Last Week in Security (LWiS) - 2022-04-11

Full Edge exploit (@33y0re), dynamic P/Invoke (@bohops), Veeam exploits (@SinSinology), macOS LPE (@patch1t), AV debugger (@PlowSec), SMB over QUIC (@_xpn_), and more!

Last Week in Security is a summary of the interesting cybersecurity news, techniques, tools and exploits from the previous week. This post covers 2022-04-04 to 2022-04-11.

News

Techniques and Write-ups

Tools and Exploits

  • ARCInject can overwrite a process's recovery callback and execute with WER.
  • Jeeves is made for looking to Time-Based Blind SQLInjection through recon.
  • bore is a simple CLI tool for making tunnels to localhost.
  • ransomware-simulator is a ransomware simulator written in Golang.
  • SwiftInMemoryLoading is a Swift implementation of in-memory Mach-O loading on macOS. Blog post soon?
  • inflate.py artificially inflate a given binary to exceed common EDR file size limits. Can be used to bypass common EDR.
  • com_inject performs process injection via Component Object Model (COM) IRundown::DoCallback(). Blog post here.

New to Me

This section is for news, techniques, write-ups, tools, and off-topic items that weren't released last week but are new to me. Perhaps you missed them too!

  • WeakestLink is a browser extension that extracts users from LinkedIn company pages.
  • uncover quickly discovers exposed hosts on the internet using multiple search engines.
  • sub3suite is a research-grade suite of tools for Subdomain Enumeration, OSINT Information gathering & Attack Surface Mapping that supports both manual and automated analysis on variety of target types with many available features & tools.

Techniques, tools, and exploits linked in this post are not reviewed for quality or safety. Do your own research and testing. This post is cross-posted on SIXGEN's blog.