Resumen Semanal de Ciberseguridad - Noticias, Tecnicas y Herramientas
Resumen Semanal de Ciberseguridad - Noticias, Tecnicas y Herramientas
Nota importada desde Inbox durante consolidacion bulk.
Resumen
Comprehensive weekly cybersecurity roundup organized into four sections: News, Techniques/Write-ups, Tools/Exploits, and Miscellaneous. Covers significant events including DHS disbanding CSRB during Salt Typhoon investigation, OpenAI Stargate Project ($500B), and multiple high-impact technical write-ups and exploit releases.
Contenido
News
- DHS Disbands CSRB: The Cyber Safety Review Board, one of CISA's few bright spots, was disbanded while investigating the Salt Typhoon telecom hack. Their review of the Summer 2023 Microsoft Exchange Online Intrusion led to real change at Microsoft
- Stargate Project: OpenAI announces $500B AI infrastructure project with $100B deploying immediately. Oracle involvement raises surveillance concerns
Techniques and Write-ups
| Write-up | CVE/Topic | Key Takeaway |
|---|---|---|
| Hacking Subaru STARLINK | Vehicle tracking | 2FA bypass by deleting popup; full vehicle tracking/control via admin panel |
| FortiOS Auth Bypass | CVE-2024-55591 | SSL VPN authentication bypass; PoC available |
| Debugging Undebuggable App | iOS debug bypass | Using lldb and disassembler to bypass debug protections |
| Cookie Sandwich Technique | HttpOnly cookie theft | Combination of XSS vulnerabilities to leak PHPSESSID |
| J-Magic Show | Magic packets backdoor | cd00r backdoor with challenge-response; mid-tier actor |
| Signal 0-click Deanonymization | CDN cache attack | Global CDN cache to narrow user physical location |
| MasterCard DNS Error | DNS typo | akam.ne vs akam.net went unnoticed for years |
| Entra Connect Tradecraft Pt 2 | Hybrid AD exploitation | Add credentials to user in another domain within same Entra tenant |
| CVE-2024-26230 | Windows Telephony EoP | Elevation of privilege with PoC |
| SUSCTL CVE-2024-54507 | XNU integer confusion | Information leakage due to 4-byte load |
| Offensive CGO ELF Loader | Go ELF loader | Mostly working ELF loader for offensive Go |
| Kerberos Relay via HTTP | Multicast poisoning | Pre-auth Kerberos relay via LLMNR spoofing |
| Clone2Leak | Git credential theft | Text parsing and newline injection issues in Git tools |
Tools and Exploits
| Tool | URL | Description |
|---|---|---|
| WinVisor | GitHub | Hypervisor-based emulator for Windows x64 user-mode executables |
| 7-Zip CVE-2025-0411 PoC | GitHub | MotW bypass PoC scenarios |
| Draugr | GitHub | BOF with Synthetic Stackframe |
| gitC2 | GitHub | C2 PoC using GitHub repository issues |
| OdinLdr | GitHub | CobaltStrike reflective loader with synthetic stackframe |
| speedloader | GitHub | Rust COFF loader template/library |
| slinger | GitHub | Impacket-lite CLI tool with single session |
| rpeloader | GitHub | Python on Windows with full submodule support |
Miscellaneous
| Item | URL | Description |
|---|---|---|
| TP-Link Router CVE-2024-54887 | InfoSec Write-ups | MIPS buffer overflow with ROP |
| Breaking Into Cybersecurity | jhalon.github.io | Comprehensive career guide |
| AuthStager | GitHub | Authenticated stager shellcode PoC |
| APEX | GitHub | Azure Post Exploitation Framework |
| CS-Aggressor-Kit | GitHub | Homemade Aggressor scripts for Cobalt Strike |
| SMB Signing Changes | DSInternals | Windows 24H2 SMB signing enforcement defaults |
Analisis
This week's roundup highlights several trends:
- SSL VPN risk: FortiOS CVE-2024-55591 reinforces the argument against exposing SSL VPNs
- Supply chain risk: Subaru STARLINK and MasterCard DNS errors show systemic third-party weaknesses
- Privacy erosion: 0-click Signal deanonymization via CDN caching demonstrates novel side-channel attacks
- Red team tooling: Multiple new C2 frameworks and loaders indicate active development in offensive tooling
Puntos Clave
- CSRB disbanded during active Salt Typhoon investigation
- FortiOS authentication bypass (CVE-2024-55591) with PoC available
- 0-click deanonymization attack affecting Signal, Discord and other platforms
- MasterCard DNS typo (akam.ne vs akam.net) unnoticed for years
- 8 new offensive tools and PoCs released
Referencias
- Sources linked inline throughout the content sections