Wormable account takeover via GIF in MS Teams by @CyberArk, asynchronous password spraying in C# by @ustayready, NTLM relay improvements from @SecureAuth, Chrome extension hacking and defense by @IAmMandatory, and more!
iOS and Android remote RCEs, owning centrally managed Firefox by @jfmeee, a great series on malware development from @0xPat, @sirus turn a GPU into a radio to steal data, and a few Windows LPEs for good measure.
A new hardware hacking device from @zhovner, building an adversary simulation lab with @_xpn_, an ADIDNS tunneling technique from @elad_shamir, LLVM obfuscation by @polarply, and tons of new tools!
"Anonymous" COVID-19 contract tracing, abusing system errors for binary obfuscation, a self-paced crypto CTF, the weekly windows privesc, and more!
A pile of Zoom issues, expanded ATT&CK matrix, DeskPro RCE, a journey into Safari for unauthorized camera access, the weekly Windows LPE, and more!
Hacktivist Bug Bounty payout, Wireguard releases 1.0, a C2 concealer tool for Cobalt Strike, a new Android runtime manipulation tool, and more!
VMWare exploits including a macOS privesc, XPC abuse in macOS, the first WiFi kr00k PoC, and many great new tools like Invoke-SharpLoader in this week's Last Week in Security.
Covid-19 as a lure, using OSINT to find John McAfee (again), another wormable SMB vulnerability (think WannaCry), and tons of new tools!
Android on an iPhone 7, an Intel Boot ROM exploit, a no-interaction wireless kernel memory access iOS 13 exploit, a Slack keylogger that itself has a SQLi, and more!
Last Week in Security is a summary of the interesting cybersecurity news, techniques, tools and exploits from the previous week. This post covers 2020-02-24 to 2020-03-02.