Last Week in Security (LWiS) - 2021-09-14

Word RCE, Advanced Nim tradecraft (@snovvcrash), TCC bypass (@_r3ggi), encrypted heap allocations (@waldoirc), vuln hunting with binary ninja (@renorobertr), token priv manipulation BOF (@the_bit_diddler + @hackersoup), Outlook for C2 (@0xBoku), automated DLL hijacking (@knight0x07), and more!

Last Week in Security is a summary of the interesting cybersecurity news, techniques, tools and exploits from the previous week. This post covers 2021-09-07 to 2021-09-14 (bonus day!).

News

Techniques

Tools and Exploits

New to Me

This section is for news, techniques, and tools that weren't released last week but are new to me. Perhaps you missed them too!

  • wwwgrep is a rapid search “grepping” mechanism that examines HTML elements by type and permits focused (single), multiple (file based URLs) and recursive (with respect to root domain or not) searches to be performed.
  • AppInitHook is a global user-mode hooking framework, based on AppInit_DLLs. The goal is to allow you to rapidly develop hooks to inject in an arbitrary process. Developed to reverse engineer and customize random applications, it has broad implications for read teaming.
  • ElusiveMice is a Cobalt Strike User-Defined Reflective Loader with AV/EDR Evasion in mind.

Techniques, tools, and exploits linked in this post are not reviewed for quality or safety. Do your own research and testing. This post is cross-posted on SIXGEN's blog.