Last Week in Security (LWiS) - 2023-08-29

DEF CON 31 tools and so much more!

Last Week in Security is a summary of the interesting cybersecurity news, techniques, tools and exploits from the past week. This post covers 2023-08-07 to 2023-08-29.

News

Techniques and Write-ups

Tools and Exploits

  • Ensemble - A Bug Bounty Platform that allows hunters to issue commands over a geo-distributed cluster. Gives some botnet like feels 🤔.
  • ContainYourself - DEF CON 31 Tool. Abuses the Windows containers framework to bypass EDRs.
  • NoFilter - DEF CON 31 Tool. Abuses the Windows Filtering Platform for privilege escalation.
  • DllNotificationInjection - DEF CON 31 Tool. POC of a new “threadless” process injection technique.
  • CloudRecon - DEF CON 31 Tool. Suite of tools for red teamers and bug hunters to find ephemeral and development assets in their campaigns and hunts.
  • EasyEASM DEF CON 31 Tool. Zero-dollar attack surface management tool. "The industry is dominated by $30k vendors selling "Attack Surface Management," but OG bug bounty hunters and red teamers know the truth" 👀
  • gssapi-abuse - DEF CON 31 Tool. Impersonating AD users on *nix based hosts? Noice. Looks like rubeus was updated as well.
  • DoubleDrive - BH23 Tool. A fully-undetectable ransomware that utilizes OneDrive to encrypt target files.
  • apppoolcreddecrypt - A POC to show how IIS App Pool credentials are decrypted without appcmd.exe.
  • NtRemoteLoad - Remote Shellcode injector using indirect native syscalls to inject shellcode into another process (based on HWSyscalls by ShorSec)
  • konstellation - Konstellation is a configuration-driven CLI tool to enumerate cloud resources and store the data into Neo4j. Think Bloodhound for k8s.
  • mellon - Open Supervised Device Protocol attack tool (and the Elvish word for friend).
  • CVE-2023-36874_BOF - Weaponized CobaltStrike BOF for CVE-2023-36874 Windows Error Reporting LPE.
  • SharpShellPipe - This lightweight C# demo application showcases interactive remote shell access via named pipes and the SMB protocol.

New to Me and Miscellaneous

This section is for news, techniques, write-ups, tools, and off-topic items that weren't released last week but are new to me. Perhaps you missed them too!

Techniques, tools, and exploits linked in this post are not reviewed for quality or safety. Do your own research and testing. This post is cross-posted on SIXGEN's blog.