Last Week in Security (LWiS) - 2025-05-05
ProxyBlobing (@_atsika), SonicWall n-days (@SinSinology), Drag and Pwnd (@d4d89704243), Loki C2 2.0 (@0xBoku), GraphSpy 1.5.0 (@RedByte1337), and more!
ProxyBlobing (@_atsika), SonicWall n-days (@SinSinology), Drag and Pwnd (@d4d89704243), Loki C2 2.0 (@0xBoku), GraphSpy 1.5.0 (@RedByte1337), and more!
TTTracer unmasks sleep obfs (@felixm_pw), GitHub spoofing (@pfiatde), Synology RCE (@ret2systems), netify scraper (@Jhaddix), and more!
CVE drama (@MITREcorp), Control Flow Hijacking w/Data Pointers (@0xLegacyy), Copilot in notepad (@zux0x3a), .NET AOT in Ghidra (@washi_dev), CSWSH in 2025 (@IncludeSecurity), 300ms to Admin (@compasssecurity), and more!
WinRMS relay (@Defte_), plaintext Zip attacks (@pfiatde), SQL Server Crypto deep dive (@_xpn_), FindUnusualSessions (@podalirius_), and more!
2 weeks worth of news, techniques, tools and exploits!
Next.js auth bypass (@zhero___ + @inzo____), ServiceNow for red teamers (@__invictus_), Veeam RCE - again! (@chudyPB), ArgFuscator (@Wietze), and more!
Evilginx Pro (@mrgretzky), Pre-auth RCE in a CMS (@chudyPB), GOAD ADCS (@M4yFly), YouTube email disclosure (@brutecat), SAML parser bug (@ulldma.bsky.social/@ulldma@infosec.exchange), and more!
Detection Studio (@sifex), SCCM discovery account decryption (@unsigned_sh0rt), FindProcessesWithNamedPipes (@podalirius_), Windows LPE (@MrAle_98), and more!
Ligolo-MP (@ttpreport), Bybit hack via CI (@adnanthekhan), FindGPPPasswords (@podalirius_), ComDotNetExploit (@T3nb3w), and more!
ADIDNS Parser (@the_bit_diddler), Parallels LPE (@patch1t), PowerChell (@itm4n), SACL Scanner (Alexander DeMine of @SpecterOps), and more!