Last Week in Security (LWiS) - 2024-08-26

"USDoD" doxed, VEH research (@passthehashbrwn), Defender exclusions (@dazzyddos), CSS history leak (@TheXC3LL), Cobalt Strike DNS listeners (@VirtualAllocEx), and more!

Last Week in Security is a summary of the interesting cybersecurity news, techniques, tools and exploits from the past week. This post covers 2024-08-19 to 2024-08-26.

News

Techniques and Write-ups

Tools and Exploits

  • ipapocket - Python library for interacting with FreeIPA network protocols.
  • CVE-2024-3183-POC - POC for CVE-2024-3183 (FreeIPA Rosting).
  • CVE-2024-38856-EXP - CVE-2024-38856 is a pre-authentication flaw in Apache OFBiz that can lead to remote code execution
  • CAPs - Scripts to enumerate and report on Entra Conditional Access.
  • CVE-2024-38054 - Windows LPE in the Kernel Streaming WOW Thunk Service Driver takes you from user straight to SYSTEM.
  • CVE-2024-38063 - Crash PoC for CVE-2024-38063 (RCE in tcpip.sys on Windows).
  • IDA_PHNT_TYPES - Converted phnt (Native API header files from the System Informer project) to IDA TIL, IDC (Hex-Rays).
  • New-ScheduledTaskSession.ps1 - A way to execute code remotely in the context of a scheduled task process. PoC aims to bypass NETWORK logon limitations like the Windows Update API.
  • USP - Establishes persistence on a Linux system by creating a udev rule that triggers the execution of a specified payload (binary or script).
  • rwgopack - Example Linux based packer for ELF binaries that uses ZLib to compress and then XOR cipher single byte key the payload while creating a self unpacking binary.
  • Common-PIN-Analysis-from-haveibeenpwned.com - "I gathered data from haveibeenpwned.com for every common PIN and how often it is used. I am sharing with you a complete wordlist sorted by the most popular PINs first. Feel free to download it and test your favorite PIN to see how popular it is among everybody."
  • VeilTransfer - VeilTransfer is a data exfiltration utility designed to test and enhance the detection capabilities. This tool simulates real-world data exfiltration techniques used by advanced threat actors, allowing organizations to evaluate and improve their security posture.

New to Me and Miscellaneous

This section is for news, techniques, write-ups, tools, and off-topic items that weren't released last week but are new to me. Perhaps you missed them too!

Techniques, tools, and exploits linked in this post are not reviewed for quality or safety. Do your own research and testing.