Vlad IonescuNov 10, 2022

@mnhenry had a fun time reversing a .NET app that tried to be sneaky, and a couple 0days fell out

https://rtx.meta.security/reversing/2022/09/21/Uncovering_Hidden_NET_Assemblies.html

Uncovering Hidden .NET Assemblies

Technical writeups by Meta’s Security folks, including Red Team.

Meta Red Team X
Show threadVlad IonescuNov 10, 2022

There was this LPE via an unprotected named pipe

https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-2gcx-hcj8-33x2

ControlUp cuAgent Task Manager Local Privilege Escalation

## Vulnerability Description: The cuAgent Task Manager creates a local Named Pipe WCF endpoint. Anyone authenticated on the system can use this pipe. There is no authentication on the receiver end...

GitHub
Show threadVlad Ionescu

And RCE as SYSTEM due to a poorly designed cryptosystem which became evident once the sample was decompiled :)

https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-vmc4-wm3f-w3fr

ControlUp Agent (cuAgent) Unauthenticated Remote Code Execution as "NT AUTHORITY\SYSTEM"

## Vulnerability Description: A remote, unauthenticated attacker can send a specially crafted payload to a computer running Smart-X ControlUp cuAgent. The cuAgent software will receive the payload...

GitHub
Nov 10, 2022 at 9:08pmWeb