Last Week in Security (LWiS) - 2024-02-26

ConnectWise Vulnerabilities, open buckets (@pfiatde), SCCM takeover (@garrfoster), cloud to on-prem pivot (@chiragsavla94), WMI persistence (@Gr1mmie), and more!

Last Week in Security is a summary of the interesting cybersecurity news, techniques, tools and exploits from the past week. This post covers 2024-02-19 to 2024-02-26.

News

Techniques and Write-ups

Tools and Exploits

New to Me and Miscellaneous

This section is for news, techniques, write-ups, tools, and off-topic items that weren't released last week but are new to me. Perhaps you missed them too!

  • SploitScan - is a sophisticated cybersecurity utility designed to provide detailed information on vulnerabilities and associated proof-of-concept (PoC) exploits.
  • greenmask - PostgreSQL dump and obfuscation tool.
  • wddbfs - Mount a sqlite database as a filesystem.
  • ADeleg - Active Directory delegation management tool
  • Projected File System - Solid write up on the ProjFS provider which provides various types of data to access with I/O APIs.
  • 365Inspect - A PowerShell script that automates the security assessment of Microsoft Office 365 environments.
  • go-secdump - Tool to remotely dump secrets from the Windows registry
  • SmuggleFuzz - A customizable and rapid HTTP downgrade smuggling scanner written in Go.
  • AzureAssess - "...gain a comprehensive understanding of your Azure resources and their security configurations."
  • Subdominator - "The Internets #1 Subdomain Takeover Tool"

Techniques, tools, and exploits linked in this post are not reviewed for quality or safety. Do your own research and testing.