Last Week in Security (LWiS) - 2024-07-29
2024-7-30 11:59:0 Author: blog.badsectorlabs.com(查看原文) 阅读量:14 收藏

Specula (@Oddvarmoe + @freefirex2), 🧵 namecalling (@hasherezade), North Korean 🇰🇵 agents, Llama 3.1 (@Meta), GraphSpy updates (@RedByte1337), and more!

Last Week in Security is a summary of the interesting cybersecurity news, techniques, tools and exploits from the past week. This post covers 2024-07-22 to 2024-07-29.

News

Techniques and Write-ups

Tools and Exploits

  • Specula - Turning Outlook Into a C2 With One Registry Change - Did you know that Outlook has access to the entire system via COM/vbscript and that a custom homepage URL can use those features? Specula uses this to turn Outlook into a C2 - some solid traitorware!
  • VulnCheck go-exploit Goes Scanless - go-exploit-cache can now ingest shodan data or pcap data to find vulnerabilities without active scanning.
  • GraphSpy - Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI. Not new but just added the ability to list and modify MFA methods!
  • SyscallTempering improves upon the previous research and obtains a list of system calls that are not hooked by the currently running EDR solution (tested against sophos).
  • thread_namecalling - Process Injection using Thread Name. Full blogpost here.
  • edr_blocker - Blocks EDR Telemetry by performing Person-in-the-Middle attack where network filtering is applied using iptables. The blocked destination IP addresses are parsed based on the server name in TLS Client Hello packet and the provided blocked server name (or blocked string) list in the file.
  • SessionExec - Execute commands in other Sessions.

New to Me and Miscellaneous

This section is for news, techniques, write-ups, tools, and off-topic items that weren't released last week but are new to me. Perhaps you missed them too!

Techniques, tools, and exploits linked in this post are not reviewed for quality or safety. Do your own research and testing.


文章来源: https://blog.badsectorlabs.com/last-week-in-security-lwis-2024-07-29.html
如有侵权请联系:admin#unsafe.sh