Last Week in Security (LWiS) - 2023-05-01

ML packer classification (@accidentalrebel), DLL unlinking (@christophetd@infosec.exchange), Apache Superset and Papercut RCEs (@Horizon3Attack), SushiSwap hack (@Dooflin5), macOS LPE (@patch1t), macros in 2023 (@ptrpieter), nanodump update (@s4ntiago_p), and more!

Last Week in Security is a summary of the interesting cybersecurity news, techniques, tools and exploits from the past week. This post covers 2023-04-17 to 2023-05-01.

News

Techniques and Write-ups

Tools and Exploits

  • Introducing BloodHound 4.3 — Get Global Admin More Often. More Azure and MS Graph features!
  • ScareCrow. Not a new tool but a big update to the payload creation framework for v5.0.
  • nanodump - Not new, but the recent updates allows for PPL dumping!
  • DCVC2 - A Golang Discord C2 unlike any other. DCVC2 uses RTP packets over a voice channel to transmit all data leaving no operational traces in text chats.
  • maskcat - Utility tool for Hashcat Masks and Password Cracking.
  • mac-monitor - Red Canary Mac Monitor is an advanced, stand-alone system monitoring tool tailor-made for macOS security research. Beginning with Endpoint Security (ES), it collects and enriches system events, displaying them graphically, with an expansive feature set designed to reduce noise.

New to Me and Miscellaneous

This section is for news, techniques, write-ups, tools, and off-topic items that weren't released last week but are new to me. Perhaps you missed them too!

  • highlight - highlight.io: The open source, full-stack monitoring platform. Error monitoring, session replay, logging and more. I haven't seen a self-hostable web session recording system before highlight.
  • KeePwn - A python tool to automate KeePass discovery and secret extraction.
  • Maintaining this site fucking sucks. This guy needs my blog CI/CD pipeline. When I finish a blog post it's one command to publish it and set up the env for next week. Maybe, just maybe, you don't need all that javascript (hint: there isn't a single line of functional javascript on this site).

Techniques, tools, and exploits linked in this post are not reviewed for quality or safety. Do your own research and testing. This post is cross-posted on SIXGEN's blog.