Last Week in Security (LWiS) - 2021-12-20

Explaining the 0click iOS exploit (@i41nbeer and @5aelo), new loader (@zux0x3a), first look at Nighthawk C2 (@peterwintrsmith and @modexpblog), new injection technique (@netero_1010), OST documentation (@_nwodtuhs), and more!

Last Week in Security is a summary of the interesting cybersecurity news, techniques, tools and exploits from the previous week. This post covers 2021-12-14 to 2021-12-20.

News

Techniques

Tools and Exploits

New to Me

This section is for news, techniques, and tools that weren't released last week but are new to me. Perhaps you missed them too!

  • awspx is a graph-based tool for visualizing effective access and resource relationships in AWS environments.
  • mariana-trench is Facebook's security focused static analysis tool for Android and Java applications.
  • adPEAS. Note this is not part of the "official" PEAS toolset. It's a Powershell tool to automate Active Directory enumeration.

Techniques, tools, and exploits linked in this post are not reviewed for quality or safety. Do your own research and testing. This post is cross-posted on SIXGEN's blog.