Week 23 In Review – 2017

Events Related

Techniques

  • impacket – github.com
    This script will exploit CVE-2017-7494, uploading and executing the shared library specified by the user through the –so parameter.
  • Automating the Empire with the Death Star: getting Domain Admin with a push of a button – byt3bl33d3r.github.io
    Originally, I wanted something that could just take BloodHounds output, parse it, feed it to Empire and make it follow the ‘chain’. However, BloodHound does not take into account (at least to my knowledge) paths that could be achieved using domain privilege escalations such as GPP Passwords in SYSVOL (I personally find that one an almost every engagement).

Tools

  • Troll – github.com
    A source level debugger for C programs running on ARM Cortex-M parts. Utilizes the *blackmagic* probe and the *Qt* framework
  • City-Wide IMSI-Catcher Detection – seaglass.cs.washington.edu
    Modern cellphones are vulnerable to attacks by governments and hackers using rogue cellular transmitters called IMSI-catchers. These surveillance devices can precisely locate phones, and sometimes eavesdrop on communications, send spam, or inject malware into phones.
2017-06-08T19:10:20-07:00 June 4th, 2017|Security Conferences, Security Tools, Week in Review|0 Comments

Leave A Comment