🐂 Renegade Security | NO. 1 (Standard Edition)
With Moses Frost
For the week of January 24th, I was reading an article from Vice about NFTs that are able to track your IP address. This could have very big ramifications for privacy wonks, specifically since we are normally “protected” or “shielded” by the platforms. I say this because you normally are not able to see the IP addresses of the people who view your Twitter profile. What if however, you could? Twitter now features a mechanism to make your profile picture an NFT. This got me thinking…
I haven’t attempted this yet, but still, it does make you wonder.
PRIVACY WONKS AND NATION STATE ATTACKS DEPARTMENT
Apple Announced that they had about 1.8 Billion Apple Devices (that is all hardware). It’s good to see this come out, a personal safety user guide. It’s big, but it’s probably also for someone to develop tooling around.
Speaking of Apple, someone did a reverse engineer work on what appears to be Chinese Malware targeting the Beijing Olympics. It appears from the Github Repo, that the malware has a list of naughty words. It’s interesting what the malware looks for. These are things that someone with only a cursory knowledge of the country finds a bit fascinating. The file is called illegal words. This comes on the heels of MIT cutting its ties to a Chinese AI Firm.
Several Linux privilege escalation bugs are in the news this week. Some of these are patched before others. Then again with package managers, I feel like this should be automated at this point. It is on my servers. The first one is now called PwnKit. It is very trivial to exploit, and universally affects almost all versions of Linux.
The second bug is really targeting the kCTF, which is a Kubernetes CTF that can be downloaded used for security research, CTF’s, and testing.
I will include the exploit for the kCTF, but you can many examples for the PwnKit bug already.
CLOUD HACKING DEPARTMENT
This week we will be discussing AWS, Azure, and Azure AD. The first one in the news is an issue with Device Code Phishing. If you don’t know what Device Code Phishing is, it’s extremely devious because URL filters really have a hard time with them. The article does mention an evolution in Device Code Phishing in which a Phishing Group joins their attacker machine to Azure AD. Devious.
The second one is not necessarily security-related it’s more about a feature called Azure AD Cross Tenant Access Policies. This solves a fundamental issue with both External Account invites and multiple MFA policies in each tenant. It also opens the possibility that an attacker can abuse this. Stay tuned.
The third one is fun, it’s a great write-up on Exploiting a Lambda through a very strange mechanism. I suspect this was the output of something real world, but hard to gauge that theory.
How about a new way of executing shellcode by overwriting a function.
A Red Team Emulation Tool, similar to the Atomic Red Team tool from RedCanary, but for the cloud. Stratus Red Team.
For those that are trying to stop us, hackers, you may want to look at this user’s thread.
The link to their repo talks about KQL and how to use it with Microsoft Sentinel. Awesome-KQL-Sentinel.
I made a Hackerspace Community to share tweets with. This community will be open for now, so join while you can. Finally, for those interested in CTFs, you may find this announcement fun. New Team will be running the DEF CON CTF.