Last Week in Security (LWiS) - 2024-06-24

Electron security (@khronokernel), snapshot fuzzing (@h0mbre_), macOS helpers LPE (@L0Psec), and more!

Last Week in Security is a summary of the interesting cybersecurity news, techniques, tools and exploits from the past week. This post covers 2024-06-17 to 2024-06-24.

News

Techniques and Write-ups

Tools and Exploits

  • RedFlag - RedFlag uses AI to identify high-risk code changes. Run it in batch mode for release candidate testing or in CI pipelines to flag PRs and add reviewers. RedFlag's flexible configuration makes it valuable for any team.
  • MSC_Dropper - is a Python script designed to automate the creation of MSC (Microsoft Management Console) files with customizable payloads for arbitrary execution. This tool leverages a method discovered by Samir (@SBousseaden) from Elastic Security Labs, termed #GrimResource, which facilitates initial access and evasion through mmc.exe.
  • gimmick - Section-based payload obfuscation technique for x64.
  • DOSVisor - x86 Real-Mode MS-DOS Emulator using Windows Hypervisor Platform.
  • Lifetime-Amsi-EtwPatch - Two in one, patch lifetime powershell console, no more etw and amsi!
  • FetchPayloadFromDummyFile - Construct a payload at runtime using an array of offsets.

New to Me and Miscellaneous

This section is for news, techniques, write-ups, tools, and off-topic items that weren't released last week but are new to me. Perhaps you missed them too!

  • SigmaPotato - SeImpersonate privilege escalation tool for Windows 8 - 11 and Windows Server 2012 - 2022 with extensive PowerShell and .NET reflection support.
  • volana - 🌒 Shell command obfuscation to avoid detection systems.
  • Sn1per - Attack Surface Management Platform.
  • nerve - Instrument any LLM to do actual stuff.
  • nusantara - T-Guard is an innovative security operations center (SOC) solution that leverages the strength of leading open-source tools to provide robust protection for your digital assets.
  • goaccess - GoAccess is a real-time web log analyzer and interactive viewer that runs in a terminal in *nix systems or through your browser.
  • VR_roadmap.md - Becoming a Vulnerability Researcher roadmap
  • reverst - Reverse Tunnels in Go over HTTP/3 and QUIC.
  • Image Location Search - Could be cool for some OSINT practitioners out there.
  • LogHunter - Opsec tool for finding user sessions by analyzing event log files through RPC (MS-EVEN).

Techniques, tools, and exploits linked in this post are not reviewed for quality or safety. Do your own research and testing.