文章总结: 本周安全动态聚焦红队EDR规避技术,包括LLM驱动分析、WindowsDefender发现及PowerShell攻击技术,同时发布多款工具如幽狼AIShell和OpenUDC2,提升渗透与隐蔽能力。 综合评分: 65 文章分类: 红队,渗透测试,安全工具,免杀,内网渗透
攻防技战术动态一周更新 – 20260706
原创
红蓝对抗技术 红蓝对抗技术
红蓝对抗技战术
2026年7月11日 20:46 北京
在小说阅读器读本章
去阅读
漏洞相关
1、
红队技术
1、Accelerating EDR Evasion with LLM-Driven Analysis
https://specterops.io/blog/2026/06/29/llm-powered-edr-analysis/#h-the-balance-of-disclosure
2、Some interesting findings in Windows Defender
https://blog.projectnightcrawler.dev/posts/2026-07-09-some-interesting-findings-in-windows-defender/
3、Offensive PowerShell for Red Teamer with Defense Evasion Techniques
https://screetsec.com/blog/offensive-powershell-for-red-teamer-with-defense-evastion-techniques
4、Mapping Virtual to Physical Addresses Using Superfetch
Mapping Virtual to Physical Addresses Using Superfetch
5、Born to Defend, Weaponized to Kill: Weaponizing Microsoft’s Own Driver to Kill EDRs
https://medium.com/@jehadbudagga/born-to-defend-weaponized-to-kill-weaponizing-microsofts-own-driver-to-kill-edrs-af4b85c1a43c
6、Episode 6 | EDR Killers
7、Cavern Manticore: Exposing Iran-Linked Modular C2 Framework
https://research.checkpoint.com/2026/cavern-manticore-exposing-iran-linked-modular-c2-framework/
8、Lowering PE Entropy: Byte Padding & Word Padding
https://medium.com/@s12deff/lowering-pe-entropy-byte-padding-word-padding-12a08ec384d5
9、Defeating Windows DEP Using ROP Chains Leveraging VirtualAlloc
https://screetsec.com/blog/defeating-windows-dep-using-rop-chains-leveraging-virtualalloc
蓝队技术
1、
工具类
1、🐺 幽狼 · Abyss Wolf
https://github.com/0x7556/wolfshell
幽狼AI Shell:首款支持AI渗透的高级WebShell & C2管理工具,内置WebShell MCP服务器,支持多层内网级联的ASPX、ASHX高级WebShell管理工具,AES加密通信,无需代理,内存加载渗透工具,无文件落地隐蔽渗透目标,动态代码执行,ShellCode加载(Metasploit/Cobalt Strike),反弹Shell,Socks代理,内存马,C2远控,IIS端口复用后门、.NET反序列化漏洞Payload,包含Exchange、SharePoint、WSUS漏洞Exp
2、OpenUDC2
https://github.com/CodeXTF2/OpenUDC2
open source implementation of the UDC2 spec used in Cobalt Strike
3、P³-Shellcode Loader – Process Parameter Poisoning
https://github.com/Orange-Cyberdefense/p3-loader
P³-Shellcode Loader is a loader that implements a code injection technique which leverages the Process Parameters structure as an execution and staging location for shellcode injection into remote processes, without triggering common detection mechanisms.
4、SindriKit
https://github.com/youssefnoob003/SindriKit
A foundational C library for building operationally credible offensive capabilities
5、ida-rpc
https://github.com/bkerler/ida_rpc
IDA Pro RPC for assisted RE-tasks
6、WDAC / AppLocker Bypass Recon Scripts
https://gist.github.com/AlloySecureGroup/5062355dc48f1e333223f0dda90e7cda
7、MSBuild-Monsters
https://github.com/secdev02/MSBuild-Monsters
Experimentations with the MSBuild Capabilites in a default environment.
8、klist
https://github.com/jakeotte/klist2ccache
Dump TGTs remotely and convert Windows’ klist binary output to ccache.
9、httpdspy
https://github.com/cr0nx/httpdspy
eBPF-based credential interceptor for Apache httpd Basic Authentication
其他类
1、
免责声明:
本文所载程序、技术方法仅面向合法合规的安全研究与教学场景,旨在提升网络安全防护能力,具有明确的技术研究属性。
任何单位或个人未经授权,将本文内容用于攻击、破坏等非法用途的,由此引发的全部法律责任、民事赔偿及连带责任,均由行为人独立承担,本站不承担任何连带责任。
本站内容均为技术交流与知识分享目的发布,若存在版权侵权或其他异议,请通过邮件联系处理,具体联系方式可点击页面上方的联系我。
本文转载自:红蓝对抗技战术 红蓝对抗技术 红蓝对抗技术《攻防技战术动态一周更新 – 20260706》
版权声明
本站仅做备份收录,仅供研究与教学参考之用。
读者将信息用于其他用途的,全部法律及连带责任由读者自行承担,本站不承担任何责任。







评论