文章总结: 该文档总结了2026年6月29日当周攻防技战术动态,涵盖三个重要漏洞(包括Linux内核权限提升和SharePointRCE)、多项红队技术(如加密C2构建、绕过WindowsDefender、PEB破坏)以及蓝队技术。同时介绍了多个安全工具,如内存马框架NebulaPulsar、BYOVD分析工具DriverScope和C2框架Proteus。建议安全团队关注这些漏洞和技术的更新。 综合评分: 85 文章分类: 漏洞分析,红队,恶意软件,安全工具,蓝队技术
攻防技战术动态一周更新 – 20260629
原创
红蓝对抗技术 红蓝对抗技术
红蓝对抗技战术
2026年7月4日 15:18 北京
在小说阅读器读本章
去阅读
漏洞相关
1、PACKET_EDIT_MEME – aka CVE-2026-46331
https://github.com/sgkdev/packet_edit_meme
PACKET_EDIT_MEME.c (aka CVE-2026-46331): yet another page cache poisoning nightmare
2、Pack2TheRoot (CVE-2026-41651): Local Root on Linux via a PackageKit Race Condition
Pack2TheRoot (CVE-2026-41651): Local Root on Linux via a PackageKit Race Condition
3、Microsoft SharePoint Server Remote Code Execution Vulnerability
https://github.com/huynambka/cve-2026-26114-poc
红队技术
1、Building an Encrypted C2 Implant Using QUIC
https://g3tsyst3m.com/encrypted%20shell/Building-an-Encrypted-C2-Implant-Using-QUIC/
2、Building a Windows Defender Disable Shellcode with Stardust
https://medium.com/@s12deff/building-a-windows-defender-disable-shellcode-with-stardust-81d8f17bb111
3、PEB Corruption: A Remote Process Crash Technique
https://medium.com/@s12deff/peb-corruption-a-remote-process-crash-technique-4b25f8887678
4、Win x64 Shellcode – Part 2: TEB, PEB and List of Loaded Modules
https://proteqtum.com/posts/02-win-x64-shellcode-teb-peb_en/
5、Abusing Handle Elevation to Terminate Windows Defender
https://medium.com/@s12deff/abusing-handle-elevation-to-terminate-windows-defender-03519b2574da
6、Bypass Windows Defender antivirus in 2026: Evasion Techniques Using Direct Syscalls and XOR encryption – Part 2
https://www.hackmosphere.fr/bypass-windows-defender-antivirus-2025-part-2/
7、Malware and cryptography 45 – Shamir Secret Sharing. Simple C example.
https://cocomelonc.github.io/malware/2026/07/02/malware-cryptography-45.html
8、From Code to Coverage (Part 6): What netlogon.log Sees That Event 1644 Never Will
https://www.huntress.com/blog/ldap-active-directory-detection-part-six
9、MITM6 + NTLM Relay: How IPv6 Auto-Configuration Leads to Full Domain Compromise
https://www.resecurity.com/blog/article/mitm6-ntlm-relay-how-ipv6-auto-configuration-leads-to-full-domain-compromise
10、Bypassing EDR in a Crystal Clear Way
https://lorenzomeacci.com/bypassing-edr-in-a-crystal-clear-way
11、Exploring cross-domain & cross-forest RBCD: part 2
https://www.synacktiv.com/en/publications/exploring-cross-domain-cross-forest-rbcd-part-2
蓝队技术
1、
工具类
1、NebulaPulsar
https://github.com/iss4cf0ng/NebulaPulsar
NebulaPulsar is a proof-of-concept in-memory implant framework for Java (JSP) and ASP.NET (ASPX/ASHX/ASMX) webshells, originally developed as part of the Alien project.
2、DriverScope
https://github.com/diabloidyobane/DriverScope
Automated BYOVD driver analysis: import scanning, IOCTL dispatch extraction, Speakeasy emulation
3、Proteus
https://github.com/ZZ0R0/Proteus
Rust C2 agent for Mythic that produces polymorphic shellcode: per-build function shuffle + ChaCha20-encrypted data sections; no_std/no_main agent, PEB-walked APIs, WinHTTP comms.
4、Malvex C2
https://github.com/Erarnitox/MalvexC2
A simple C2 Framework written in modern C++
5、Hollow
https://github.com/Chaelsoo/Hollow
hollow is a shellcode loader generator. You give it a raw shellcode binary and a profile, and it spits out a compiled Windows PE loader with your shellcode encrypted inside.
6、CDP-Enable-BOF
https://github.com/KingOfTheNOPs/CDP-Enable-BOF
Beacon Object File to Enable Chrome DevTools Protocol (CDP)
7、win32k-callback-detouring
https://github.com/n0qword/win32k-callback-detouring
Abusing the win32k.sys kernel callback mechanism for arbitrary code execution
8、cfgrip
https://github.com/BinaryHardening/cfgrip
PE/ELF x86/x64 CFG extractor
9、ShadowLdr
https://github.com/28Zaaky/ShdwLdr
Reflective DLL loader.
10、Skewrun
https://github.com/JVBotelho/skewrun
Active Directory time discovery protocols for red teams. Stealthy extraction via Kerberos, SMB, NTLM, and CLDAP.
11、GadgetSniper
https://github.com/ZakiPedio/GadgetSniper
Precision call-stack spoofing gadget hunter for x64 DLLs, powered by Iced disassembler
12、LOLFSaaS
https://github.com/lolfsaas/lolfsaas.github.io
Living of the Land of Free SaaS
其他类
1、
免责声明:
本文所载程序、技术方法仅面向合法合规的安全研究与教学场景,旨在提升网络安全防护能力,具有明确的技术研究属性。
任何单位或个人未经授权,将本文内容用于攻击、破坏等非法用途的,由此引发的全部法律责任、民事赔偿及连带责任,均由行为人独立承担,本站不承担任何连带责任。
本站内容均为技术交流与知识分享目的发布,若存在版权侵权或其他异议,请通过邮件联系处理,具体联系方式可点击页面上方的联系我。
本文转载自:红蓝对抗技战术 红蓝对抗技术 红蓝对抗技术《攻防技战术动态一周更新 – 20260629》
版权声明
本站仅做备份收录,仅供研究与教学参考之用。
读者将信息用于其他用途的,全部法律及连带责任由读者自行承担,本站不承担任何责任。










评论