Last Week in Security (LWiS) - 2023-06-26

More Fortinet RCE (@frycos), alloc-less injection (@bohops), embedded system hacking (@levaronsky), miniDLNA head exploitation (@hyprdude), dump creds from sshd (@jm33_m0), MS Teams phishing (@CorbridgeMax + @tde_sec), ThreatCheck + Ghidra (@_RastaMouse), driver dev for red team (@V3ded), and more!

Last Week in Security is a summary of the interesting cybersecurity news, techniques, tools and exploits from the past week. This post covers 2023-06-12 to 2023-06-26.


Techniques and Write-ups

Tools and Exploits

  • SSH-Harvester - Harvest passwords automatically from OpenSSH server. More details here.
  • CVE-2023-29343 - LPE in Sysmon version 14.14.
  • CVE-2023-20178 - PoC for Arbitrary File Delete vulnerability in Cisco Secure Client (tested on 5.0.01242) and Cisco AnyConnect (tested on 4.10.06079).
  • Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.
  • NimExec - Fileless Command Execution for Lateral Movement in Nim.
  • CS_COFFLoader - a COFF loader written in C#.
  • Spartacus-v2.0.0. Not a new tool but a big release for the DLL/COM Hijacking Toolkit (2.0 added COM hijacking).
  • bof-launcher - Beacon Object File (BOF) launcher - library for executing BOF files in C/C++/Zig applications.
  • GhostFart - Unhook NTDLL without triggering "PspCreateProcessNotifyRoutine".

New to Me and Miscellaneous

This section is for news, techniques, write-ups, tools, and off-topic items that weren't released last week but are new to me. Perhaps you missed them too!

  • msLDAPDump - LDAP enumeration tool implemented in Python3.
  • SharpToken - Windows Token Stealing Expert.
  • docker-swarm-proxy - What if you wanted a docker exec, but for Docker swarm? - Control any node in the swarm from your CLI.
  • PageSplit - Splitting and executing shellcode across multiple pages.
  • ropci - So, you think you have MFA? AAD/ROPC/MFA bypass testing tool.

Techniques, tools, and exploits linked in this post are not reviewed for quality or safety. Do your own research and testing. This post is cross-posted on SIXGEN's blog.