Last Week in Security (LWiS) - 2024-09-23

0-click macOS RCE (@Turmio_), sudo iptables LPE (@suidpit + @smaury92), SkeletonCookie ☠️🍪 (@buffaloverflow), and more!

Last Week in Security is a summary of the interesting cybersecurity news, techniques, tools and exploits from the past week. This post covers 2024-09-16 to 2024-09-23.

News

Techniques and Write-ups

Tools and Exploits

  • CVE-2024-7965 - This repository contains PoC for CVE-2024-7965. This is the vulnerability in the Chrome V8 that occurs only within ARM64.
  • CVE-2024-40431-CVE-2022-25479-EOP-CHAIN - Local privilege Escalation for Windows that exploits the Realtek driver RtsPer.sys.
  • Aggressor-NTFY - Cobalt Strike notifications via NTFY.
  • gowitness 3.0 - A golang, web screenshot utility using Chrome Headless. The 3.0 update is a big one, with a new UI, new API, library support, reworked CLI, and more!
  • CloudShovel - A tool for scanning public or private AMIs for sensitive files and secrets. The tool follows the research made on AWS CloudQuarry where we scanned 20k+ public AMIs.
  • undocumented-aws-api-hunter - A tool to uncover undocumented APIs from the AWS Console.
  • NyxInvoke - NyxInvoke is a Rust CLI tool for running .NET assemblies, PowerShell, and BOFs with Patchless AMSI and ETW bypass features. with Dual-build support.
  • Announcing the Security Exceptions program pack 1.0 - "Every company establishes processes to identify security vulnerabilities, prioritize them, develop solutions, and, in some cases, strategically accept risk either temporarily or permanently. Security exceptions are closely tied to vulnerability management and involve escalating risks to the appropriate decision-makers, who determine whether delaying a fix or accepting the risk without addressing it is the right strategic decision. This release provides a simplified, repeatable process for managing exceptions."
  • winacl - A Go library for working with Windows access control lists, security descriptors, and more.
  • PPLrevenant - Bypass LSA protection using the BYODLL technique.
  • c2-vulnerabilities - A few CVEs from open-source C2 frameworks. Don't expose your C2? Covenant, Havoc, Ninja, Shad0w, and sliver affected. Full writeup here.

New to Me and Miscellaneous

This section is for news, techniques, write-ups, tools, and off-topic items that weren't released last week but are new to me. Perhaps you missed them too!

  • remotechrome - dump Chrome cookies remotely with atexec and CDP.
  • BYOSI - Evade EDR's the simple way, by not touching any of the API's they hook.
  • file-unpumper - Tool that can be used to trim useless things from a PE file such as the things a file pumper would add.
  • atuin - ✨ Magical shell history.
  • There - Track timezones 🌍.
  • uff - unleashed ffuf.
  • Simplifying XSS Detection with Nuclei - A New Approach - Nulcie with a new XSS detection engine!
  • PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit.
  • Damn-Vulnerable-Drone - Damn Vulnerable Drone is an intentionally vulnerable drone hacking simulator based on the popular ArduPilot/MAVLink architecture, providing a realistic environment for hands-on drone hacking.

Techniques, tools, and exploits linked in this post are not reviewed for quality or safety. Do your own research and testing.