ITSEC Newsletter 2024-09-26

Author

Henrik Falk
September 26, 2024

Vulnerabilities in Open Source C2 Frameworks

Application and source code security assessments are the primary focus of our work at Include Security, but sometimes network pentesting that uses software written by other hackers is needed. I decided to investigate Command & Control (C2) frameworks used in network and red teaming assessments. I started digging into in the code of open source frameworks to understand how they work, and ended up finding a fun mix of authenticated and unauthenticated RCE (remote code execution) vulnerabilities.

blog.includesecurity.com/2024/09/vulnerabilities-in-open-source-c2-frameworks

(Anti-)Anti-Rootkit Techniques - Part II: Stomped Drivers and Hidden Threads

This post will cover some evasions against this specific anti-rootkit and as such build upon Part I - if you have not read it, you might want to do it now. It is a rather short read anyway. Also check out my rootkit Banshee and the anti-rootkit unKover. This post is mainly an aggregation of known anti-rootkit/anti-cheat evasion techniques and me coming up with ways to detect them.

eversinc33.com/posts/anti-anti-rootkit-part-ii.html

Exploiting AMD atdcm64a.sys arbitrary pointer dereference

In this series of blog posts I’ll describe how I found two vulnerabilities in a Windows kernel driver part of an old AMD software package and how I exploited them in order to achieve local privilege escalation. Probably, this article won’t be very useful for experienced exploit developers/vulnerability researchers, but I think it will be useful for red teamers that are looking for vulnerable drivers that are not blacklisted, in order to disable/bypass EDRs. In addition, I’ll focus on how to use IDA Pro to reverse and then debug drivers with the assistance of the pseudocode.

security.humanativaspa.it/exploiting-amd-atdcm64a-sys-arbitrary-pointer-dereference-part-1