Last Week in Security (LWiS) - 2023-06-15

A months worth of news, techniques, tools and exploits!

Last Week in Security is a summary of the interesting cybersecurity news, techniques, tools and exploits from the past week(s). This post covers 2023-05-22 to 2023-06-15.

News

MOVEIt

Techniques and Write-ups

Tools and Exploits

  • CVExploits Search - Your comprehensive database for CVE exploits from across the internet.
  • cloudfoxable - Create your own vulnerable by design AWS penetration testing playground.
  • CVE-2023-2825 - GitLab CVE-2023-2825 PoC. This PoC leverages a path traversal vulnerability to retrieve the /etc/passwd file from a system running GitLab 16.0.0.
  • CVE-2023-20887 - VMWare vRealize Network Insight Pre-Authenticated RCE (CVE-2023-20887).
  • elevationstation - elevate to SYSTEM any way we can!
  • SharpFtpC2 - A Streamlined FTP-Driven Command and Control Conduit for Interconnecting Remote Systems.
  • limba - compile-time control flow obfuscation using mba.
  • Banshee - Experimental Windows x64 Kernel Driver/Rootkit.
  • RDPCredentialStealer - steals credentials provided by users in RDP using API Hooking with Detours in C++.
  • HiddenDesktop - HVNC for Cobalt Strike.
  • DropSpawn_BOF - CobaltStrike BOF to spawn Beacons using DLL Application Directory Hijacking.
  • Terminator - Reproducing Spyboy technique to terminate all EDR/XDR/AVs processes.
  • superman - Kill processes protected by antivirus during offensive activities.
  • Blackout - kill anti-malware protected processes (BYOVD).
  • EPI - Process injection through entry points hijacking.
  • Ruy-Lopez This repository contains the Proof-of-Concept(PoC) for a new approach to completely prevent DLLs from being loaded into a newly spawned process.

New to Me and Miscellaneous

This section is for news, techniques, write-ups, tools, and off-topic items that weren't released last week but are new to me. Perhaps you missed them too!

  • mcfridafee
  • plane - Open Source JIRA, Linear and Height Alternative. Plane helps you track your issues, epics, and product roadmaps in the simplest way possible.
  • PythonMemoryModule - pure-python implementation of MemoryModule technique to load dll and unmanaged exe entirely from memory.
  • deepsecrets - Secrets scanner that understands code.

Techniques, tools, and exploits linked in this post are not reviewed for quality or safety. Do your own research and testing. This post is cross-posted on SIXGEN's blog.