Random in Security 202345

Covering the recent security news

4 min read - 743 words

Introduction

Random in Security is a summary of the cybersecurity news.

Vulnerabilities

CVE-2023-46747 - BIG-IP Configuration utility unauthenticated remote code execution vulnerability

The vulnerability is an unauthenticated authentication bypass issue that can lead to complete compromise of an F5 system with the Traffic Management User Interface (TMUI) exposed. The post describes how the vulnerability was identifed, the underlying issues that caused the bug, and the steps taken to turn the request smuggling into a critical vulnerability.

CVE-2023-32530 - SQL injection vulnerability in Trend Micro Apex Central 2019 via certificate

According to the technical write-up by Star Labs, the vulnerability CVE-2023-32530 is a SQL injection vulnerability in the web-based management interface of Trend Micro Apex Central (on-premise). This vulnerability could allow an authenticated user to perform a SQL injection attack that could lead to remote code execution. The vulnerability is caused by insufficient input validation in the affected software. The vendor has released a patch to address this vulnerability.

Reptar

Reptar is a Linux kernel module that can be used to detect and prevent certain types of kernel memory disclosure vulnerabilities. Tavis Ormandy provides a great technical writeup for the article. Intel have published updated microcode for all affected processors.

Interesting Reads

Detecting and annoying Burp users

The post discusses the use of Burp Suite, a popular web application security testing tool, and how to detect and annoy users who use it. The post describes how to identify Burp Suite users by analyzing their HTTP requests and then how to annoy them by sending them fake data or encoding their display in a way that makes it difficult to read. While the post is written in a humorous tone, it does provide some useful information on how to detect and mitigate the use of Burp Suite in web application security testing.

Ziso the Book

Es gibt eine Welt, die sich “Cyberspace” nennt, und die ihr aus Laptops und Handys schon kennt. Hier ist alles möglich und vieles erlaubt, dennoch wird leider recht oft auch geklaut. Hacker und Viren machen Dinge kaputt - zurück bleiben Chaos und Mengen an Schutt.

Data-Bouncing - The art of indirect exfiltration.

The post discusses a technique called “data-bouncing,” which is a method of exfiltrating data from a network by using an intermediary system to bounce the data to a final destination. The goal is to avoid detection by network defenders, who are trying to identify the source and destination of the data.

Privacy is Priceless, but Signal is Expensive

Signal spends tens of millions of dollars every year to provide their messanger service. They provide an comparison to the multi-billion-dollar corporations, and whose business models directly contravene Signal’s privacy mission. The article aims to provide transparency into the costs of providing a privacy-preserving alternative to mainstream messaging apps. It can be seen as a call to action to support the cause.

Detection Engineering at MITRE ATT&CKCON 2023

In the talk “Detection as Code, Automation, and Testing: The Key to Unlocking the Power of Detection Engineering” Olaf Hartong provided some insights about the Detection Engineering approach at FalconForce. Automation is key, while maintaining an agile approach.

Tools

WolfPack

WolfPack combines the capabilities of Terraform and Packer to streamline the deployment of red team redirectors on a large scale.

SpecterInsight

SpecterInsight is a cross-platform, post-exploitation command and control framework based on .NET for red team engagements, threat emulation, and training.

Starkiller

Starkiller is a Frontend for PowerShell Empire.

go-shellcode

A repository of Windows Shellcode runners and supporting utilities. The applications load and execute Shellcode using various API calls or techniques.

Elastic Security detection engine RTA

Red Team Automation code used to emulate attacker techniques, used for rule testing

Turul

Turul as a C2 is based on numerous commerical and open source projects, and our experience of developing custom tooling to meet the needs of clients on various CBEST, cross border Red Teams and other engagements.

Modlishka

Modlishka. Reverse Proxy.

muraena

Muraena is an almost-transparent reverse proxy aimed at automating phishing and post-phishing activities.