Last Week in Security (LWiS) - 2025-10-06
WriteAccountRestrictions fun (@unsigned_sh0rt), RCE in Dell UnityVSA (@SinSinology), Unity Runtime exploit (@ryotkak), Lenovo DCC LPE (@0x4d5aC), remote control over generators (@XeEaton), and more!
WriteAccountRestrictions fun (@unsigned_sh0rt), RCE in Dell UnityVSA (@SinSinology), Unity Runtime exploit (@ryotkak), Lenovo DCC LPE (@0x4d5aC), remote control over generators (@XeEaton), and more!
OmniProx (@ZephrFish), Phantom Chrome Extensions (Riadh Bouchahoua (@Synacktiv)), FIDO phishing (@dennis_kniep), VMWare Tools LPE (@0xThiebaut), MSI lateral movement (@werdhaihai), and more!
Getting Global Admin in every Entra tenant (@_dirkjan), WebSocket Turbo Intruder (@zakfedotkin), PureRAT analysis (@Tera0017), direct syscalls in Zig (@zux0x3a), and more!
FreeBPX RCE (@chudyPB), badpie (@dtmsecurity), macOS auditd malloc woes (@jfmeee), Spotlight TCC leak (@patrickwardle), WSUS relaying (@Coontzy1), pyLDAPGui (@ZephrFish), and more!
Metamorphic compilation (@tijme), Windows Secure Calls (@33y0re), macOS race condition exploit (@patch1t), NTLM relaying (@elad_shamir), iOS zero-click RE (@quarkslab), and more!
Azure AD via weak ACLS (@xybytes), HTTP stealth proxy (@IAmMandatory), Dll sideloading for initial access (@Print3M_), kernel-hack-drill (@a13xp0p0v), Sitecore RCE (@chudyPB), and more!
WebClient deep dive (@0xthirteen), 2x RCE chains in Commvault (@chudyPB), how to rob a hotel (@dmcxblue), MSI patch/protocol handler RCE (@johnnyspandex), self-relaying (@_logangoins), and more!
DEF CON releases, PDQ SmartDeploy creds (@unsigned_sh0rt), FortiSIEM root command injection (@SinSinology), a cat themed loader (@vxunderground), fine-tune LLMs for offsec (@kyleavery_), juicing NTDS.DIT (@MGrafnetter), and more!
AEM RCE (@infosec_au), Intune cert abuse (@_dirkjan), Entra tradecraft (@hotnops), LLMs for R&D (@kyleavery_), File System API research (@Print3M_), and more!
VMware Tools LPE (@justbronzebee), Adaptix C2 0.7 (@hacker_ralf), Ludus MCP (@__Mastadon), SOAP(y) (@_logangoins), and more!