文章总结: 本文为攻防技战术周报,聚焦红队前沿技术与工具。内容涵盖Linux密码提取、PAC签名失效导致的域降级攻击、DCOM横向移动、Syscalls绕过Defender、AMSI缺陷利用及Nim隐身等免杀手法;蓝队收录利用系统NET编译器构建RAT案例。工具推荐包括免杀Donut、云路由C2及ROP扫描器。建议安全人员按需研读以跟进最新武器化进展。 综合评分: 62 文章分类: 红队,渗透测试,免杀,内网渗透,安全工具
攻防技战术动态一周更新 – 20260622
原创
红蓝对抗技术 红蓝对抗技术
红蓝对抗技战术
2026年6月27日 21:25 北京
在小说阅读器读本章
去阅读
漏洞相关
1、
红队技术
1、Fantastic clear-text passwords and where to collect them (Part 1 – Linux)
https://dfir.ch/posts/fantastic_passwords_linux/
2、PAC 签名无效引发的域信任降级攻击
https://blog.ghostwolflab.com/redteam/786/
3、DCOM Explained: How Attackers Turn a Windows Feature into a Lateral Movement Tool
https://detect.fyi/dcom-explained-how-attackers-turn-a-windows-feature-into-a-lateral-movement-tool-f3c07ce94866
4、Malware analysis: part 9. AI-assisted deo bfuscation: control flow flattening. Simple C example.
https://cocomelonc.github.io/malware/2026/06/21/malware-analysis-9.html
5、2026_06_x33fcon_Bring_Your_Own_Everything
https://github.com/Print3M/MyTalks/blob/main/2026_06_x33fcon_Bring_Your_Own_Everything_-_The_Final_Approach.pdf
6、Defender AV Real-Time Protection Impact on EDR Telemetry
https://academy.bluraven.io/blog/defender-av-real-time-protection-impact-on-edr-telemetry
7、x33fcon_The_Art_of_Evasion
https://github.com/S3cur3Th1sSh1t/Creds/blob/master/Presentations/x33fcon_The_Art_of_Evasion.pdf
8、Handle Permission Elevation via BYOVD
https://medium.com/@s12deff/handle-permission-elevation-via-byovd-df99e908e780
9、IDT Table Hijacking under VBS/HVCI/kCET in Windows 11
https://www.exploitpack.com/blogs/news/idt-table-hijacking-under-vbs-hvci-kcet-in-windows-11
10、heavener: This is what happens when you can’t afford EDR licenses
https://blog.otterpwn.com/projects/heavener
11、An Introduction to Modern Malware Development for Red Teams
https://anteiku.fun/papers/an-introduction-to-modern-malware-development-for-red-teams/00_an_introduction_to_malware_development_for_red_teams/
12、Bypass Windows Defender antivirus in 2026: Evasion Techniques Using Direct Syscalls and XOR encryption – Part 2
https://www.hackmosphere.fr/bypass-windows-defender-antivirus-2025-part-2/
13、Red Team Tactics: Utilizing Syscalls in C# – Writing The Code
https://jhalon.github.io/utilizing-syscalls-in-csharp-2/
14、One Bool. Six Shells. AMSI’s Design Problem.
https://bl4ckarch.github.io/posts/One-Bool.-Six-Shells.-AMSI’s-Design-Problem/
15、Nim 的 C-FFI 隐身衣
https://blog.ghostwolflab.com/redteam/808/
16、Kerberos Explained
https://thattotallyrealmyth.gitbook.io/kerberos-explained
蓝队技术
1、How attackers built a RAT on a Windows machine using its own .NET compiler
https://heimdalsecurity.com/blog/how-attackers-built-rat-windows-machine-net-compiler/
工具类
1、LoadReload
https://github.com/0xRoam/LoadReload
Shellcode Loader for Master Thesis, designed for Sliver-Shellcode (smaller than 25MB….).
2、Onelogon: Taking over Active Directory Accounts via Netlogon
https://github.com/rub-softsec/onelogon
3、crystal-kit-sliver
https://github.com/licitrasimone/CrystalSliver
Crystal Palace Evasion kit for Sliver
4、CredsHunter
https://github.com/NeCr00/Credential-Hunting
Credential Hunting – Windows and Linux Scripts
5、DuplexSpy
https://github.com/iss4cf0ng/DuplexSpyCS
An open-source, C#-based remote administration tool (RAT), enabling complete control of a remote Windows machine, designed for legitimate remote administration and security testing of Windows systems.
6、Alien
https://github.com/iss4cf0ng/Alien
A C#-based webshell management tool for penetration testing.
7、FileHost – Adaptix C2 Service Extender
https://github.com/MaorSabag/SiteManagementAx
File hosting and scripted web delivery service extender for AdaptixC2. Host files over HTTP/HTTPS, generate one-liner payloads across 17 delivery methods, and manage active sites – all from the Adaptix operator UI.
8、Donut-CustomHost
https://github.com/Zuigetzu/Donut-CustomHost
Advanced OPSEC fork of Donut. Features a Custom in-memory CLR Host, Tail-Jump ETW bypasses, and zero-patch AMSI evasion for stealthy shellcode generation.
9、JMP-AMSI (JIT Hooking PoC)
https://github.com/Zuigetzu/JMP-AMSI
PoC on JIT Flow Redirection and .NET Reflection for Analyzing In-Memory Telemetry Interfaces (AMSI/ETW)
10、KHAØS C2
https://github.com/28Zaaky/khaos-c2
KHAOS is a modern C2 framework that routes agent traffic through cloud services already trusted by enterprise networks.
11、rop_scanner
https://github.com/oxfemale/rop_scanner
Gadget scanner that finds ROP gadgets inside any Windows DLL
其他类
1、
免责声明:
本文所载程序、技术方法仅面向合法合规的安全研究与教学场景,旨在提升网络安全防护能力,具有明确的技术研究属性。
任何单位或个人未经授权,将本文内容用于攻击、破坏等非法用途的,由此引发的全部法律责任、民事赔偿及连带责任,均由行为人独立承担,本站不承担任何连带责任。
本站内容均为技术交流与知识分享目的发布,若存在版权侵权或其他异议,请通过邮件联系处理,具体联系方式可点击页面上方的联系我。
本文转载自:红蓝对抗技战术 红蓝对抗技术 红蓝对抗技术《攻防技战术动态一周更新 – 20260622》
版权声明
本站仅做备份收录,仅供研究与教学参考之用。
读者将信息用于其他用途的,全部法律及连带责任由读者自行承担,本站不承担任何责任。












评论