Last Week in Security (LWiS) - 2024-05-13

Evading MDI (@yaumn_), TAP->NTLM (@_dirkjan), ELF verifier (@kev169), Kerberos delegation + 🦀 in beacons (@_RastaMouse), and more!

Last Week in Security is a summary of the interesting cybersecurity news, techniques, tools and exploits from the past week. This post covers 2024-05-06 to 2024-05-13.

News

Techniques and Write-ups

Tools and Exploits

  • IconJector - Unorthodox and stealthy way to inject a DLL into the explorer using icons.
  • TrollDump - Injects a 64-bit managed DLL into a 64-bit managed or unmanaged process using setwindowshook.
  • pgdsat - PostgreSQL Database Security Assessment Tool.
  • grype - A vulnerability scanner for container images and filesystems.
  • parsnip - Parsnip is a program developed to assist in the parsing of protocols using the open source network security monitoring tool Zeek.
  • vulnrichment - A repo to conduct vulnerability enrichment.
  • ImmoralFiber - Fibers are an optional and largely undocumented component of the Windows operating system, existing only in user mode.
  • IPPrintC2 - PoC for using MS Windows printers for persistence / command and control via Internet Printing.

New to Me and Miscellaneous

This section is for news, techniques, write-ups, tools, and off-topic items that weren't released last week but are new to me. Perhaps you missed them too!

  • Raspberry Pi Connect - "...a secure and easy-to-use way to access your Raspberry Pi remotely, from anywhere on the planet, using just a web browser."
  • C-from-Scratch - A roadmap to learn C from Scratch.
  • regulator - Automated learning of regexes for DNS discovery.
  • confused - Tool to check for dependency confusion vulnerabilities in multiple package management systems.
  • ashirt-server - Adversary Simulators High-Fidelity Intelligence and Reporting Toolkit.
  • bsides-nashville-identity-crisis - Identity Crisis: Combating M365 Account Takeovers at Scale (BSides Nashville 2024).
  • Survivorship Bias and How Red Teams Can Handle It - Not the first time I've heard this before.
  • gcp-iam-brute - GCP IAM Brute is a tool that leverages the testIamPermissions feature in Google Cloud Platform (GCP) to perform fuzz testing for different permissions within GCP.
  • stalker - Stalker, the Extensible Attack Surface Management tool.
  • cloudmapper - CloudMapper helps you analyze your Amazon Web Services (AWS) environments.
  • waymore - Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan & VirusTotal!.

Techniques, tools, and exploits linked in this post are not reviewed for quality or safety. Do your own research and testing.