Search:

Last Week in Security (LWiS) - 2025-02-25

ADIDNS Parser (@the_bit_diddler), Parallels LPE (@patch1t), PowerChell (@itm4n), SACL Scanner (Alexander DeMine of @SpecterOps), and more!

Last Week in Security is a summary of the interesting cybersecurity news, techniques, tools and exploits from the past week. This post covers 2025-02-17 to 2025-02-25.

News

Techniques and Write-ups

Tools and Exploits

  • ADIDNS_Parser - Parser and reconciliation tooling for large Active Directory environments.
  • DitExplorer - Tool for viewing NTDS.dit. Read more: Exploring NTDS.dit – Part 1: Cracking the Surface with DIT Explorer.
  • CVE-2025-24016 - CVE-2025-24016: Wazuh Unsafe Deserialization Remote Code Execution (RCE).
  • SACL_Scanner - SACL Scanner is a tool designed to scan and analyze SACLs.
  • implant.js - Proof-of-concept modular implant platform leveraging v8.
  • msftrecon - MSFTRecon is a reconnaissance tool designed for red teamers and security professionals to map Microsoft 365 and Azure tenant infrastructure. It performs comprehensive enumeration without requiring authentication, helping identify potential security misconfigurations and attack vectors.
  • SignalKeyBOF - BOF to decrypt Signal Desktop chat logs.
  • SoaPy - SoaPy is a Proof of Concept (PoC) tool for conducting offensive interaction with Active Directory Web Services (ADWS) from Linux hosts.
  • keycred - Generate and Manage KeyCredentialLinks.
  • sonicrack - Decrypt encrypted SonicOSX firmware images.

New to Me and Miscellaneous

This section is for news, techniques, write-ups, tools, and off-topic items that weren't released last week but are new to me. Perhaps you missed them too!

  • susinternals - psexecsvc - a python implementation of PSExec's native service implementation.
  • Nuclei AI Prompts - "Enhance your security testing with AI-powered Nuclei prompts."
  • WhoYouCalling - Records an executable's network activity into a Full Packet Capture file (.pcap) and much more.

Techniques, tools, and exploits linked in this post are not reviewed for quality or safety. Do your own research and testing.