Sponsor Demo - Altered 2

Last Week in Security is a summary of the interesting cybersecurity news, techniques, tools and exploits from the past week. This post covers 1970-01-01 to 1970-01-01.

News

Techniques and Write-ups

Tools and Exploits

  • Cobalt-Strike-Profiles-for-EDR-Evasion - Some ideas to modify CS profiles to bypass simple EDR checks. However, if you want to use SourcePoint I'm not sure I would trust the copy in this random repository...
  • GraphStrike - Cobalt Strike HTTPS beaconing over Microsoft Graph API implemented as a user defined reflective loader (URDL). Appreciate the Why? section on this one. Better hope those Blue team network sensors have really good anomaly detection, because this will use legitimate microsoft domains for C2. However, now you have Microsoft's threat team to deal with, and there has been some discussion that they will ban accounts that conduct C2 over their API if they detect it.
  • hi_my_name_is_keyboard. Zero click Bluetooth exploits for Android prior to the 2023-12-05 security patch (and Android <= 10 forever). Nice close access method to get payloads on an Android phone (assuming the target won't notice their screen acting up on its own). It also works against macOS and iOS (iOS < 17.2, Magic Keyboard Firmware < 2.0.6) if you can trigger it exactly when the computer/phone attempts to connect with an Apple Magic keyboard via Bluetooth.
  • slippy-book-exploit - CVE-2023-44451, CVE-2023-52076: RCE Vulnerability affected popular Linux Distros including Mint, Kali, Parrot, Manjaro etc. EPUB File Parsing Directory Traversal Remote Code Execution.
  • atril_cbt-inject-exploit - CVE-2023-44452, CVE-2023-51698: CBT File Parsing Argument Injection that affected Popular Linux Distros.
  • Awaiting the Awaitables - Building the AwaitFuscator. I doubt this is practical for programs of any complexity, but it's got to be one of the most bizarre obfuscators since the movfuscator. Code here.
  • proxy-helper-the-sequel - Port/rework of proxy-helper plugin for hak5 Pineapples.

New to Me and Miscellaneous

This section is for news, techniques, write-ups, tools, and off-topic items that weren't released last week but are new to me. Perhaps you missed them too!

Techniques, tools, and exploits linked in this post are not reviewed for quality or safety. Do your own research and testing.