Last Week in Security (LWiS) - 2022-02-22

VMware RCEs (@__mn1__ and @elk0kc), un-redacting text (@2600AltF4), undetectible AirTags (@positive_sec), Kerberos relaying via DNS (@_dirkjan), tmp.Out volume 2 (@tmpout), tclsh macOS dylib loading (@_D00mfist), Athena agent (@checkymander), and more!

Last Week in Security is a summary of the interesting cybersecurity news, techniques, tools and exploits from the previous week. This post covers 2022-02-14 to 2022-02-22.


Techniques and Write-ups

Tools and Exploits

  • Athena is a fully-featured cross-platform agent designed using the .NET 6. Athena is designed for Mythic 2.2 and newer. Crossplatform operations with Athena has all the details.
  • IgnoreAppLocker.dll is a DLL to launch a cmd.exe as NT AUTHORITYSERVICE, which doesn't get blocked or logged by AppLocker, and neither do any processes launched by this cmd.exe process.
  • PELoader is a PELoader implement various shellcode injection techniques, and use libpeconv library to load encrypted PE files instead of injecting shellcode into remote thread.
  • kraken is a dockerized multi-platform distributed brute-force password cracking system with a web front end.
  • bflat is a concoction of Roslyn - the "official" C# compiler that produces .NET executables - and NativeAOT (née CoreRT) - the ahead of time compiler for .NET based on CoreCLR. Thanks to this, you get access to the latest C# features using the high performance CoreCLR GC and native code generator (RyuJIT). C# as you know it but with Go-inspired tooling (small, selfcontained, and native executables).
  • BananaPhone is a go variant of Hells gate! (directly calling windows kernel functions, but from Go!) - not new, but now with Halo's gate!

New to Me

This section is for news, techniques, write-ups, tools, and off-topic items that weren't released last week but are new to me. Perhaps you missed them too!

  • lossless-cut aims to be the ultimate cross platform FFmpeg GUI for extremely fast and lossless operations on video, audio, subtitle and other related media files. The main feature is lossless trimming and cutting of video and audio files, which is great for saving space by rough-cutting your large video files taken from a video camera, GoPro, drone, etc. It lets you quickly extract the good parts from your videos and discard many gigabytes of data without doing a slow re-encode and thereby losing quality. Not offsec related, but useful!
  • fastfinder is a lightweight tool made for threat hunting, live forensics and triage on both Windows and Linux Platforms.

Techniques, tools, and exploits linked in this post are not reviewed for quality or safety. Do your own research and testing. This post is cross-posted on SIXGEN's blog.