攻防技战术动态一周更新–20260629

admin 2026-07-09 07:40:49 网络安全文章 来源:ZONE.CI 全球网 0 阅读模式

文章总结: 该文档总结了2026年6月29日当周攻防技战术动态,涵盖三个重要漏洞(包括Linux内核权限提升和SharePointRCE)、多项红队技术(如加密C2构建、绕过WindowsDefender、PEB破坏)以及蓝队技术。同时介绍了多个安全工具,如内存马框架NebulaPulsar、BYOVD分析工具DriverScope和C2框架Proteus。建议安全团队关注这些漏洞和技术的更新。 综合评分: 85 文章分类: 漏洞分析,红队,恶意软件,安全工具,蓝队技术


cover_image

攻防技战术动态一周更新 – 20260629

原创

红蓝对抗技术 红蓝对抗技术

红蓝对抗技战术

2026年7月4日 15:18 北京

在小说阅读器读本章

去阅读

漏洞相关

1、PACKET_EDIT_MEME – aka CVE-2026-46331

https://github.com/sgkdev/packet_edit_meme

PACKET_EDIT_MEME.c (aka CVE-2026-46331): yet another page cache poisoning nightmare

2、Pack2TheRoot (CVE-2026-41651): Local Root on Linux via a PackageKit Race Condition

Pack2TheRoot (CVE-2026-41651): Local Root on Linux via a PackageKit Race Condition

3、Microsoft SharePoint Server Remote Code Execution Vulnerability

https://github.com/huynambka/cve-2026-26114-poc

红队技术

1、Building an Encrypted C2 Implant Using QUIC

https://g3tsyst3m.com/encrypted%20shell/Building-an-Encrypted-C2-Implant-Using-QUIC/

2、Building a Windows Defender Disable Shellcode with Stardust

https://medium.com/@s12deff/building-a-windows-defender-disable-shellcode-with-stardust-81d8f17bb111

3、PEB Corruption: A Remote Process Crash Technique

https://medium.com/@s12deff/peb-corruption-a-remote-process-crash-technique-4b25f8887678

4、Win x64 Shellcode – Part 2: TEB, PEB and List of Loaded Modules

https://proteqtum.com/posts/02-win-x64-shellcode-teb-peb_en/

5、Abusing Handle Elevation to Terminate Windows Defender

https://medium.com/@s12deff/abusing-handle-elevation-to-terminate-windows-defender-03519b2574da

6、Bypass Windows Defender antivirus in 2026: Evasion Techniques Using Direct Syscalls and XOR encryption – Part 2

https://www.hackmosphere.fr/bypass-windows-defender-antivirus-2025-part-2/

7、Malware and cryptography 45 – Shamir Secret Sharing. Simple C example.

https://cocomelonc.github.io/malware/2026/07/02/malware-cryptography-45.html

8、From Code to Coverage (Part 6): What netlogon.log Sees That Event 1644 Never Will

https://www.huntress.com/blog/ldap-active-directory-detection-part-six

9、MITM6 + NTLM Relay: How IPv6 Auto-Configuration Leads to Full Domain Compromise

https://www.resecurity.com/blog/article/mitm6-ntlm-relay-how-ipv6-auto-configuration-leads-to-full-domain-compromise

10、Bypassing EDR in a Crystal Clear Way

https://lorenzomeacci.com/bypassing-edr-in-a-crystal-clear-way

11、Exploring cross-domain & cross-forest RBCD: part 2

https://www.synacktiv.com/en/publications/exploring-cross-domain-cross-forest-rbcd-part-2

蓝队技术

1、

工具类

1、NebulaPulsar

https://github.com/iss4cf0ng/NebulaPulsar

NebulaPulsar is a proof-of-concept in-memory implant framework for Java (JSP) and ASP.NET (ASPX/ASHX/ASMX) webshells, originally developed as part of the Alien project.

2、DriverScope

https://github.com/diabloidyobane/DriverScope

Automated BYOVD driver analysis: import scanning, IOCTL dispatch extraction, Speakeasy emulation

3、Proteus

https://github.com/ZZ0R0/Proteus

Rust C2 agent for Mythic that produces polymorphic shellcode: per-build function shuffle + ChaCha20-encrypted data sections; no_std/no_main agent, PEB-walked APIs, WinHTTP comms.

4、Malvex C2

https://github.com/Erarnitox/MalvexC2

A simple C2 Framework written in modern C++

5、Hollow

https://github.com/Chaelsoo/Hollow

hollow is a shellcode loader generator. You give it a raw shellcode binary and a profile, and it spits out a compiled Windows PE loader with your shellcode encrypted inside.

6、CDP-Enable-BOF

https://github.com/KingOfTheNOPs/CDP-Enable-BOF

Beacon Object File to Enable Chrome DevTools Protocol (CDP)

7、win32k-callback-detouring

https://github.com/n0qword/win32k-callback-detouring

Abusing the win32k.sys kernel callback mechanism for arbitrary code execution

8、cfgrip

https://github.com/BinaryHardening/cfgrip

PE/ELF x86/x64 CFG extractor

9、ShadowLdr

https://github.com/28Zaaky/ShdwLdr

Reflective DLL loader.

10、Skewrun

https://github.com/JVBotelho/skewrun

Active Directory time discovery protocols for red teams. Stealthy extraction via Kerberos, SMB, NTLM, and CLDAP.

11、GadgetSniper

https://github.com/ZakiPedio/GadgetSniper

Precision call-stack spoofing gadget hunter for x64 DLLs, powered by Iced disassembler

12、LOLFSaaS

https://github.com/lolfsaas/lolfsaas.github.io

Living of the Land of Free SaaS

其他类

1、


免责声明:

本文所载程序、技术方法仅面向合法合规的安全研究与教学场景,旨在提升网络安全防护能力,具有明确的技术研究属性。

任何单位或个人未经授权,将本文内容用于攻击、破坏等非法用途的,由此引发的全部法律责任、民事赔偿及连带责任,均由行为人独立承担,本站不承担任何连带责任。

本站内容均为技术交流与知识分享目的发布,若存在版权侵权或其他异议,请通过邮件联系处理,具体联系方式可点击页面上方的联系我

本文转载自:红蓝对抗技战术 红蓝对抗技术 红蓝对抗技术《攻防技战术动态一周更新 – 20260629》

评论:0   参与:  0