Last Week in Security (LWiS) - 2024-01-15

SSPI in Python (@snovvcrash), executing shellcode from VBA (@TheXC3LL), Mirth Connect pre-auth RCE (@Horizon3Attack), Visual Studio LPE (@filip_dragovic), DLL injection LPE (@m417z), Android ARM64 reversing (@Dauntless), and more!

Last Week in Security is a summary of the interesting cybersecurity news, techniques, tools and exploits from the past week. This post covers 2024-01-08 to 2024-01-15.

News

Techniques and Write-ups

Tools and Exploits

  • Kiosk Tooling. Next time you only have a browser and need to break out, browse to this site for some potential quick wins.
  • CS-Aggressor-Scripts - Aggressor Scripts for Cobalt Strike (that post data to a Slack Channel).
  • OpenVoice - Instant voice cloning by MyShell. I have warned of this, and now it is here and easy to use. Vishing will never be the same.
  • BobTheSmuggler - "Bob the Smuggler": A tool that leverages HTML Smuggling Attack and allows you to create HTML files with embedded 7z/zip archives. The tool would compress your binary (EXE/DLL) into 7z/zip file format, then XOR encrypt the archive and then hides inside PNG/GIF image file format (Image Polyglots).
  • SuperSharpShares - SuperSharpShares is a tool designed to automate enumerating domain shares, allowing for quick verification of accessible shares by your associated domain account.
  • pinvoke.dev - Code-generated P/Invoke signatures.
  • DFSCoerce-exe-2 - DFSCoerce exe revisited version with custom authentication.
  • raddebugger - A native, user-mode, multi-process, graphical debugger.

New to Me and Miscellaneous

This section is for news, techniques, write-ups, tools, and off-topic items that weren't released last week but are new to me. Perhaps you missed them too!

  • FlowMate - a BurpSuite extension that brings taint analysis to web applications, by tracking all parameters send to a target application and matches their occurrences in the responses.

Techniques, tools, and exploits linked in this post are not reviewed for quality or safety. Do your own research and testing.