Last Week in Security (LWiS) - 2024-09-30
2024-10-1 11:59:0 Author: blog.badsectorlabs.com(查看原文) 阅读量:9 收藏

CUPS RCE (@evilsocket), driver vulns (@vinopaljiri), NamelessC2 release (@trickster012), liveness detection bypass (@CaptMeelo), Windows LPE (@ricnar456), and more!

Last Week in Security is a summary of the interesting cybersecurity news, techniques, tools and exploits from the past week. This post covers 2024-09-23 to 2024-09-30.

News

Techniques and Write-ups

Tools and Exploits

  • CVE-2024-38200 - CVE-2024-38200 - Microsoft Office NTLMv2 Disclosure Vulnerability.
  • Recursive-Loader - Code that was written about a year for a project for vx-underground. However, due to various reasons, the code is being publicly released. tl;dr recursive loader, painful to reverse engineer.
  • FaceDancer - FaceDancer is an exploitation tool aimed at creating hijackable, proxy-based DLLs by taking advantage of COM-based system DLL image loading.
  • IllusiveFog - Windows Administrator level Implant. (Code looks rough and in PoC format so careful)
  • NamelessC2 - A C2 with all its components written in Rust.
  • Ghostwriter v4.3: SSO, JSON Fields, and Reporting with BloodHound - Always nice to see updates to a solid tool.
  • elevator_decrypt_key.cpp - Unprotect the App-Bound Encryption Key via an RPC call to Google Chrome Elevation Service (PoC).
  • Living Off The Land ESXi - List of binaries/scripts natively available in VMware ESXi that adversaries have utilized in their operations.

New to Me and Miscellaneous

This section is for news, techniques, write-ups, tools, and off-topic items that weren't released last week but are new to me. Perhaps you missed them too!

Techniques, tools, and exploits linked in this post are not reviewed for quality or safety. Do your own research and testing.


文章来源: https://blog.badsectorlabs.com/last-week-in-security-lwis-2024-09-30.html
如有侵权请联系:admin#unsafe.sh