ITSEC Newsletter
Posts
ITSEC Newsletter 2024-01-04

ITSEC Newsletter 2024-01-04

Red team is best team

Henrik Falk
January 04, 2024

The Blind Spots of Automated Web App Assessments

This post illustrates the importance of manual code review when doing application security. Relying heavily on automated tools can give you some grim blind spots that pose a significant risk to the application. This is not a post that states that automated application tools are useless, but merely an attempt to give a correct picture of where these tools are lacking. Nor is this a blog post telling you that scanner x is better than scanner y. The scanners picked for this test was purely of what we could get access to in a given timeframe while we assessed the scanners for other reasons. There are several great ways to utilize these scanners and have an impact. But your critical applications should be subject for a manual assessment.

baldur.dk/blog/automated-web-assessment.html

Hide and Seek in Windows' Closet: Unmasking the WinSxS Hijacking Hideout

Our investigation has revealed an innovative approach that leverages executables commonly found in the trusted WinSxS folder and exploits them via the classic DLL Search Order Hijacking technique. This method allows threat actors to circumvent high privilege requirements to execute malicious code in applications within the Windows folder, specifically WinSxS, and eliminates the need for additional binaries in the attack chain. Furthermore, it facilitates the execution of malicious code from any location, and it is compatible with both Windows 10 and 11.

www.securityjoes.com/post/hide-and-seek-in-windows-closet-unmasking-the-winsxs-hijacking-hideout

Bitwarden Heist - How to Break Into Password Vaults Without Using Passwords

Sometimes, making particular security design decisions can have unexpected consequences. For security-critical software, such as password managers, this can easily lead to catastrophic failure: In this blog post, we show how Bitwarden’s Windows Hello implementation allowed us to remotely steal all credentials from the vault without knowing the password or requiring biometric authentication. When we discovered this during a penetration test it was so unexpected for us that we agreed with our client to publish a blog post about it and tell the story.

blog.redteam-pentesting.de/2024/bitwarden-heist