Skip to main content
Christoph Kemetmüller

Random in Security 202322

··2 mins
News
Table of Contents

This post covers 2023-06-01 to 2023-06-01.

Vulnerabilities
#

CVE-2023-33248 - Amazon Alexa allows attackers to deliver security-relevant commands via an audio signal between 16 and 22 kHz (often outside the range of human adult hearing). A substantial fraction of the commands are successful.
#

https://www.usenix.org/system/files/sec23fall-prepub-261-xia-qi.pdf

CVE-2023-0386 - Privilege escalation exploit in OverlayFS
#

https://github.com/xkaneiki/CVE-2023-0386

Interesting Reads
#

Block C2 communication with Defender for Endpoint
#

https://jeffreyappel.nl/block-c2-communication-with-defender-for-endpoint/

Unleashing the Unseen: Harnessing the Power of Cobalt Strike Profiles for EDR Evasion
#

https://whiteknightlabs.com/2023/05/23/unleashing-the-unseen-harnessing-the-power-of-cobalt-strike-profiles-for-edr-evasion/ https://github.com/WKL-Sec/Malleable-CS-Profiles

OffensiveCon23 Recordings
#

https://www.youtube.com/playlist?list=PLYvhPWR_XYJmh-qBNKUrlyjQYKBpCDZzB

People’s Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection
#

https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF

ZipJar, a little bit unexpected attack chain | BadOption.eu
#

https://badoption.eu/blog/2023/06/01/zipjar.html

Tools
#

  • SySS-Research/smbcrawler - smbcrawler is no-nonsense tool that takes credentials and a list of hosts and ‘crawls’ (or ‘spiders’) through those shares
  • beurtschipper/Depix - Recovers passwords from pixelized screenshots
  • BeichenDream/GodPotato - Local privilege escalation tool
  • projectmonke/typewriter - Typewriter is a subdomain permutation tool written in Rust and heavily based on Gotator
  • six2dez/reconftw - reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
  • LaresLLC/ScrapingKit - Scraping Kit is made up of several tools for scraping services for keywords, useful for initial enumeration of Domain Controllers or if you have popped a user’s desktop and their outlook client (Blog Post)
  • netbiosX/Checklists - Red Teaming & Pentesting checklists for various engagements
  • kgretzky/evilginx2 - Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication. Evilginx 3.0 released
  • deFr0ggy/NightOwl - An offline Phishing Email Analyzer. Enabling non-techies to analyze phishing emails automatically
  • optiv/Freeze.rs - Freeze.rs is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls written in Rust