Renegade Security

Share this post

🐂 Renegade Security | NO. 1 (Standard Edition)

blog.mosesfrost.com

🐂 Renegade Security | NO. 1 (Standard Edition)

With Moses Frost

Moses Frost
Jan 31, 2022
Share this post

🐂 Renegade Security | NO. 1 (Standard Edition)

blog.mosesfrost.com

GENERAL THOUGHTS

For the week of January 24th, I was reading an article from Vice about NFTs that are able to track your IP address. This could have very big ramifications for privacy wonks, specifically since we are normally “protected” or “shielded” by the platforms. I say this because you normally are not able to see the IP addresses of the people who view your Twitter profile. What if however, you could? Twitter now features a mechanism to make your profile picture an NFT. This got me thinking


Twitter avatar for @mosesrenegade
mosesrenegade @mosesrenegade
Tracking cookies
 but delivered as an NFT đŸ€”
5:18 PM ∙ Jan 28, 2022

I haven’t attempted this yet, but still, it does make you wonder.

  • NFT Steals IP Address

PRIVACY WONKS AND NATION STATE ATTACKS DEPARTMENT

Apple Announced that they had about 1.8 Billion Apple Devices (that is all hardware). It’s good to see this come out, a personal safety user guide. It’s big, but it’s probably also for someone to develop tooling around.

Speaking of Apple, someone did a reverse engineer work on what appears to be Chinese Malware targeting the Beijing Olympics. It appears from the Github Repo, that the malware has a list of naughty words. It’s interesting what the malware looks for. These are things that someone with only a cursory knowledge of the country finds a bit fascinating. The file is called illegal words. This comes on the heels of MIT cutting its ties to a Chinese AI Firm.

EXPLOITS DEPARTMENT

Several Linux privilege escalation bugs are in the news this week. Some of these are patched before others. Then again with package managers, I feel like this should be automated at this point. It is on my servers. The first one is now called PwnKit. It is very trivial to exploit, and universally affects almost all versions of Linux.

The second bug is really targeting the kCTF, which is a Kubernetes CTF that can be downloaded used for security research, CTF’s, and testing.

I will include the exploit for the kCTF, but you can many examples for the PwnKit bug already.

CLOUD HACKING DEPARTMENT

This week we will be discussing AWS, Azure, and Azure AD. The first one in the news is an issue with Device Code Phishing. If you don’t know what Device Code Phishing is, it’s extremely devious because URL filters really have a hard time with them. The article does mention an evolution in Device Code Phishing in which a Phishing Group joins their attacker machine to Azure AD. Devious.

The second one is not necessarily security-related it’s more about a feature called Azure AD Cross Tenant Access Policies. This solves a fundamental issue with both External Account invites and multiple MFA policies in each tenant. It also opens the possibility that an attacker can abuse this. Stay tuned.

The third one is fun, it’s a great write-up on Exploiting a Lambda through a very strange mechanism. I suspect this was the output of something real world, but hard to gauge that theory.

How about a new way of executing shellcode by overwriting a function.

A Red Team Emulation Tool, similar to the Atomic Red Team tool from RedCanary, but for the cloud. Stratus Red Team.

For those that are trying to stop us, hackers, you may want to look at this user’s thread.

Twitter avatar for @reprise_99
Matt Zorich @reprise_99
Looking for some resources to learn #KQL or #MicrosoftSentinel? @coder_au and I have put together a curated list of awesome official and community resources available here - github.com/reprise99/awes

Image
12:06 AM ∙ Jan 23, 2022
273Likes85Retweets

The link to their repo talks about KQL and how to use it with Microsoft Sentinel. Awesome-KQL-Sentinel.

FINAL THOUGHTS

I made a Hackerspace Community to share tweets with. This community will be open for now, so join while you can. Finally, for those interested in CTFs, you may find this announcement fun. New Team will be running the DEF CON CTF.

Twitter avatar for @Nautilus_CTF
Nautilus Institute @Nautilus_CTF
Thanks to @defcon for letting us steer the ship of the DEF CON CTF. Quals is Quals May 28-29. Pirate puns this weekend. 👀
10:47 PM ∙ Jan 28, 2022
164Likes45Retweets
Share this post

🐂 Renegade Security | NO. 1 (Standard Edition)

blog.mosesfrost.com
Comments
TopNew

No posts

Ready for more?

© 2023 Moses Frost
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great writing