Last Week in Security (LWiS) - 2022-06-06

Confluence RCE, Open Redirect -> RCE (@ByQwert), U-Boot vulns (@NCCGroupInfosec), Azure Managed Identity attacks (@_wald0), Deep Learning password extraction (@harmj0y), LSASS cryptography (@SkelSec), and more!

Last Week in Security is a summary of the interesting cybersecurity news, techniques, tools and exploits from the past week. This post covers 2022-05-30 to 2022-06-06.

News

Techniques and Write-ups

Tools and Exploits

  • COM-Hunter - COM Hijacking voodoo.
  • VoightKampff - Beating Google ReCaptcha and the funCaptcha using AWS Rekognition.
  • Nidhogg Nidhogg is an all-in-one simple to use rootkit for red teams.

New to Me and Miscellaneous

This section is for news, techniques, write-ups, tools, and off-topic items that weren't released last week but are new to me. Perhaps you missed them too!

Techniques, tools, and exploits linked in this post are not reviewed for quality or safety. Do your own research and testing. This post is cross-posted on SIXGEN's blog.