Last Week in Security (LWiS) - 2024-04-16
Dev tunnels for C2 (@RedSiege), UAF Windows LPE (@KeyZ3r0), SCCM enum script (@_Mayyhem), ETW patching (@jsecurity101), and more!
Dev tunnels for C2 (@RedSiege), UAF Windows LPE (@KeyZ3r0), SCCM enum script (@_Mayyhem), ETW patching (@jsecurity101), and more!
Evilginx + GoPhish (@mrgretzky), Ghostwriter updates (@cmaddalena), Intune EPM privesc (@synzack21 + team) 🎣 page bot defense (@fin3ss3g0d), and more!
XZ backdoor (@fr0gger_ + @amlweems), best LPE since DirtyCOW (@notselwyn), SCCM pwnage (@AndrewOliveau + @__Mastadon), kernel fuzzing (@R00tkitSMM), and more!
CI/CD attacks (@bishopfox), IdP pwnage (@_xpn_), on-prem exchange attacks (@Jonas_B_K), Windows privesc (@p1k4l4), SCCM in GOAD (@M4yFly), and more!
Windows patch diffing (@clearbluejar), FileCatalyst RCE (@Nettitude_Labs), Windows/Frida course (@FuzzySec), Tor WebTunnel bridges (@torproject, Pixel 7/8 Pro exploit (@_simo36), and more!
Midnight Blizzard vs Microsoft, Fuzzer dev (@h0mbre_), Browserless Entra flow (@_wald0), SCCM one-stop-shop (@subat0mik + @_Mayyhem + @garrfoster), and more!
macOS LPE (@patch1t), Ivanti backdoors (@NVISO_Labs), ESC14 (@Jonas_B_K), token theft (@rootsecdev), LSASS dumping (@Octoberfest73), and more!
ConnectWise Vulnerabilities, open buckets (@pfiatde), SCCM takeover (@garrfoster), cloud to on-prem pivot (@chiragsavla94), WMI persistence (@Gr1mmie), and more!
ESC13 (@Jonas_B_K), Sandboxing syscalls (@h0mbre_), Cross Window Forgery (@PaulosYibelo), new Windows callback method (@daaximus), dangerous EntraID role (@_wald0), github-secrets (Tobias Madl of @Neodyme), and more!
LDAP tradecraft (@domchell), CreateRemoteThread saftey (@m417z), Lab automation (@W9HAX), LoFP (@br0k3ns0und), and more!