Last Week in Security (LWiS) - 2023-11-13

Initial access and Bobber (@Flangvik), Slack 🍪 fun (@Tw1sm), attacking EDR (@dottor_morte), finding hard-coded secrets (@frycos), and more!

Last Week in Security is a summary of the interesting cybersecurity news, techniques, tools and exploits from the past week. This post covers 2023-11-06 to 2023-11-13.

News

Techniques and Write-ups

Tools and Exploits

  • Nuclei AI - Browser Extension - Browser Extension for Rapid Nuclei Template Generation (requires a cloud account).
  • fastsync - Fast synchronization across networks using speedy compression, lots of parallelization and fast hashmaps for keeping track of things internally.
  • MAAS - Malware As A Service. This project describes a DevOps approach which leverages the CI/CD capabilities of gitlab to build a malware artifact generation pipeline.
  • SharpVeeamDecryptor - Decrypt Veeam database passwords.
  • proxyhub - An advanced [Finder | Checker | Server] tool for proxy servers, supporting both HTTP(S) and SOCKS protocols. 🎭
  • Bobber - Evilginx database monitoring with exfiltration automation.
  • SharpReflectivePEInjection - Reflectively load and execute PEs locally and remotely bypassing EDR hooks
  • CVE-2023-32629 & CVE-2023-2640: Privilege escalation - Ubuntu Privilege Escalation bash one-liner
  • .NetConfigLoader - List of .Net application signed by Microsoft that can be used to load a dll via a .config file (AppDomain Hijacking). Ideal for EDR/AV evasion and execution policy bypass.
  • Bloodhound_Community_Docker - Generator of docker-compose file to allow secure configurations and multi-deployment strategy.
  • CVE-Half-Day-Watcher - a security tool designed to highlight the risk of early exposure of Common Vulnerabilities and Exposures (CVEs) in the public domain.
  • GoSleepyCrypt - In-memory sleep encryption and heap encryption for Go applications through a shellcode function.

New to Me and Miscellaneous

This section is for news, techniques, write-ups, tools, and off-topic items that weren't released last week but are new to me. Perhaps you missed them too!

  • the !CVE Program - The mission of the !CVE Program is to provide a common space for cybersecurity !vulnerabilities that are not acknowledged by vendors but still are serious security issues.
  • hakrevdns - Small, fast tool for performing reverse DNS lookups en masse.
  • RoastInTheMiddle- Roast in the Middle is a rough proof of concept (not attack-ready) that implements a man-in-the-middle ARP spoof to intercept AS-REQ's to modify and replay to perform a Kerberoast or Sessionroast attack.
  • Implementing Tic Tac Toe with 170mb of HTML - no JS or CSS 🤯

Techniques, tools, and exploits linked in this post are not reviewed for quality or safety. Do your own research and testing. This post is cross-posted on SIXGEN's blog.