Last Week in Security (LWiS) - 2023-10-09

Looney Tunables Linux LPE (@qualys), Impending curl issue (@bagder), macOS gatekeeper bypass 0day (@_xpn_), firewall unauth RCE (@watchtowrcyber), sccmhunter update (@garrfoster), loaders (@mcbroom_evan), and more!

Last Week in Security is a summary of the interesting cybersecurity news, techniques, tools and exploits from the past week. This post covers 2023-10-02 to 2023-10-09.


Techniques and Write-ups

Exploring the STSAFE-A110 Analysing I2C communications between host and the secure element - Some physical device hacking with a logic analyzer to read I2C of a secure element.

Tools and Exploits

  • linWinPwn - Bash script that automates a number of Active Directory Enumeration and Vulnerability checks. Will be interesting if they keep up with this project. Interesting new project since it's using the new NetExec . Will other tools do the same?
  • LatLoader - PoC module to demonstrate automated lateral movement with the Havoc C2 framework.
  • sccmhunter v.0.0.2 - Updated Admin Module - SCCM is the gift that keeps on giving. This is a new easy way to execute commands on managed machines (Administration Service API).
  • archive_pwn - A Python-based tool to create zip, tar and cpio archives to exploit common archive library issues and developer mistakes. Blog Post.
  • SmmBackdoorNg - Updated version of System Management Mode backdoor for UEFI based platforms: old dog, new tricks.

New to Me and Miscellaneous

This section is for news, techniques, write-ups, tools, and off-topic items that weren't released last week but are new to me. Perhaps you missed them too!

  • Browser cache smuggling - Interesting payload delivery technique.
  • Registry Attack Vectors(RTC0018) - A big list of interesting reg keys.
  • Kerberos 102 - Overview Three part blog series on kerberos, delegation, and cross-realm. You can never read enough about kerberos.
  • ted_api - TED is a limited general purpose reverse engineering API, and hybrid debugger, that allows for inspection and modification of a program's inner workings. TED carries out its functionality by being injected into a target process and starting a gRPC server, which clients can then connect to.
  • agent - SSH Session Monitoring Daemon.

Techniques, tools, and exploits linked in this post are not reviewed for quality or safety. Do your own research and testing. This post is cross-posted on SIXGEN's blog.