文章总结： 本文档是攻防技战术动态一周更新，涵盖CVE-2026-20817Windows权限提升漏洞分析，红队技术包括C2框架、内存执行、持久化、横向移动等，蓝队技术涉及恶意软件分析和COM检测，以及多款安全工具如LSASS转储、钓鱼工具包、隧道工具等，为安全从业者提供最新技术动态和工具资源。 综合评分： 80 文章分类： 红队,渗透测试,内网渗透,安全工具,恶意软件

攻防技战术动态一周更新 – 20260323

原创

红蓝对抗技术 红蓝对抗技术

红蓝对抗技战术

2026年3月28日 22:56 北京

漏洞相关

1、CVE-2026-20817 – Windows Error Reporting Service EoP

https://itm4n.github.io/cve-2026-20817-wersvc-eop/

红队技术

1、Writing Control Panel Applications

https://trainsec.net/library/windows-internals/writing-control-panel-applications/

2、Living off the Process

https://g3tsyst3m.com/lotp/Living-off-the-Process/

3、EDR killers explained: Beyond the drivers

https://www.welivesecurity.com/en/eset-research/edr-killers-explained-beyond-the-drivers/

4、Ghost in the Beacon: Mastering In-Memory PE Execution with BOF RunPE

Ghost in the Beacon: Mastering In-Memory PE Execution with BOF RunPE

5、This Windows Persistence Trick Hides in Mandatory Profiles (MAN) – Atomic Testing

6、MSSQL Silver Tickets and Token Privileges

https://vuln.dev/silver-ticket-mssql-clr/

7、 Debugging – WinDBG & WinDBGX Fundamentals

https://www.corelan.be/index.php/2026/03/23/debugging-windbg-windbgx-fundamentals/

8、Every Sliver C2 Tutorial Was Outdated. So I Wrote My Own

https://medium.com/@aviraj3868/every-sliver-c2-tutorial-was-outdated-so-i-wrote-my-own-cd47c50add3f

9、CrystalC2

https://rasta-mouse.gitbook.io/crystalc2

10、ActiveProcessLinks in EPROCESS Structure

https://medium.com/@s12deff/activeprocesslinks-in-eprocess-structure-80d84985c77c

11、Exploring cross-domain & cross-forest RBCD

https://www.synacktiv.com/en/publications/exploring-cross-domain-cross-forest-rbcd.html

12、Linked Lists in the Windows Kernel

https://trainsec.net/library/windows-kernel/linked-lists-in-the-windows-kernel/

13、Bypassing Code Integrity Using BYOVD for Kernel R/W Primitives

https://medium.com/@s12deff/bypassing-code-integrity-using-byovd-for-kernel-r-w-primitives-8135087e1c1e

14、Impacket Developer Guide. Part 3. Make your own Lateral Movement

https://cicada-8.medium.com/impacket-developer-guide-part-3-make-your-own-lateral-movement-a2f8181f657b

15、NTLM-Relaying in 2026

https://seccore.at/blog/ntlmrelay1/

蓝队技术

1、Brbbot: Full Malware Analysis & Reverse Engineering

https://7amthereaper.github.io/posts/brbbot-full-analysis/

2、Transparent COM instrumentation for malware analysis

https://blog.talosintelligence.com/transparent-com-instrumentation-for-malware-analysis/

工具类

1、Lucky-Pasta

https://github.com/Schich/Lucky-PastaA stealthy https shellcode loader for security research and as a reverse engineering challenge

2、susinternals

https://github.com/sensepost/susinternals

psexecsvc – a python implementation of PSExec’s native service implementation

3、TeleTunnel v2

https://github.com/mhdgning131/teletunnel

Bypassing EDR’s with stealthy c++ telegram Bot and Telegram itself as C2 interface !

4、CustomLoadImage

https://github.com/backdoorskid/CustomLoadImage/

Stealthy .NET assembly loading using AssemblyNative::LoadFromBuffer

5、KslKatz

https://github.com/S1lkys/KslKatz

Combining KslDump and GhostKatz to dump LSASS using no-vulnerability KslD.sys memory read to bypass PPL. Extracts MSV1_0 NT hashes and WDigest cleartext passwords (if enabled) from LSASS using a Microsoft-signed driver.

6、ForceHound

https://github.com/NetSPI/ForceHound

Salesforce identity and permission graph collector for BloodHound CE. Maps users, profiles, permission sets, roles, groups, sharing rules, connected apps, and field-level security into attack-path graphs.

7、rustunnel

https://github.com/joaoh82/rustunnel

**Rustunnel** is a open-source tunnel service written in Rust that replicates the core functionality of ngrok. It exposes local services running behind NAT/firewalls to the public internet through a relay server self-hosted or our managed service.

8、Krb5RoastParser

https://github.com/jalvarezz13/Krb5RoastParser

KrbRoastParser is a tool for parsing Kerberos packets from pcap files to extract AS-REQ, AS-REP and TGS-REP hashes

9、Flexphish

https://github.com/P0cL4bs/flexphish

The ultimate Red Team toolkit for phishing operations.

10、Win-RAT

https://github.com/Tomiwa-Ot/win-rat

Adversary simulation framework for windows

11、IDA Pro MCP

https://github.com/mrexodia/ida-pro-mcp

AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.

12、trustme

https://github.com/Meowmycks/trustme

BOF to impersonate TrustedInstaller via DISM API trigger and thread impersonation

其他类

1、Rust Training

https://github.com/microsoft/RustTraining/

Beginner, advanced, expert level Rust training material

免责声明：

本文所载程序、技术方法仅面向合法合规的安全研究与教学场景，旨在提升网络安全防护能力，具有明确的技术研究属性。

任何单位或个人未经授权，将本文内容用于攻击、破坏等非法用途的，由此引发的全部法律责任、民事赔偿及连带责任，均由行为人独立承担，本站不承担任何连带责任。

本站内容均为技术交流与知识分享目的发布，若存在版权侵权或其他异议，请通过邮件联系处理，具体联系方式可点击页面上方的联系我。

本文转载自：红蓝对抗技战术 红蓝对抗技术 红蓝对抗技术《攻防技战术动态一周更新 – 20260323》