Last Week in Security (LWiS) - 2024-07-08

👻 Ghostscript exploit (@thomasrinsma), CSPT2CSRF (@maxenceschmitt), Puppet Forge pwn (@adnanthekhan), WhatsUp Gold RCE+privesc (@SinSinology), UDRL-less beacon (@naksyn), EDRPrison (@senzee1984), and more!

Last Week in Security is a summary of the interesting cybersecurity news, techniques, tools and exploits from the past week. This post covers 2024-07-01 to 2024-07-08.

News

Techniques and Write-ups

Tools and Exploits

  • EDRPrison - Leverage a legitimate WFP callout driver to prevent EDR agents from sending telemetry.
  • View8 - Decompiles serialized V8 objects back into high-level readable code.
  • DojoLoader - Generic PE loader for fast prototyping evasion techniques.
  • FlowAnalyzer - FlowAnalyzer is a tool to help in testing and analyzing OAuth 2.0 Flows, including OpenID Connect (OIDC).

New to Me and Miscellaneous

This section is for news, techniques, write-ups, tools, and off-topic items that weren't released last week but are new to me. Perhaps you missed them too!

  • ETWListicle - List the ETW provider(s) in the registration table of a process.
  • runpe-x64 - RunPE adapted for x64 and written in C, does not use RWX.

Techniques, tools, and exploits linked in this post are not reviewed for quality or safety. Do your own research and testing.