文章总结： 本周攻防动态聚焦红队技术演进与工具更新，涵盖EDR规避、权限提升、DNS隐蔽传输等关键技术，同时介绍多款新型安全工具如SAM提取器、强制提权工具等，为攻防实战提供最新技术参考。 综合评分： 78 文章分类： 红队,安全工具,内网渗透,漏洞分析,威胁情报

攻防技战术动态一周更新 – 20260615

原创

红蓝对抗技术 红蓝对抗技术

红蓝对抗技战术

2026年6月22日 22:40 北京

在小说阅读器读本章

去阅读

漏洞相关

1、

红队技术

1、Sleeping Beauty II: CFG, CET, and Stack Spoofing

https://maorsabag.github.io/posts/adaptix-stealthpalace/sleeping-beauty-ii/

2、Offensive Security: Speeding up Active Directory Pentests with ADScan and ADPulse

https://hackers-arise.com/offensive-security-speeding-up-active-directory-pentests-with-adscan-and-adpulse/

3、Windows Privilege Escalation 01: Initial Enumeration

https://niklas-heringer.com/penetration-testing/windows-privilege-escalation-01/

4、Harnessing the Power of Cobalt Strike Profiles for EDR Evasion – Part 3

Harnessing the Power of Cobalt Strike Profiles for EDR Evasion – Part 3

5、What Are Windows Logon Sessions and How Do They Relate to Tokens?

https://trainsec.net/library/windows-internals/windows-logon-sessions-and-tokens/

6、Unveiling DNSStager: A tool to hide your payload in DNS

https://askar.so/blogs/unveiling-dnsstager-a-tool-to-hide-your-payload-in-dns/

7、WinGet

WinGet

8、EDR 的“自毁”开关

https://mp.weixin.qq.com/s/sfV9u7VQGvfrCejvkmZdjA

9、Hunting ROP Gadgets in Windows DLLs

https://medium.com/@s12deff/hunting-rop-gadgets-in-windows-dlls-3184e4eeba62

蓝队技术

1、Interlock and Rhysida within the ransomware ecosystem

https://www.ibm.com/think/x-force/interlock-and-rhysida-within-the-ransonware-ecosystem

工具类

1、WhatAboutSAM

https://github.com/PeterGabaldon/WhatAboutSAM

WhatAboutSAM is my custom PoC of a Windows SAM dumper

2、UNCanny Coerce

https://github.com/0xHossam/UnCanny

Another new coercion primitive with LPE 0day – machine-account NTLM coercion from a non-admin user via Windows Store InstallService plugin resolution experiments

3、Proxer

https://github.com/Skuntir/Proxer

A modern HTTP and HTTPS interception proxy with custom-made extensions support.

4、ETWPrism: User-Mode ETW Interception Lab

https://github.com/kernullist/ETWPrism

5、LACUNA Chain

https://github.com/MazX0p/LACUNA-Chain

https://0xmaz.me/posts/LACUNA-Chain-Ghost-Frames-defeats-All-EDR-layers-of-call-stack-based-detection/

Six-layer call-stack spoofing via .pdata lacunae — defeats ETW-Ti, kernel callbacks, CET shadow stack, and return-address validation in a single composite chain.

7、Windows Sandbox .wsb HostFolder NTLM Leak

https://github.com/0xHossam/UNCagedSandbox

8、Rust for Malware Development

https://git.smukx.site/smukx/Rust-for-Malware-Development

9、PhantomCtx

https://github.com/r3xmax/PhantomCtx

https://mp.weixin.qq.com/s/ZhAgr31ND0GaSbZIeGPcXQ

Activation Context Hijacking Evasion Tool

10、ShellHWEventExec

https://github.com/0xHossam/ShellHWEventExec

BOF and research notes from hunting execution paths, covering Shell.HWEventHandlerShellExecute COM execution through the AutoPlay IHWEventHandler flow + ssh-shellhost.exe direct PTY command execution behavior.

11、Atomic BOFs

https://rastamouse.me/atomic-bofs/

12、RawHive

https://github.com/nmht3t/RawHive

Cobalt Strike BOF that extracts selected Windows registry hives directly from a raw NTFS volume by parsing NTFS metadata and reading file data straight from disk.

其他类

1、

免责声明：

本文所载程序、技术方法仅面向合法合规的安全研究与教学场景，旨在提升网络安全防护能力，具有明确的技术研究属性。

任何单位或个人未经授权，将本文内容用于攻击、破坏等非法用途的，由此引发的全部法律责任、民事赔偿及连带责任，均由行为人独立承担，本站不承担任何连带责任。

本站内容均为技术交流与知识分享目的发布，若存在版权侵权或其他异议，请通过邮件联系处理，具体联系方式可点击页面上方的联系我。

本文转载自：红蓝对抗技战术 红蓝对抗技术 红蓝对抗技术《攻防技战术动态一周更新 – 20260615》