Last Week in Security (LWiS) - 2022-02-28
Stealing GitHub secrets (@not_an_aardvark), TeamsImplant (@allevon412), Nimcrypt2 (@icyguider), VMware RCEs (@elk0kc), LdapSignCheck (@cube0x0), yaradbg.dev (@DissectMalware), and more!
Showing only posts tagged Exploits. Show all posts.
Last Week in Security (LWiS) - 2022-02-22
VMware RCEs (@__mn1__ and @elk0kc), un-redacting text (@2600AltF4), undetectible AirTags (@positive_sec), Kerberos relaying via DNS (@_dirkjan), tmp.Out volume 2 (@tmpout), tclsh macOS dylib loading (@_D00mfist), Athena agent (@checkymander), and more!
Last Week in Security (LWiS) - 2022-02-14
Prevent IP takeover (@infosec_au), Windows LPE via handles (@last0x00), Exception Oriented Programming (@BillDemirkapi and @x86matthew), Bloodhound 4.1 (@_wald0), object overloading (@_xpn_), arb file write on DCs (@Junior_Baines), KrbRelay (@cube0x0), and more!
Last Week in Security (LWiS) - 2022-02-07
EXE in LNK embeds (@x86matthew), LinkedIn Slink phishers (@briankrebs), Apollo 2.0 (@djhohnstein), modern relaying (@Jean_Maes_1994), exfil with Power Automate (@varonis), sandboxing defender (@GabrielLandau), SysWhispers rundown (@KlezVirus), and more!
Last Week in Security (LWiS) - 2022-01-31
pkexec Linux LPE (@jogibharat), .NET remoting (@codewhitesec), usernames from CUCM (@n00py1), Notepad++ persistence (@_RastaMouse), Mythic update (@its_a_feature_), modern password spraying (@SprocketSec), and more!
Last Week in Security (LWiS) - 2022-01-25
PrinterLogic RCEs (@TheParanoids), Java app analysis (@infosec_au), DCSync from Linux (@n00py1), timed race conditions (@itscachemoney), ManageEngine auth bypass (@sourceincite), Windows driver RE methods (@Void_Sec), Sliver 1.5 with BOF support (@LittleJoeTables), and more!
Last Week in Security (LWiS) - 2022-01-18
CI/CD pipeline war stories (@0xZon1 + others), Serv-U exploit writing (Carl Livitt of @bishopfox), Safari IndexedDB leak (@FingerprintJS), RDP services vuln (@sztejnworcel), a very slick loader (@cerbersec), and more!
Last Week in Security (LWiS) - 2022-01-10
More JDNI to RCE (@jfrog), parallel loader (@peterwintrsmith and @cube0x0), MS signed phishing docs (@ptrpieter and @_DaWouw), IP-takeover vulns (@sebsalla), driver loading BOF dev (@cerbersec), and more!
Last Week in Security (LWiS) - 2022-01-03
New RE training (@ZeroPeril), macOS Gatekeeper bypass (@ethicalhax + @patrickwardle), remote PS (@dazzyddos), LastPass breach? (@WPalant), Log4j to pwn Unifi (@sprocket_ed), O365 file spoof for phishing (@mrd0x), and more!
Last Week in Security (LWiS) - 2021-12-20
Explaining the 0click iOS exploit (@i41nbeer and @5aelo), new loader (@zux0x3a), first look at Nighthawk C2 (@peterwintrsmith and @modexpblog), new injection technique (@netero_1010), OST documentation (@_nwodtuhs), and more!
« newer articles | page 13 | older articles »