Last Week in Security (LWiS) - 2022-06-14

RE an iOS app (@inversecos), More Azure Managed Identity attacks (@_wald0), excellent hardware hacking (@matthiasdeeg), printer pwnage (@Nikaiw, @JRomainG, @_trou_), BloodHound false positive reduction (@simondotsh), Ghostwriter 3.0 (@cmaddalena), and more!

Last Week in Security is a summary of the interesting cybersecurity news, techniques, tools and exploits from the past week. This post covers 2022-06-06 to 2022-06-14.

News

Techniques and Write-ups

Tools and Exploits

  • CVE-2022-23222 - Linux Kernel eBPF Local Privilege Escalation.
  • CVE-2022-30075 - Tp-Link Archer AX50 Authenticated RCE (CVE-2022-30075).
  • apk-instrumentation Some tools to rewrite code of release APK packages.
  • dot The Deepfake Offensive Toolkit.
  • VX-API Malware rapid development framework. "We've released the vx-underground "VX-API", a Windows malware rapid application development framework written in C/C++. It is a compilation of code written by @smelly__vx & @am0nsec. A lot of work needs to be done (including a ReadMe file). More to come."
  • Dogwalk-rce-poc šŸ¾Dogwalk PoC (using diagcab file to obtain RCE on windows).
  • sourcegraph-scripts Scripts for Sourcegraph search results. Useful for static analysis.
  • kcthijacklib - A Small Library For a Cleaner Execution.
  • collector - Utility to analyse, ingest and push out credentials from common data sources during an internal penetration test.
  • FirmLoader is an IDA plugin that allows to automatically identify parts of the memory for the firmware images extracted from microcontrollers.

New to Me and Miscellaneous

This section is for news, techniques, write-ups, tools, and off-topic items that weren't released last week but are new to me. Perhaps you missed them too!

  • np - A tool to parse, deduplicate, and query multiple port scans.

Techniques, tools, and exploits linked in this post are not reviewed for quality or safety. Do your own research and testing. This post is cross-posted on SIXGEN's blog.