Last Week in Security (LWiS) - 2024-03-18

Windows patch diffing (@clearbluejar), FileCatalyst RCE (@Nettitude_Labs), Windows/Frida course (@FuzzySec), Tor WebTunnel bridges (@torproject, Pixel 7/8 Pro exploit (@_simo36), and more!

Last Week in Security is a summary of the interesting cybersecurity news, techniques, tools and exploits from the past week. This post covers 2024-03-11 to 2024-03-18.

News

Techniques and Write-ups

Tools and Exploits

  • BlueSpy - Proof of concept to record and replay audio from a bluetooth device without the legitimate user's awareness.
  • Introducing AzurEnum - The latest Azure tool - Intended to give pentesters/red teamers a good idea of the main security issues of an azure tenant and its permission structure. The code is here.
  • Gungnir - Gungnir is a command-line tool written in Go that continuously monitors certificate transparency (CT) logs for newly issued SSL/TLS certificates.
  • SymProcAddress - Zero EAT touch way to retrieve function addresses (GetProcAddress on steroids)
  • anfs - Asynchronous NFSv3 client in pure Python
  • Pixel_GPU_Exploit - Android 14 kernel exploit for Pixel7/8 Pro.
  • GamingServiceEoP - Exploit for arbitrary folder move in GamingService component of Xbox. GamingService is not default service. If service is installed on system it allows low privilege users to escalate to system.

New to Me and Miscellaneous

This section is for news, techniques, write-ups, tools, and off-topic items that weren't released last week but are new to me. Perhaps you missed them too!

  • Mythic Community Overview - Mythic agent capability matrix. Cool project for those that develop their own agents for Mythic.
  • localsend - An open-source cross-platform alternative to AirDrop
  • FindMeAccess - Finding gaps in Azure/M365 MFA requirements for different resources, client ids, and user agents. The tool is mostly based off Spray365's auditing logic.
  • PurpleLab - PurpleLab is an efficient and readily deployable lab solution, providing a swift setup for cybersecurity professionals to test detection rules, simulate logs, and undertake various security tasks, all accessible through a user-friendly web interface
  • DetectDee - Hunt down social media accounts by username, email or phone across social networks.
  • Moriarty - Moriarty is designed to enumerate missing KBs, detect various vulnerabilities, and suggest potential exploits for Privilege Escalation in Windows environments.
  • Miaow - Project Miaow is a prove of concept to escalate privileges in Microsoft Azure using an ARM template deployment
  • Payload Wizard - AI assistant that utilizes GPT language models to interpret and generate cybersecurity payloads 🪄. Github repo is here.

Techniques, tools, and exploits linked in this post are not reviewed for quality or safety. Do your own research and testing.