Last Week in Security (LWiS) - 2024-03-04

macOS LPE (@patch1t), Ivanti backdoors (@NVISO_Labs), ESC14 (@Jonas_B_K), token theft (@rootsecdev), LSASS dumping (@Octoberfest73), and more!

Last Week in Security is a summary of the interesting cybersecurity news, techniques, tools and exploits from the past week. This post covers 2024-02-26 to 2024-03-04.


Techniques and Write-ups

Tools and Exploits

  • RKS - A script to automate keystrokes through a graphical desktop program (evilrdp may be a better choice).
  • SilverSamlForger - Silver SAML Forger is C# tool that helps you create custom SAML responses. It can be used to implement the Silver SAML attack.
  • dnsx 1.2.0 - This release adds the -recon flag which could eliminate/augment other tools in your recon pipeline.
  • MultCheck - Identifies bad bytes from static analysis with any Anti-Virus scanner.
  • SharpLansweeperDecrypt - Automatically extract and decrypt all configured scanning credentials of a Lansweeper instance.
  • mail-in-the-middle - Typo squating + mail = shells. See the Mail in the Middle post for more info.
  • Nemesis-Download-Watcher - Watches the Downloads folder for any new files and inserts it into Nemesis for analysis.

New to Me and Miscellaneous

This section is for news, techniques, write-ups, tools, and off-topic items that weren't released last week but are new to me. Perhaps you missed them too!

Techniques, tools, and exploits linked in this post are not reviewed for quality or safety. Do your own research and testing.