2026-04-13 02:28:45 网络安全文章来源：ZONE.CI 全球网 0 阅读模式

文章总结： 本周攻防动态聚焦红蓝对抗技术，红队方面涵盖驱动逆向、C2框架适配、NTLM中继会话劫持、进程注入等渗透技巧，蓝队侧重勒索软件分析、取证工具和EDRevasion检测。工具类更新包括ICMP隧道C2代理、BYOVD进程杀手、PE加壳器等实用工具，整体呈现前沿攻防实战技术与工具链迭代。 综合评分： 82 文章分类： 红队,蓝队,安全工具,漏洞分析,渗透测试

cover_image

攻防技战术动态一周更新 – 20260406

原创

红蓝对抗技术红蓝对抗技术

红蓝对抗技战术

2026年4月12日 15:36 北京

在小说阅读器读本章

去阅读

漏洞相关

1、

红队技术

1、Reversing a Vulnerable Driver: Discovering a Kernel Memory Allocation Primitive

https://medium.com/@s12deff/reversing-a-vulnerable-driver-discovering-a-kernel-memory-allocation-primitive-6fed8383fefc

2、Tutorial: Adaptix C2 with ShellcodePack and MacroPack

https://blog.balliskit.com/tutorial-adaptix-c2-with-shellcodepack-and-macropack-64d88916faad

3、Ghost in the Browser: Hijacking Authenticated Sessions via NTLM Relay with ghostsurf

Ghost in the Browser: Hijacking Authenticated Sessions via NTLM Relay with ghostsurf

4、COMouflage: Surrogate Injection

https://medium.com/@s12deff/comouflage-surrogate-injection-cfb93e15afcd

5、Shellcode Loaders: The Art of Execution

https://0xdbgman.github.io/posts/shellcode-loaders-the-art-of-execution/

6、EDR killers explained: Beyond the drivers

https://www.welivesecurity.com/en/eset-research/edr-killers-explained-beyond-the-drivers/

7、Crystal Mask

https://rastamouse.me/crystal-mask/

8、Fixing Mimikatz sekurlsa::logonpasswords on Windows 11 24H2/25H2

https://medium.com/@tanrikuluatahan/fixing-mimikatz-sekurlsa-logonpasswords-on-windows-11-24h2-25h2-253e82866197

9、Abusing BYOVD for Process Injection into Protected Processes (PPL)

https://medium.com/@s12deff/abusing-byovd-for-process-injection-into-protected-processes-ppl-4d71505e226d

10、金融行业只有并发和越权？

https://blog.chain0x0.com/blog/%E9%87%91%E8%9E%8D%E8%A1%8C%E4%B8%9A%E5%8F%AA%E6%9C%89%E5%B9%B6%E5%8F%91%E5%92%8C%E8%B6%8A%E6%9D%83%EF%BC%9F

11、Microsoft Speech

Microsoft Speech

蓝队技术

1、Payload Threat Actor Ransomware

https://0x3obad.github.io/posts/payload-ransomware-writeup/

2、NtWARden

https://github.com/mrT4ntr4/NtWarden

Windows Analysis and Research Toolkit

3、Digital Forensics: Evading AV/EDR During Credential Extraction with DeadMatter

Digital Forensics: Evading AV/EDR During Credential Extraction with DeadMatter

工具类

1、Ghost-C2

https://github.com/JM00NJ/ICMP-Ghost-A-Fileless-x64-Assembly-C2-Agent

Fileless C2 agent written in pure x64 Assembly for Linux. Features stealth ICMP tunneling, memory-only execution via memfd_create, and terminal-independent daemonization.

2、PoisonKiller

https://github.com/j3h4ck/PoisonKiller

Another BYOVD process killer. works on CrowdStrike. fully signed.

3、SilentNimvest

https://github.com/frkngksl/SilentNimvest

Nim implementation for sud0Ru’s Credential Dumping from SAM/SECURITY Hives Method (a.k.a. SilentHarvest)

4、BlueHammer

https://github.com/Nightmare-Eclipse/BlueHammer

a Windows local privilege escalation PoC that abuses a Defender signature-update RPC and a junction/symlink race to leak the SAM hive and derive NTLM hashes – giving an unprivileged user full SYSTEM-level credential access.

5、mssqlbof

https://github.com/MazX0p/mssqlbof

A Beacon Object File suite for Microsoft SQL Server that speaks TDS 7.4 on the wire itself

6、PolyEngine — Polymorphic PE Packer 📦

https://github.com/LongWayHomie/PolyEngine

7、LUCKY-SPARK

https://github.com/Schich/Lucky-Spark

A stealthy loader for shellcode staged with http/https like Sliver

8、PowerLessShell

https://github.com/whokilleddb/PowerLessShell/

9、Crystal Loaders

https://github.com/rasta-mouse/Crystal-Loaders

10、DFMI: Dont F(ool) My Installer

https://github.com/ccelikanil/DFMI

Another FAFO project: Fileless execution by abusing MSI installers

11、GodPotatoBOF

https://github.com/incursi0n/GodPotatoBOF

其他类

1、

免责声明：

本文所载程序、技术方法仅面向合法合规的安全研究与教学场景，旨在提升网络安全防护能力，具有明确的技术研究属性。

任何单位或个人未经授权，将本文内容用于攻击、破坏等非法用途的，由此引发的全部法律责任、民事赔偿及连带责任，均由行为人独立承担，本站不承担任何连带责任。

本站内容均为技术交流与知识分享目的发布，若存在版权侵权或其他异议，请通过邮件联系处理，具体联系方式可点击页面上方的联系我。

本文转载自：红蓝对抗技战术红蓝对抗技术红蓝对抗技术《攻防技战术动态一周更新 – 20260406》