Jan 30 2024 Last Week in Security (LWiS) - 2024-01-30

Fastly to block domain fronting 🔜, EDR bypass via VEH (@VirtualAllocEx), BOFHound enhancements (@Tw1sm), Frameless BITB (@waelmas01), Asus ndays (@suidpit + @Th3Zer0), and more!

Jan 23 2024 Last Week in Security (LWiS) - 2024-01-23

Microsoft hacked, GraphStrike (@Octoberfest73), GPO based LPEs (@decoder_it), AwaitFuscator (@washi_dev), ProxyHelper2 (@hoodoer), and more!

Jan 15 2024 Last Week in Security (LWiS) - 2024-01-15

SSPI in Python (@snovvcrash), executing shellcode from VBA (@TheXC3LL), Mirth Connect pre-auth RCE (@Horizon3Attack), Visual Studio LPE (@filip_dragovic), DLL injection LPE (@m417z), Android ARM64 reversing (@Dauntless), and more!

Jan 10 2024 Last Week in Security (LWiS) - 2024-01-10

QR phishing (@pfiatde), SOCKS as C2 via SSH on Windows (@n00py1), Google Account takeover with persistence (@e11i0t_), Bitwarden access without password (@RedTeamPT), and more!

Jan 01 2024 Last Week in Security (LWiS) - 2024-01-01

Ghidriff (@clearbluejar), Linux exploitation (@kevin_backhouse), win32 keylogger (@_ixty_), BLUFFS bluetooth exploit (@francozappa), sleep lexer and parser (@mcbroom_evan), ring0 from VBA (@0xDISREL), and more!

Dec 04 2023 Last Week in Security (LWiS) - 2023-12-04

O365 Phishing infra (@pfiatde), EvilSlackbot (@infosec_drewze), Sonos jailbreak (@alexjplaskett), DNS attacks (@timolongin), DNS rebinding attack (@_danielthatcher), and more!

Nov 29 2023 Last Week in Security (LWiS) - 2023-11-29

2x macOS TCC bypasses (@gergely_kalman), Okta 🥷 (@nickvangilder), pcap analysis helper (@bartavelle), Mythic and Merlin C2 updates (@its_a_feature_ + @Ne0nd0g) and more!

Nov 13 2023 Last Week in Security (LWiS) - 2023-11-13

Initial access and Bobber (@Flangvik), Slack 🍪 fun (@Tw1sm), attacking EDR (@dottor_morte), finding hard-coded secrets (@frycos), and more!

Nov 06 2023 Last Week in Security (LWiS) - 2023-11-06

In-line PE runner (@s4ntiago_p), Citrix Bleed (@assetnote ), Cisco IOS XE PoC (@JamesHorseman2), LDAP auth (@lowercase_drm), fuzzer fundamentals (@h0mbre_), and more!

Oct 24 2023 Last Week in Security (LWiS) - 2023-10-24

Windows LPE (@chompie1337), TPM Bitlocker deepdive (@itm4n@infosec.exchange), unhooking effects (@dazzyddos), CastGuard (@gsuberland@chaos.social), Apple OTA -> kernel hack (@patch1t), FalconHound (@olafhartong), GraphRunner (@dafthack), and more!