Last Week in Security (LWiS) - 2020-08-31

Prevent .NET exit in loaded code by @domchell, file delete to SYSTEM PoC by @404death, @Tesla is targeted for insider ransomware recently (failed) and was completely owned in 2017, @djhohnstein shows how to load Go modules in memory, great new features in Octopus 1.2 from @mohammadaskar2, and more!

Last Week in Security is a summary of the interesting cybersecurity news, techniques, tools and exploits from the previous week. This post covers 2020-08-24 to 2020-08-31.



Tools and Exploits

  • USO_Info_Leak contains two 0day heap address leak bugs in the usosvc service. The author claims to have 44 more Windows 10 elevation of privilege bugs that have been submitted to Microsoft but not handled well. I'll be following them closely to see if more are released.
  • Octopus isn't new but v1.2 sees a host of new features including: shellcode generation for x86 and x64, spoofed arguments, word macro generation, better AV evasion, and an indicator to show privileged user shells. More info here.
  • jwt-hack is a swiss-army knife for JSON web tokens, to include a dictionary attack.
  • RunasCs isn't new but v1.3 brings the ability to redirect stdout, stdin, and stderr to a remote host as well as other new features and fixes.
  • sonarhawk is a tool to create precise maps of WiFi networks using commodity GPS hardware and a portable computer. Supports Linux, MacOS, and Windows. Useful for mapping WiFi networks while on physical red team engagements or wardriving/warwalking. Similar to the Kismet plugin Kestrel.
  • gdb_2_root is a script for rooting x86_64 Google Play Android 10 images in an emulator.
  • LazyGhidra adds convenience functions to Ghidra like LazyIDA does for IDA Pro.

New to Me

This section is for news, techniques, and tools that weren't released last week but are new to me. Perhaps you missed them too!

  • iblessing is an iOS security exploiting toolkit, it mainly includes application information collection, static analysis and dynamic analysis. It can be used for reverse engineering, binary analysis and vulnerability mining.
  • bluescan is a powerful Bluetooth scanner for scanning BR/LE devices, LMP, SDP, GATT and vulnerabilities!
  • Hack-Tools is the all-in-one Red Team extension for Web Pentester. Useful features include: Dynamic Reverse Shell generator (PHP, Bash, Ruby, Python, Perl, Netcat), XSS Payloads, SQLi payload, LFI payloads, Base64 encoder/decoder, hash generator, and more.
  • monsoon is a fast HTTP enumerator that allows you to execute a large number of HTTP requests, filter the responses and display them in real-time.

This post is cross-posted on SIXGEN's blog.