文章总结： 本文汇总了2026年5月11日至16日的攻防技战术动态，重点包括FragnesiaLinux本地提权漏洞、GreenPlasmaWindows权限提升漏洞等漏洞披露，以及红队技术如绕过EDR实现哈希提取、MS-RPC漏洞自动化研究、EntryPoint劫持等攻击手法，同时提供了BypassEDR、WinSSHound等10余款安全工具更新，为安全研究人员提供最新的攻防实践参考。 综合评分： 82 文章分类： 红队,渗透测试,漏洞分析,安全工具,威胁情报

攻防技战术动态一周更新 – 20260511

原创

红蓝对抗技术 红蓝对抗技术

红蓝对抗技战术

2026年5月16日 15:46 北京

在小说阅读器读本章

去阅读

漏洞相关

1、Fragnesia

https://github.com/v12-security/pocs/tree/main/fragnesia

Fragnesia is a universal Linux local privilege escalation exploit, discovered with V12 by William Bowling with the V12 team.

2、GreenPlasma

https://github.com/Nightmare-Eclipse/GreenPlasma

GreenPlasma Windows CTFMON Arbitrary Section Creation Elevation of Privileges Vulnerability

3、MiniPlasma

https://github.com/Nightmare-Eclipse/MiniPlasma

CVE-2020-17103 was apparently not patched or the patch was reversed, regardless this the PoC for an LPE in cldflt.sys

红队技术

1、如何绕过EDR实现DumpHash

·https://blog.zgsec.cn/archives/EDR-DumpHash.html

https://github.com/AabyssZG/HashDump-BypassEDR

2、Windows Shell Links in C++: How to Read and Write .lnk Files

https://trainsec.net/library/windows-kernel/windows-shell-links-in-c-how-to-read-and-write-lnk-files/

3、MacOS hacking part 11: bind shell for ARM (M1). Simple Assembly (M1) and C (run shellcode) examples

https://cocomelonc.github.io/macos/2025/09/01/malware-mac-11.html

4、Dissecting Impacket for Good and Bad

https://www.abdulmhsblog.com/posts/impacket-iocs/

5、Recursively fuzzing MS-RPC structures and monitoring using ETW

https://www.incendium.rocks/posts/Fuzzing-MS-RPC-structures-and-monitoring/

6、Primitive Injection – Breaking the Status Quo

https://trickster0.github.io/posts/Primitive-Injection/

7、Automating MS-RPC vulnerability research

https://www.incendium.rocks/posts/Automating-MS-RPC-Vulnerability-Research/

8、Kernel Dynamic Offset Resolution using PDB Symbols

https://medium.com/@s12deff/kernel-dynamic-offset-resolution-using-pdb-symbols-b0aaa499ac25

9、EntryPoint Hijacking

EntryPoint Hijacking

10、基于LLVM的通用自包含化(Shellcode)编译器开发思路

https://mp.weixin.qq.com/s/7w1262ie20u8T2pi-P8_9g

11、NATS-as-C2: Inside a new technique attackers are using to harvest cloud credentials and AI API keys

https://www.sysdig.com/blog/nats-as-c2-inside-a-new-technique-attackers-are-using-to-harvest-cloud-credentials-and-ai-api-keys

12、你的EDR没有DR了

https://mp.weixin.qq.com/s/q-ZSN-x6kbvLJ25vkwZapw

13、负载均衡下打内存马的奇淫技巧

https://mp.weixin.qq.com/s/wiaaXq-nnL_QFZNu_HXoAg

蓝队技术

1、

工具类

1、BypassEDR

https://github.com/AabyssZG/HashDump-BypassEDR

Windows绕过EDR实现DumpHash

2、Steganography Shellcode Loader

https://github.com/InternetBot/Stenloader

3、WinSSHound

https://github.com/1r0BIT/WinSSHound

Windows SSH Misconfiguration Discovery Tool – Map lateral movement paths through misconfigured SSH services in Active Directory environments

4、ghostlock

https://github.com/kimd155/ghostlock

SMB deny-share handle research tool. Lock files on an enterprise share with zero writes, zero encryption, and zero alerts in any behavioral defense. Standard user. One API call. No CVE.

5、Ouroboros

https://github.com/xpn/Ouroboros

A POC tool for exploring dev-tunnels

6、EgnakeRAT

https://github.com/egnake/EgnakeRAT

Advanced, asynchronous Android Command & Control (C2) framework featuring AES-256-CBC encryption, DOM-based keylogging, and E2EE notification interception. Built for Red Team operations and mobile security research.

7、ROR13

https://github.com/rasta-mouse/ror13

World’s simplest ROR13 generator

8、AddUser-SAMR

https://github.com/ricardojoserf/AddUser-SAMR

Create local administrators with the SAMR API (lowest-level technique). Implemented in C#, Crystal, Python and Rust

9、CustomWinAPIFunctions

https://github.com/S12cybersecurity/CustomWinAPIFunctions

10、USB Monitor BOF

https://github.com/jakobfriedl/usb-monitor-bof

其他类

1、

免责声明：

本文所载程序、技术方法仅面向合法合规的安全研究与教学场景，旨在提升网络安全防护能力，具有明确的技术研究属性。

任何单位或个人未经授权，将本文内容用于攻击、破坏等非法用途的，由此引发的全部法律责任、民事赔偿及连带责任，均由行为人独立承担，本站不承担任何连带责任。

本站内容均为技术交流与知识分享目的发布，若存在版权侵权或其他异议，请通过邮件联系处理，具体联系方式可点击页面上方的联系我。

本文转载自：红蓝对抗技战术 红蓝对抗技术 红蓝对抗技术《攻防技战术动态一周更新 – 20260511》