ITSEC Newsletter 2024-01-25

Varonis Threat Labs discovered a new Outlook vulnerability (CVE-2023-35636) among three new ways to access NTLM v2 hashed passwords by exploiting Outlook, Windows Performance Analyzer (WPA), and Windows File Explorer. With access to these passwords, attackers can attempt an offline brute-force attack or an authentication relay attack to compromise an account and gain access.

The Windows Data Protection API, typically referred as DPAPI, is the built in Windows way to encrypt and decrypt data. In this post we will explore how the DPAPI works, and how, as offensive security professionals, we can abuse in several different scenarios, such as decrypting secrets, obtaining a victim's browser cookies and take over their sessions, etc.

This article will be a little different than some of the others, because I want to talk about the challenges of disassembling code, but writing a full disassembler could be an entire series to itself. So while this post will dive into some of the details (sometimes too deep) of how to disassemble x86, it won’t be sufficient depth or breadth to cover the topic. So for the sake of making a functional debugger, DbgRs will be using a rust crate for disassembly rather than one written from scratch.