内网渗透通过微软Github存储库的Self-hosted Runner漏洞攻陷微软AD域服务器https://johnstawinski.com/2024/04/15/fixing-typos-and-breaching-microsofts-perimeter/LSA Whisperer:Windows身份验证包攻击工具,从 LSASS 获取凭证而不访问其内存https://posts.specterops.io/lsa-whisperer-20874277ea3bhttps://github.com/EvanMcBroom/lsa-whisperer终端对抗适用于Windows的编译时C程序混淆头文件https://github.com/DosX-dev/obfus.hLetMeowIn: 具备EDR Bypass与反检测特性的Windows 凭据转储工具https://github.com/Meowmycks/LetMeowInPasteBomb:用 Go 创建的PasteBin C2 僵尸网络概念验证项目https://github.com/marco-liberale/PasteBombpyMetaTwin:适配非Windows的PE文件元数据复制工具https://github.com/Cerbersec/pyMetaTwinWindows 事件跟踪 (ETW) patch 防御削弱技术分析https://jsecurity101.medium.com/understanding-etw-patching-9f5af87f9d7b滥用微软开发隧道实现C2通信https://redsiege.com/blog/2024/04/usin
………………………………