Last Week in Security (LWiS) - 2022-06-27

Pre-auth RCE on Oracle Cloud (@peterjson + @testanull), Global Jacuzzi hack (@XeEaton), goodfaith scoping (@ryanelkins), Tailscale SSH (@MayaKaczorowski), WerFault lsass dumper (@asaf_gilboa + @s4ntiago_p), ADFSRelay (@praetorianlabs), modern C2 (@preemptdev), and more!

Last Week in Security is a summary of the interesting cybersecurity news, techniques, tools and exploits from the past week. This post covers 2022-06-20 to 2022-06-27.


Techniques and Write-ups

Tools and Exploits

  • Add WerFault Silent Process Exit: --werfault to nanodump. You can now force WerFault.exe to dump LSASS for you.
  • FLOSS Version 2.0. "Over the last few months, we've added new functionality and improved the tool's performance. In this blog post we will share exciting new features and improvements including a new string deobfuscation technique, simplified tool usage, and much faster result output."
  • awesome-hacker-search-engines - A list of search engines useful during Penetration testing, vulnerability assessments, red team operations, bug bounty, and more.
  • kernel-mii - Cobalt Strike (CS) Beacon Object File (BOF) foundation for kernel exploitation using CVE-2021-21551.
  • Chrome-Android-and-Windows-0day-RCE-SBX - Chrome Android and (patched) Windows 0day RCE+SBX... from the DPRK (in 2021).
  • Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL) to avoid detection from EDRs.
  • callback_injection-Csharp - this repo is to cover the other undocumented or published / in different languages to achieve shellcode injection via windows callback functions.
  • tlsx - Fast and configurable TLS grabber focused on TLS based data collection.
  • dismember - 🔪 Scan memory for secrets and more (linux).

New to Me and Miscellaneous

This section is for news, techniques, write-ups, tools, and off-topic items that weren't released last week but are new to me. Perhaps you missed them too!

  • Damn Vulnerable DeFi - The offensive security playground for decentralized finances. Learn up and get those massive bounties. Also check out CryptoVulhub.
  • HTTPLoot - An automated tool which can simultaneously crawl, fill forms, trigger error/debug pages and "loot" secrets out of the client-facing code of sites.

Techniques, tools, and exploits linked in this post are not reviewed for quality or safety. Do your own research and testing. This post is cross-posted on SIXGEN's blog.