Last Week in Security (LWiS) - 2023-03-20

RCE any Samsung phone (@itswillis), Parallels escape (@the_impalabs), AD trust issues (@exploitph), glitching past all ESP32 defenses (@raelizecom), PPL defeated again (@itm4n), and more!

Last Week in Security is a summary of the interesting cybersecurity news, techniques, tools and exploits from the past week. This post covers 2023-03-07 to 2023-03-20.

News

Techniques and Write-ups

Tools and Exploits

  • MacOSThreatTrack - Bash tool used for proactive detection of malicious activity on macOS systems.
  • Updates to C2-Tool-Collection - Psm: BOF to show detailed information on a specific process ID; ReconAD: BOF that uses ADSI to query Active Directory (AD and GC) objects and attributes.
  • Azure-App-Tools - Collection of tools to use with Azure Applications. Just updated with an IPFS dropper.
  • ekko-rs - Rusty Ekko - Sleep Obfuscation in Rust.
  • PSBits - Windows 10 offline admin creation? 😈 Why not?! Everything happens through built-in offlinelsa and offlinesam DLLs. Official, but not very documented.
  • Elevate-System-Trusted-BOF - This BOF can be used to elevate the current beacon to SYSTEM and obtain the TrustedInstaller group privilege. The impersonation is done through the SetThreadToken API.
  • Black-Angel-Rootkit - Black Angel is a Windows 11/10 x64 kernel mode rootkit. Rootkit can be loaded with enabled DSE while maintaining its full functionality.
  • bootdoor - An initial proof of concept of a bootkit based on Cr4sh's DMABackdoorBoot.

New to Me and Miscellaneous

This section is for news, techniques, write-ups, tools, and off-topic items that weren't released last week but are new to me. Perhaps you missed them too!

  • ScrapPY is a Python utility for scraping manuals, documents, and other sensitive PDFs to generate wordlists that can be utilized by offensive security tools to perform brute force, forced browsing, and dictionary attacks against targets. The tool dives deep to discover keywords and phrases leading to potential passwords or hidden directories.
  • Demystifying Security Research - Part 1. This resonated with me, with a heavy emphasis on blog posts and tweets.
  • UPnProxyChain - A tool to create a SOCKS proxy server out of UPnProxy vulnerable device(s).

Techniques, tools, and exploits linked in this post are not reviewed for quality or safety. Do your own research and testing. This post is cross-posted on SIXGEN's blog.