Last Week in Security (LWiS) - 2022-10-17

Cobalt Strike RCE (@0x09AL + @FuzzySec), Docker Compose for red teams (@BuckinghamEzra), portable malware (@CaptMeelo), free root servers (@hackerschoice), LastPass tricks (@rbmaslen), practical attacks against NTLMv1 (@n00py1), and more!

Last Week in Security is a summary of the interesting cybersecurity news, techniques, tools and exploits from the past week. This post covers 2022-10-10 to 2022-10-17.

This week I reviewed 336 blog posts and 2350 tweets to find only the best and most relevant items to include here.


Techniques and Write-ups

Tools and Exploits

  • CVE-2022-40684 - A proof of concept exploit for CVE-2022-40684 affecting Fortinet FortiOS, FortiProxy, and FortiSwitchManager.
  • XorStringsNET - Easy XOR string encryption for NET based binaries.
  • akamai-security-research - This repository includes code and IoCs that are the product of research done in Akamai's various security research teams. Includes a fresh Windows Workstation Service Elevation of Privilege Vulnerability.
  • RedEye - is a visual analytic tool supporting Red & Blue Team operations from CISA.
  • CVE-2022-41852 - Remote Code Execution in JXPath Library (CVE-2022-41852) Proof of Concept.
  • WAMBam - Tooling related to the WAM Bam - Recovering Web Tokens From Office blog post.
  • RustHound - Active Directory data collector for BloodHound written in rust. 🦀
  • PsyloDbg is a very simple Windows Debugger that currently only monitor for debug events.
  • Add SCCM NTLM Relay Attack #1425. This is a little known but very cool attack I expect to work for decades to come.
  • AtomPePacker - A Highly capable Pe Packer.
  • Janus is a pre-build event that performs string obfuscation during compile time. This project is based off the CIA's Marble Framework.
  • ProvisionAppx. Some fun lateral movement?!
  • ShadowSpray - A tool to spray Shadow Credentials across an entire domain in hopes of abusing long forgotten GenericWrite/GenericAll DACLs over other objects in the domain.

New to Me and Miscellaneous

This section is for news, techniques, write-ups, tools, and off-topic items that weren't released last week but are new to me. Perhaps you missed them too!

  • Oh my Git! An open source game about learning Git!. A resource for new (or even old) team members to help learn git.
  • ElectricEye - Continuously monitor your AWS attack surface and evaluate services for configurations that can lead to degradation of confidentiality, integrity or availability. All results can be exported to Security Hub, JSON, CSV, Databases, and more for further aggregation and analysis.
  • wiresocks A sock, with a wire, so you can tunnel all you desire. This is a great solution that may be even better than proxycap et al.

Techniques, tools, and exploits linked in this post are not reviewed for quality or safety. Do your own research and testing. This post is cross-posted on SIXGEN's blog.