🐂 Renegade Security | NO. 3 (Standard Edition)
A Moses Frost Newsletter
The last few weeks were hectic for me, and as such, the Newsletter had to take a back seat. This week we return to some normalcy, I won’t get into the specifics, but I will mention that these newsletters are more of a labor of love, and I’d much rather put out quality than quantity. Here are some thoughts for the last few weeks. If, and I do mean if, Russia goes to war with Ukraine, then I suspect there would be a pretty large Cyber contingent. In a previous life when I was over at the previous company, they had plenty of visibility into what was going on in that country. While they have posted a blog recently around attacks, they also have history going back years. Take a look at those posts, this is actually not recent, but from the eyes of that country, systemic, persistent, and consistent since they took portions of that country.
Everything old is new Department
Before getting into all the Technical news, Sunday morning I saw this interesting youtube video. It’s a 15 minute watch, but also a quick read on twitter. While I understand why the company operates this way, I can just see all the mistakes they are making and know that they have a long way to go culturally before they come to the same conclusions. I suspect from a security standpoint, we will see TONS of bugs. Here is the link, its basically what is like to work at Tiktok (China) vs Facebook (US): https://twitter.com/LucasOuYang/thread/1493408428626100226. Here is one red flag: No unit tests.
There was a recent bit of how to read uninitialized memory in HTTP stacks recently in a Heartbleed like fashion, this time focused on HTTP3. This style of attacks a not new, in fact there was an issue in NodeJS years ago, this function still exists today.
While we are at it, how about write.exe in Windows? I believe this data back to Windows 1.0?
Speaking of old and new, backwards compatibility may plague us all for quite sometime, here is the Amazon Web Services version of the issue. It appears, AWS IDMSv2 transition will be difficult:
Crypto … To the moon? Derpartment (SIC).
What happens if the underlying network isn’t secure? BGP used to steal coins.
Watch this video, tell me your thoughts. It’s two hours, I know I know. But I will say, if you want to know whats going on right now with Crypto currencies, and NFTs, maybe this will give you a different, and dark, perspective.
I understand that there is a TON of Twitter in this newsletter, but this one is important. OpenSea NFTs were hacked en masse. The video above can show you somewhat why. To be frank, it has to do with a Solidity smart contract that appears to be stealing the code.
Windows Red Team Department
Someone released a OneDrive Logs (ODL) forensics tool, I suspect we can use this for red team as well.
YAAB (Yet Another AMSI Bypass).
Azure Security Guardrails, automate the deployment of hundreds of buttons.
Need to hide in windows? .NET Persistence Tool
Rootsecdev on Twitter posted this cheat sheet.
Find interesting strings in memory by hooking processes.
Cloud Security Department
“Updated February 8, 2022: Amazon GuardDuty for EKS Protection no longer enabled by default.”
Remote Desktop Web Access (RDS Web) Recon Tool: