Last Week in Security (LWiS) - 2022-04-18

.NET execution with docx (@danonit), AV evasion masterclass (@_vivami), Phisher's errors (@Marco_Ramilli), global injection and hooking (@m417z), custom transport protocols in Burp(@pentagridsec), advanced fuzzing (@kasifdekel), coercing NTLM authentication from SCCM (@_Mayyhem), xss iframe traps (@hoodoer), patchless AMSI bypass (@_EthicalChaos_), and more!

Last Week in Security is a summary of the interesting cybersecurity news, techniques, tools and exploits from the previous week. This post covers 2022-04-11 to 2022-04-18.


Techniques and Write-ups

Tools and Exploits

  • frostbyte is a POC project that combines different defense evasion techniques to build better redteam payloads.
  • msprobe is a tool for finding all things on-prem Microsoft products for password spraying and enumeration.
  • spooler-splenumforms-iov is a memory corruption vulnerability in windows spooler service that was patched on most recent Microsoft Patch Tuesday, 2022-04-12.
  • SharpWnfScan dumps Windows Notification Facility subscription information from process.
  • stunner is a tool to test and exploit STUN, TURN and TURN over TCP servers.

New to Me

This section is for news, techniques, write-ups, tools, and off-topic items that weren't released last week but are new to me. Perhaps you missed them too!

  • cdn-proxy is a tool that can be used by web app pentesters to create a copy of a targeted website with CDN and WAF restrictions disabled.
  • ADInspect is a PowerShell script that automates the security assessment of Microsoft Active Directory environments.
  • maat is an open-source symbolic execution framework. Bonus, the project's site uses m.css like this blog!
  • wpgarlic is a proof-of-concept WordPress plugin fuzzer.
  • ShadowClone - Unleash the power of cloud. Distribute your long running tasks dynamically across thousands of serverless functions and gives you the results within seconds where it would have taken hours to complete.
  • SSOh-No is a tool for user enumeration and password spraying tool for testing Azure AD.

Techniques, tools, and exploits linked in this post are not reviewed for quality or safety. Do your own research and testing. This post is cross-posted on SIXGEN's blog.