Last Week in Security (LWiS) - 2023-01-30

HIVE takedown, Yandex leak, modern SEH hijacking (@BillDemirkapi), extending PersistAssist (@Gr1mmie ), Docmosis Tornado horror show (@frycos), RODC to DA (@elad_shamir), rendering Chrome to a terminal, and more!

Last Week in Security is a summary of the interesting cybersecurity news, techniques, tools and exploits from the past week. This post covers 2023-01-23 to 2023-01-30.

News

Techniques and Write-ups

Tools and Exploits

  • gato GitHub Self-Hosted Runner Enumeration and Attack Tool. More information in this post.
  • starhound-importer - Import data from SharpHound and AzureHound using CLI instead of GUI BloodHound using "BloodHound's code". Detail here.
  • azbelt - AAD related enumeration in Nim.

New to Me and Miscellaneous

This section is for news, techniques, write-ups, tools, and off-topic items that weren't released last week but are new to me. Perhaps you missed them too!

Techniques, tools, and exploits linked in this post are not reviewed for quality or safety. Do your own research and testing. This post is cross-posted on SIXGEN's blog.