攻防技战术动态一周更新–20260706

admin 2026-07-12 05:21:31 网络安全文章 来源:ZONE.CI 全球网 0 阅读模式

文章总结: 本周安全动态聚焦红队EDR规避技术,包括LLM驱动分析、WindowsDefender发现及PowerShell攻击技术,同时发布多款工具如幽狼AIShell和OpenUDC2,提升渗透与隐蔽能力。 综合评分: 65 文章分类: 红队,渗透测试,安全工具,免杀,内网渗透


cover_image

攻防技战术动态一周更新 – 20260706

原创

红蓝对抗技术 红蓝对抗技术

红蓝对抗技战术

2026年7月11日 20:46 北京

在小说阅读器读本章

去阅读

漏洞相关

1、

红队技术

1、Accelerating EDR Evasion with LLM-Driven Analysis

https://specterops.io/blog/2026/06/29/llm-powered-edr-analysis/#h-the-balance-of-disclosure

2、Some interesting findings in Windows Defender

https://blog.projectnightcrawler.dev/posts/2026-07-09-some-interesting-findings-in-windows-defender/

3、Offensive PowerShell for Red Teamer with Defense Evasion Techniques

https://screetsec.com/blog/offensive-powershell-for-red-teamer-with-defense-evastion-techniques

4、Mapping Virtual to Physical Addresses Using Superfetch

Mapping Virtual to Physical Addresses Using Superfetch

5、Born to Defend, Weaponized to Kill: Weaponizing Microsoft’s Own Driver to Kill EDRs

https://medium.com/@jehadbudagga/born-to-defend-weaponized-to-kill-weaponizing-microsofts-own-driver-to-kill-edrs-af4b85c1a43c

6、Episode 6 | EDR Killers

7、Cavern Manticore: Exposing Iran-Linked Modular C2 Framework

https://research.checkpoint.com/2026/cavern-manticore-exposing-iran-linked-modular-c2-framework/

8、Lowering PE Entropy: Byte Padding & Word Padding

https://medium.com/@s12deff/lowering-pe-entropy-byte-padding-word-padding-12a08ec384d5

9、Defeating Windows DEP Using ROP Chains Leveraging VirtualAlloc

https://screetsec.com/blog/defeating-windows-dep-using-rop-chains-leveraging-virtualalloc

蓝队技术

1、

工具类

1、🐺 幽狼 · Abyss Wolf

https://github.com/0x7556/wolfshell

幽狼AI Shell:首款支持AI渗透的高级WebShell & C2管理工具,内置WebShell MCP服务器,支持多层内网级联的ASPX、ASHX高级WebShell管理工具,AES加密通信,无需代理,内存加载渗透工具,无文件落地隐蔽渗透目标,动态代码执行,ShellCode加载(Metasploit/Cobalt Strike),反弹Shell,Socks代理,内存马,C2远控,IIS端口复用后门、.NET反序列化漏洞Payload,包含Exchange、SharePoint、WSUS漏洞Exp

2、OpenUDC2

https://github.com/CodeXTF2/OpenUDC2

open source implementation of the UDC2 spec used in Cobalt Strike

3、P³-Shellcode Loader – Process Parameter Poisoning

https://github.com/Orange-Cyberdefense/p3-loader

P³-Shellcode Loader is a loader that implements a code injection technique which leverages the Process Parameters structure as an execution and staging location for shellcode injection into remote processes, without triggering common detection mechanisms.

4、SindriKit

https://github.com/youssefnoob003/SindriKit

A foundational C library for building operationally credible offensive capabilities

5、ida-rpc

https://github.com/bkerler/ida_rpc

IDA Pro RPC for assisted RE-tasks

6、WDAC / AppLocker Bypass Recon Scripts

https://gist.github.com/AlloySecureGroup/5062355dc48f1e333223f0dda90e7cda

7、MSBuild-Monsters

https://github.com/secdev02/MSBuild-Monsters

Experimentations with the MSBuild Capabilites in a default environment.

8、klist

https://github.com/jakeotte/klist2ccache

Dump TGTs remotely and convert Windows’ klist binary output to ccache.

9、httpdspy

https://github.com/cr0nx/httpdspy

eBPF-based credential interceptor for Apache httpd Basic Authentication

其他类

1、


免责声明:

本文所载程序、技术方法仅面向合法合规的安全研究与教学场景,旨在提升网络安全防护能力,具有明确的技术研究属性。

任何单位或个人未经授权,将本文内容用于攻击、破坏等非法用途的,由此引发的全部法律责任、民事赔偿及连带责任,均由行为人独立承担,本站不承担任何连带责任。

本站内容均为技术交流与知识分享目的发布,若存在版权侵权或其他异议,请通过邮件联系处理,具体联系方式可点击页面上方的联系我

本文转载自:红蓝对抗技战术 红蓝对抗技术 红蓝对抗技术《攻防技战术动态一周更新 – 20260706》

评论:0   参与:  0