Last Week in Security (LWiS) - 2024-05-06

Entra to on-prem (@_dirkjan), new bloodhound edges (@Jonas_B_K ), Chrome type confusion (@_manfp), GitHub RCE via actions (@Creastery), and more!

Last Week in Security is a summary of the interesting cybersecurity news, techniques, tools and exploits from the past week. This post covers 2024-04-29 to 2024-05-06.

News

Techniques and Write-ups

Tools and Exploits

  • okta-terrify - Okta Verify and Okta FastPass Abuse Tool.
  • cognito-scanner - A simple script which implements different Cognito attacks such as Account Oracle or Privilege Escalation.
  • KExecDD - Admin to Kernel code execution using the KSecDD driver.
  • Python-Beacon - Python files to aide with shellcode execution.
  • PPPwn - PPPwn - PlayStation 4 PPPoE RCE.
  • SharpGraphView - Microsoft Graph API post-exploitation toolkit.
  • symbolizer-rs - A fast execution trace symbolizer for Windows that runs on all major platforms and doesn't depend on any Microsoft libraries.

New to Me and Miscellaneous

This section is for news, techniques, write-ups, tools, and off-topic items that weren't released last week but are new to me. Perhaps you missed them too!

  • Hypervisor-Detection - Detects virtual machines and malware analysis environments.
  • wstunnel - Tunnel all your traffic over Websocket or HTTP2 - Bypass firewalls/DPI - Static binary available.
  • puter - 🌐 The Internet OS! Free, Open-Source, and Self-Hostable.
  • Installomator - Installation script to deploy standard software on Macs.
  • blint - BLint is a Binary Linter to check the security properties, and capabilities in your executables. Since v2, blint is also an SBOM generator for binaries.
  • (The) Postman Carries Lots of Secrets Don't sleep on Postman secrets!
  • QCSuper - QCSuper is a tool communicating with Qualcomm-based phones and modems, allowing to capture raw 2G/3G/4G radio frames, among other things.
  • proxybroker2 - The New (auto rotate) Proxy [Finder | Checker | Server]. HTTP(S) & SOCKS 🎭.
  • JS-Tap - JavaScript payload and supporting software to be used as XSS payload or post exploitation implant to monitor users as they use the targeted application. Also includes a C2 for executing custom JavaScript payloads in clients.
  • git-rotate - Leveraging GitHub Actions to rotate IP addresses during password spraying attacks to bypass IP-Based blocking.

Techniques, tools, and exploits linked in this post are not reviewed for quality or safety. Do your own research and testing.