Last Week in Security (LWiS) - 2022-05-16

Last Week in Security is a summary of the interesting cybersecurity news, techniques, tools and exploits from the previous 2 weeks. This post covers 2022-05-02 to 2022-05-16.

News

Techniques and Write-ups

Tools and Exploits

  • ELFLoader. Be sure to read the blog post.
  • hakoriginfinder is a tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs.
  • SpoolTrigger - Weaponizing for privileged file writes bugs with windows problem reporting
  • XLL_Phishing - XLL Phishing Tradecraft
  • mitmproxy2swagger - Automagically reverse-engineer REST APIs via capturing traffic
  • uru is a payload generation tool that enables you to create payload based on a configuration file.
  • pyldapsearch - Tool for issuing manual LDAP queries which offers bofhound compatible output

New to Me

This section is for news, techniques, write-ups, tools, and off-topic items that weren't released last week but are new to me. Perhaps you missed them too!

Techniques, tools, and exploits linked in this post are not reviewed for quality or safety. Do your own research and testing. This post is cross-posted on SIXGEN's blog.