Last Week in Security (LWiS) - 2023-08-07

Epic rewards point hack (@samwcyo), blinding auditd (@qtc_de), attacking an EDR (@dottor_morte), expect scripting (@cedowens), and more!

Last Week in Security is a summary of the interesting cybersecurity news, techniques, tools and exploits from the past week. This post covers 2023-07-31 to 2023-08-07.

News

Techniques and Write-ups

Tools and Exploits

  • daphne - Proof-of-Concept to evade auditd by tampering via ptrace.
  • apollon - Proof-of-Concept to evade auditd by writing /proc/PID/mem.
  • web-check - 🌐 All-in-one OSINT tool for analyzing any website.
  • grove - A Software as a Service (SaaS) log collection framework from Hashicorp.
  • EmailFlare - Send emails from your domain through Cloudflare for free. Self host on your account.
  • ACCD - Active C&C Detector. Includes a deck on how it works.
  • RogueSliver - A suite of tools to disrupt campaigns using the Sliver C2 framework.

New to Me and Miscellaneous

This section is for news, techniques, write-ups, tools, and off-topic items that weren't released last week but are new to me. Perhaps you missed them too!

Techniques, tools, and exploits linked in this post are not reviewed for quality or safety. Do your own research and testing. This post is cross-posted on SIXGEN's blog.