Last Week in Security (LWiS) - 2023-05-09

Windows DHCPv6 RCE (@thezdi), hashcat rule process (, 🐍 FSB implant (@NSACyber), x64dbg XFG plugin (@m417z), (@Tyl0us), and more!

Last Week in Security is a summary of the interesting cybersecurity news, techniques, tools and exploits from the past week. This post covers 2023-05-01 to 2023-05-09.


Techniques and Write-ups

Tools and Exploits

  • sccmhunter is a post-ex tool built to streamline identifying, profiling, and attacking SCCM related assets in an Active Directory domain. The basic function of the tool is to query LDAP with the find module for potential SCCM related assets.
  • exec2shell - Extracts TEXT section of a PE, ELF, or Mach-O executable to shellcode.
  • chophound - Some scripts to support with importing large datasets into BloodHound.
  • HASH - HASH (HTTP Agnostic Software Honeypot).
  • cloudtoolkit - Cloud Penetration Testing Toolkit.
  • CVE-2023-0386 - Privilege escalation exploit for Ubuntu 22.04.
  • PECheck - A tool to verify and create PE Checksums for Portable Executable (PE) files.
  • CustomEntryPoint - Select any exported function in a dll as the new dll's entry point.
  • resocks - mTLS-Encrypted Back-Connect SOCKS5 Proxy.
  • stealthscraper - A social media scraper that attempts to be stealthy by simulating a user using gui automation.
  • - is a payload toolkit for bypassing EDRs using suspended processes, direct syscalls written in RUST.

New to Me and Miscellaneous

This section is for news, techniques, write-ups, tools, and off-topic items that weren't released last week but are new to me. Perhaps you missed them too!

Techniques, tools, and exploits linked in this post are not reviewed for quality or safety. Do your own research and testing. This post is cross-posted on SIXGEN's blog.