December 19, 2021

CyberSecNews Weekly - 0x08-W5021

News

• Log4Shell Update: Second log4j Vulnerability Published (CVE-2021-44228 + CVE-2021-45046)
  A quick update on the situation now that a new log4j CVE has been created and patched in 2.16.0.

• [LOG4J2-3230] Certain strings can cause infinite recursion - ASF JIRA
  Just another chapter on the log4j saga.

• A list of scanners and detection signatures for log4j
  

• 3 New Malicious Packages Found on PyPI
  Not only log4j: 3 highly used malicious packages identified through text analysis

Tools

• Gotestwaf
  An open-source project in Golang to test different web application firewalls (WAF) for detection logic and bypasses

• LunaSec
  LunaSec (the company that discovered log4j vulnerability) is an end-to-end security system designed to protect your application by transparently encrypting sensitive data, from browser to database.

• StandIn
  StandIn is a small .NET35/45 AD post-exploitation toolkit

• APTSimulator
  A toolset to make a system look as if it was the victim of an APT attack

• Catalyst
  Catalyst is an incident response platform / SOAR (Security Orchestration, Automation and Response) system.

• List of IoCs by Sophos Labs
  Sophos-originated indicators-of-compromise from published reports

• Shellcode-Encryptor
  A simple shell code encryptor/decryptor/executor to bypass anti virus.

Articles

• DevSecOps resources
  A collection of awesome software, libraries, documents, books, resources and cool stuff about DevSecOps in cybersecurity

• Evadere Classifications
  A deep dive on the several types and tactiques used by attackers.

Tutorial

• Quick & Lazy Malware Development
  How to write your first malware, even if you don’t have advanced programming skills are required

• API Authentication with Tokens
  A description of several common patterns for client authentication based on tokens, and how can they be implemented in a Python API back end.

• SANS Internet Storm Center
  How to create a simple, but not detected Powershell backdoor.

• How I found the Grafana zero-day Path Traversal exploit that gave me access to your logs
  Detectify Crowdsource hacker was the first to find the zero-day Path Traversal in Grafana. He takes us through how he found the vulnerability

• CVE-2021-42287/CVE-2021-42278 Weaponisation
  An example of weaponising CVE-2021-42287/CVE-2021-42278

IR & Reversing

• How the “Contact Forms” campaign tricks people
  

• A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution
  A very technical articles about how a NSO zero-click exploit.

• Nation State Threat Group Targets Airline with Aclip Backdoor
  An attack on an Asian airline was uncovered, likely compromised by a state-sponsored adversary using a new backdoor that utilizes Slack. IBM Security X-Force experts share the findings from their research.