Last Week in Security (LWiS) - 2024-07-22

REx (@br0k3ns0und), EV charger exploits (@ret2systems), CerealKiller (@two06), payload encoding (@MoritzLThomas), responder honeypot (@lawndoc), and more!

Last Week in Security is a summary of the interesting cybersecurity news, techniques, tools and exploits from the past week. This post covers 2024-07-15 to 2024-07-22.

News

Techniques and Write-ups

  • Punch Card Hacking - Exploring a Mainframe Attack Vector - Mainframes are more prevalent than you would think - they run the backends of many major companies. I would be terrified to do anything to a production mainframe, but this article can get you started and Hercules is an emulator you can test against.
  • Introducing the REx: Rule Explorer Project - "This project provides a mechanism for interacting with various popular [yara] rule sets, in order to have a better understanding of the detection landscape, and quickly survey and compare multiple approaches." Think of it as the RedELK of yara?

Tools and Exploits

  • CerealKiller - .NET deserialization hunter.
  • Hunt - MS word VBS macros for hunting for key words across files in a defined share.
  • eyeballvul - future-proof vulnerability detection benchmark, based on CVEs in open-source repos.
  • deep-tempest - Restoration for TEMPEST images using deep-learning (eavesdrop on HDMI from EMF via SDR).
  • chunkloader - A chrome/Firefox extension to retrieve and load react javascript chunks all at once for a wide range of javascript techs.
  • Respotter is a Responder honeypot! Catch attackers and red teams as soon as they spin up Responder in your environment.
  • codasm - Payload encoding utility to effectively lower payload entropy.
  • PwnedBoot - Using Windows' own bootloader as a shim to bypass Secure Boot.
  • ZeroHVCI accomplishes arbitrary kernel read/writes/function calling in Hypervisor-Protected Code Integrity (HVCI) protected environments calling without admin permissions or kernel drivers.
  • lemma - Remote CLI tools at your fingertips.

New to Me and Miscellaneous

This section is for news, techniques, write-ups, tools, and off-topic items that weren't released last week but are new to me. Perhaps you missed them too!

Techniques, tools, and exploits linked in this post are not reviewed for quality or safety. Do your own research and testing.