、BeaconHTTPSniff

https://github.com/whokilleddb/BeaconHTTPSniff

A collection of programs which monitor the incoming/outgoing traffic from shellcode execution.

10、CDP-Enable-BOF

https://github.com/KingOfTheNOPs/CDP-Enable-BOF

Beacon Object File to Enable Chrome DevTools Protocol (CDP)

11、zig-pe

https://github.com/Thoxy67/zig-pe

Reflective PE loader written in Zig. Loads and executes native and .NET PE files directly from memory.

12、Zig BOF Template

https://github.com/nbaertsch/zig-bof-template

其他类

1、

免责声明：

本文所载程序、技术方法仅面向合法合规的安全研究与教学场景，旨在提升网络安全防护能力，具有明确的技术研究属性。

任何单位或个人未经授权，将本文内容用于攻击、破坏等非法用途的，由此引发的全部法律责任、民事赔偿及连带责任，均由行为人独立承担，本站不承担任何连带责任。

本站内容均为技术交流与知识分享目的发布，若存在版权侵权或其他异议，请通过邮件联系处理，具体联系方式可点击页面上方的联系我。

本文转载自：红蓝对抗技战术 红蓝对抗技术 红蓝对抗技术《攻防技战术动态一周更新 – 20260420》