Last Week in Security (LWiS) - 2023-04-17

PDF RCE (@sigabrt9), more PersistAssist (@FortyNorthSec), 5x SMM vulns (@uffeux), PRTG XSS 0day (@SkylightCyber), and more!

Last Week in Security is a summary of the interesting cybersecurity news, techniques, tools and exploits from the past week. This post covers 2023-04-10 to 2023-04-17.

News

Techniques and Write-ups

Tools and Exploits

  • PatchlessCLRLoader - .NET assembly loader with patchless AMSI and ETW bypass. Also comes in BOF form: PatchlessInlineExecute-Assembly.
  • KillerVuln2 - Files for PoC of vulnerability in Intel Killer Performance Suite
  • PowerShell-Obfuscation-Bible - A collection of techniques, examples and a little bit of theory for manually obfuscating PowerShell scripts to achieve AV evasion, compiled for educational purposes. The contents of this repository are the result of personal research, including reading materials online and conducting trial-and-error attempts in labs and pentests.
  • 2D-Injector - Hiding unsigned DLL inside a signed DLL.

New to Me and Miscellaneous

This section is for news, techniques, write-ups, tools, and off-topic items that weren't released last week but are new to me. Perhaps you missed them too!

  • scriptkiddi3 - Streamline your recon and vulnerability detection process with SCRIPTKIDDI3, A recon and initial vulnerability detection tool built using shell script and open source tools.
  • BackupOperatorToolkit - contains different techniques allowing you to escalate from Backup Operator to Domain Admin
  • homebox - Homebox is the inventory and organization system built for the Home User.

Techniques, tools, and exploits linked in this post are not reviewed for quality or safety. Do your own research and testing. This post is cross-posted on SIXGEN's blog.