2026-04-25 04:45:46 网络安全文章来源：ZONE.CI 全球网 0 阅读模式

文章总结： 该文档是2026年4月13日发布的攻防技战术动态周报，聚焦红蓝对抗技术。主要内容包括CVE-2026-29923本地提权漏洞分析，以及17项红队技术如WindowsDefender永久禁用、自定义Shellcode、WinML滥用内存驻留、BloodHound更新应用、EDR/XDR绕过策略等。同时介绍了8款安全工具如KSLDBYOVD驱动滥用、SilentHarvestBOF凭证提取、Phantom-Evasion-Loader等，为渗透测试和防御检测提供最新技术参考。 综合评分： 78 文章分类： 红队,漏洞分析,安全工具,内网渗透,威胁情报

cover_image

攻防技战术动态一周更新 – 20260413

原创

红蓝对抗技术红蓝对抗技术

红蓝对抗技战术

2026年4月18日 21:54 北京

在小说阅读器读本章

去阅读

漏洞相关

1、CVE-2026-29923 – Local Privilege Escalation Attack via pstrip64.sys

https://github.com/athenasec16/CVE-2026-29923

红队技术

1、Windows Defender Killer: Combining Registry Edits with BYOVD for Permanent Disable

https://medium.com/@s12deff/windows-defender-killer-combining-registry-edits-with-byovd-for-permanent-disable-d0faea53ece2

2、Creating Custom x86 Windows Shellcode Using Dynamic API Resolution

https://screetsec.com/blog/custom-x86-windows-shellcode-dynamic-api-resolution

3、Abusing WinML for In-Memory Staging and EDR Evasion

https://hxr1.ghost.io/abusing-winml-for-in-memory-staging-and-edr-evasion/

4、BloodHound Has Changed. Your Course Probably Hasn’t.

https://specterops.io/blog/2026/04/11/bloodhound-course-update/

5、ToastFix: Chaining a ClickFix Attack With Toast Notifications

https://0xh4lpy.medium.com/toastfix-chaining-a-clickfix-attack-with-toast-notifications-72082694fef9

6、Signed to Kill: Reverse Engineering a 0-Day Used to Disable CrowdStrike EDR

Signed to Kill: Reverse Engineering a 0-Day Used to Disable CrowdStrike EDR

7、Capture ETW events with C++ (Part 1)

https://trainsec.net/library/windows-internals/capture-etw-events-with-c-part-1/

8、EDR/XDR Bypass and Detection Evasion Techniques: An Investigation of Advanced Evasion Strategies from a Red Team Perspective

https://meetcyber.net/edr-xdr-bypass-and-detection-evasion-techniques-an-investigation-of-advanced-evasion-strategies-9594946ad102

9、LmCompatibilityLevel and the PDC Trap

LmCompatibilityLevel and the PDC Trap

10、Stealthy WMI lateral movement – StealthyWMIExec.py

https://ghaleb0x317374.github.io/2026/03/15/Stealthy-WMI-lateral-movement-StealthyWMIExec.py.html

11、What’s New in the BloodHound Query Library: BYOL, OpenGraph, Multi-Server, and More

https://specterops.io/blog/2026/04/15/whats-new-in-the-bloodhound-query-library-byol-opengraph-multi-server-and-more/

12、Shadow Admins in Active Directory: Hidden Privilege Paths Attackers Exploit

https://www.praetorian.com/blog/shadow-admins-active-directory/

13、Into The Rainbow: Google’s NTLMv1 Rainbow Tables Explained in a Bit Too Much Detail

https://specterops.io/blog/2026/04/16/into-the-rainbow-googles-ntlmv1-rainbow-tables-explained-in-a-bit-too-much-detail/

14、 Debugging – WinDBG(X) Automation & Scripting – Part 1

https://www.corelan.be/index.php/2026/04/17/debugging-windbgx-automation-scripting-part-1/

15、Echos

https://github.com/xdrew87/Echos

Echos is a stealthy C2 traffic emulator built in Rust for Red Teamers. It simulates adversarial beaconing patterns and custom jitter to test EDR/NDR detection logic. Ideal for validating network security signatures in a safe, modular framework.

16、Worker Factory Start Routine Injection

https://medium.com/@s12deff/worker-factory-start-routine-injection-742c26214616

17、Modifying Mimikatz to Evade Defender (2026)

https://medium.com/@luisgerardomoret_69654/modifying-mimikatz-to-evade-defender-2026-dc701000289d

18、Astral Projection: Advanced Module Stomping

https://kuwaitist.github.io/posts/Astral-Projection/

19、📦 Outpacket

https://github.com/n00py/Outpacket

This cheatsheet maps common impacket workflows to their modern alternatives

蓝队技术

1、

工具类

1、KSLDBYOVD

https://github.com/ANYLNK/KSLDBYOVDARK

Abusing Some Defects in KSLD Ark driver

2、SilentHarvest BOF

https://sud0ru.ghost.io/silent-harvest-extracting-windows-secrets-under-the-radar/

https://github.com/Octoberfest7/SilentHarvest_BOF

A Cobalt Strike BOF implementation of the SilentHarvest registry dumping technique

3、👻 Phantom-Evasion-Loader (x64 Linux)

https://github.com/JM00NJ/Phantom-Evasion-Loader

4、ExportHider

https://github.com/frkngksl/ExportHider

ExportHider: Generating Export Table during Runtime to Hide the Exported Functions from the DLL File.

5、BlueSAM BOF

https://github.com/incursi0n/BlueSAM

6、RedSun

https://github.com/Nightmare-Eclipse/RedSun

The Red Sun vulnerability repository

7、CVE-2026-33829: Snipping Tool NTLM Leak

https://github.com/blackarrowsec/redteam-research/tree/master/CVE-2026-33829

8、DSCourier

https://github.com/DylanDavis1/DSCourier

https://dylansec.com/DSCourier/

DSCourier is a proof-of-concept that uses the WinGet Configuration COM API to apply DSC configurations through Microsoft-signed binaries.

其他类

1、

免责声明：

本文所载程序、技术方法仅面向合法合规的安全研究与教学场景，旨在提升网络安全防护能力，具有明确的技术研究属性。

任何单位或个人未经授权，将本文内容用于攻击、破坏等非法用途的，由此引发的全部法律责任、民事赔偿及连带责任，均由行为人独立承担，本站不承担任何连带责任。

本站内容均为技术交流与知识分享目的发布，若存在版权侵权或其他异议，请通过邮件联系处理，具体联系方式可点击页面上方的联系我。

本文转载自：红蓝对抗技战术红蓝对抗技术红蓝对抗技术《攻防技战术动态一周更新 – 20260413》