Nov 08 2022 Last Week in Security (LWiS) - 2022-11-08

I'm a day late - sorry!

Last Week in Security is a summary of the interesting cybersecurity news, techniques, tools and exploits from the past week. This post covers 2022-10-31 to 2022-11-08.

News

CVE-2022-3786 and CVE-2022-3602: X.509 Email Address Buffer Overflows. Sometimes the hype is just hype. This looks extremely hard to exploit with modern mitigations and a limited userbase.
[PDF] How security professionals are being attacked: A study of malicious CVE proof of concept exploits in GitHub. Over 10% of PoCs were malicious! There is a reason there is a disclaimer at the end of each of these posts.
LinkedIn Adds Verified Emails, Profile Creation Dates. Your favorite profile backstop just got a little harder to fake.
Nighthawk 0.2.1 - Haunting Blue. Some cool features in the latest release of this commercial red team tool.
Meet Fortra™ The new face of HelpSystems. HelpSystems (Cobalt Strike/Outflank's buyers) have rebranded - now with more generic corporate stock photos.
[SimpleX] Security assessment by Trail of Bits. I've been playing with this new messenger app for a while and I think it has the potential to unseat Signal in a few versions. No shady CIA money, "open source" (but not really), blockchain silliness, etc. The pace of development is also impressive. They list their Monero address above their Bitcoin address - legit.
urlscan.io's SOAR spot: Chatty security tools leaking private data. Careful what you auto-submit to external vendors.
radare2.online. Your OS is just a bootloader for your browser. HTML/CSS/Javascript won the language war and will be the universal language of the future. Scary.
[PDF] VX-Underground's Black Mass. Tmp.out and vx-underground keep the zine scene alive.

Techniques and Write-ups

Exploiting Static Site Generators: When Static Is Not Actually Static. File this under "Serverless and other myths."
A Very Powerful Clipboard: Analysis of a Samsung in-the-wild exploit chain. Mobile exploit chains are always a trip. This one look surprisingly easy to understand compared to most.
Lessons Learned from Cloning Windows Binaries and Code Signing Implants. Some good lessons here. Another option is to just used signed binaries for other purposes ...
How one misconfiguration in ADCS can lead to full AD Forest compromise. ADCS is the gift that keeps on giving.
CVE-2022-26730 | ColorSync | Hoyt LLC. macOS memory corruption in the processing of image ICC profiles can lead to RCE. Comes with the shorted PoC I have seen in a while (now patched).
BYODC - Bring Your Own Domain Controller. This meme makes a comeback. This is some great traitorware - why fake a DCSync, if you can just do an actual DCSync? DCShadow is a previously discovered/implemented version of this.
Checkmk: Remote Code Execution by Chaining Multiple Bugs (1/3). Quite a chain for unauth RCE across different tech/lanugages.

Tools and Exploits

Volumiser is a command line tool and interactive console GUI for listing, browsing and extracting files from common virtual machine hard disk image formats.
katana - A next-generation crawling and spidering framework from projectdiscovery.
KeeFarceReborn - A standalone DLL that exports databases in cleartext once injected in the KeePass process.
CVE-2022-33679 One day based on RC4 is still considered harmfrul.
stager_libpeconv A basic meterpreter protocol stager using the libpeconv library by hasherezade for reflective loading.
CVE-2022-40146_Exploit_Jar. Apache Batik SSRF to RCE Jar Exploit.
awsrecon - Tool for reconnaissance of AWS cloud environments.
exe_who - Executables on Disk? Bleh 🤮.

New to Me and Miscellaneous

This section is for news, techniques, write-ups, tools, and off-topic items that weren't released last week but are new to me. Perhaps you missed them too!

The Information Security Kardashev Scale. Interesting way to tier out cybersecurity.
PowerHuntShares is an audit script designed in inventory, analyze, and report excessive privileges configured on Active Directory domains.
Kernelhub 🌴Kernel privilege escalation vulnerability collection, with compilation environment, demo GIF map, vulnerability details, executable file (Windows only).
grace It's strace, with colors.

Techniques, tools, and exploits linked in this post are not reviewed for quality or safety. Do your own research and testing. This post is cross-posted on SIXGEN's blog.