Search:

Last Week in Security (LWiS) - 2025-08-25

WebClient deep dive (@0xthirteen), 2x RCE chains in Commvault (@chudyPB), how to rob a hotel (@dmcxblue), MSI patch/protocol handler RCE (@johnnyspandex), self-relaying (@_logangoins), and more!

Last Week in Security is a summary of the interesting cybersecurity news, techniques, tools and exploits from the past week. This post covers 2025-08-18 to 2025-08-25.

News

Techniques and Write-ups

Tools and Exploits

  • ludus_k3s - Role for creating a k3s cluster in Ludus.
  • ludus_litterbox_role - A role for deploying LitterBox - a comprehensive malware analysis sandbox - on Windows systems within Ludus lab environments.
  • PhrackCTF - Binary Exploitation Phrack CTF Challenge.
  • pyghidra-mcp - Python Command-Line Ghidra MCP.
  • legba 1.1.0 - A multiprotocol credentials bruteforcer / password sprayer and enumerator. 🥷. The 1.1.0 release brings a ton of improvements!
  • vCenterHound - Collect infrastructure and permissions data from vCenter and export it as a BloodHound‑compatible graph using Custom Nodes/Edges.
  • DllShimmer - Weaponize DLL hijacking easily. Backdoor any function in any DLL.
  • CreateProcessAsPPL - This is the loader that supports running a program with Protected Process Light (PPL) protection functionality.
  • RtlHijack - Alternative Read and Write primitives using Rtl* functions the unintended way.
  • DeviceToken - Request device ticket/token using the device's MSA.
  • bhopengraph - A python library to create BloodHound OpenGraphs.
  • BlockEDRTraffic - Two tools written in C that block network traffic for blacklisted EDR processes, using either Windows Defender Firewall (WDF) or Windows Filtering Platform (WFP).

New to Me and Miscellaneous

This section is for news, techniques, write-ups, tools, and off-topic items that weren't released last week but are new to me. Perhaps you missed them too!

  • BruteForceAI - Advanced LLM-powered brute-force tool combining AI intelligence with automated login attacks.
  • ATEAM - A Python reconnaissance tool designed to discover Azure services and attribute tenant ownership information based on their responses.
  • Hey… quick question, why are anime catgirls blocking my access to the Linux kernel? - In the cat and mouse game of bot defense, Anubis is but a minor annoyance for bot operators.
  • facade is an enterprise-security anomaly detection system developed by Google. It is a high-precision deep-learning-based machine learning system used in a number of applications across Google. It is used as a last line of defense against insider threats, as an ACL recommendation system, and as a way to detect account compromise.
  • defcon33_silence_kill_edr - A workshop from DEF CON 33 on how to silence and kill EDRs.

Techniques, tools, and exploits linked in this post are not reviewed for quality or safety. Do your own research and testing.

page 1 | older articles »