Last Week in Security (LWiS) - 2025-03-24
Next.js auth bypass (@zhero___ + @inzo____), ServiceNow for red teamers (@__invictus_), Veeam RCE - again! (@chudyPB), ArgFuscator (@Wietze), and more!
Next.js auth bypass (@zhero___ + @inzo____), ServiceNow for red teamers (@__invictus_), Veeam RCE - again! (@chudyPB), ArgFuscator (@Wietze), and more!
Evilginx Pro (@mrgretzky), Pre-auth RCE in a CMS (@chudyPB), GOAD ADCS (@M4yFly), YouTube email disclosure (@brutecat), SAML parser bug (@ulldma.bsky.social/@ulldma@infosec.exchange), and more!
Detection Studio (@sifex), SCCM discovery account decryption (@unsigned_sh0rt), FindProcessesWithNamedPipes (@podalirius_), Windows LPE (@MrAle_98), and more!
Ligolo-MP (@ttpreport), Bybit hack via CI (@adnanthekhan), FindGPPPasswords (@podalirius_), ComDotNetExploit (@T3nb3w), and more!
ADIDNS Parser (@the_bit_diddler), Parallels LPE (@patch1t), PowerChell (@itm4n), SACL Scanner (Alexander DeMine of @SpecterOps), and more!
PAN-OS auth bypass (@hash_kitten), Outlook drafts as C2 (@elasticseclabs), Ludus powered SocGholish analysis (@RussianPanda9xx), kernel UAF (@h0mbre_), and more!
Mythic C#/BOF support (@its_a_feature_), Ludus guide (@sherif_ninja), Window shadow stacks (@33y0re), Orbit scanner (@BHinfoSecurity), and more!
0-click deanonymization (@hackermondev), Subaru hacks (@samwcyo + @infosec_au), 🍪 sandwitch (@d4d89704243), Entra Connect attacks (@hotnops), Kerberos relaying via HTTP (@croco_byte), and more!
Windows LPE (@MrAle_98), CLR OPSEC (@passthehashbrwn), WinRM BOFs (@falconforceteam), Bitlocker bypass (@Neodyme), BloodHound CLI (@cmaddalena), and more!
A Windows Rootkit (@colehouston44), unholy PDFs (@thomasrinsma), more Ivanti RCE (@SinSinology), macOS exploits (@patch1t + @MsftSecIntel + @wh1te4ever), and more!