Frequent verification codes may appear for non-Mainland China IP visits. If visitors are severely affected, please send [IP|ASN](|AS14618) to the bottom mailbox to add to the whitelist


2023-02-07 12:59   Last Week in Security (LWiS) - 2023-02-06    #Bad Sector Labs Blog #安全文章 Pre-Auth RCE (@infosec_au + @TheGrandPew), IP phone pwnage (Dylan Pindur), GoAnywhere RCE (@frycos), Toyota supplier network hack (@XeEaton), PipeViewer (@g3rzi), reverse socks5 (@aceb0nd), certsync, and more!

2023-01-31 12:59   Last Week in Security (LWiS) - 2023-01-30    #Bad Sector Labs Blog #安全文章 HIVE takedown, Yandex leak, modern SEH hijacking (@BillDemirkapi), extending PersistAssist (@Gr1mmie ), Docmosis Tornado horror show (@frycos), RODC to DA (@elad_shamir), rendering Chrome to a terminal, and more!

2023-01-24 12:59   Last Week in Security (LWiS) - 2023-01-23    #Bad Sector Labs Blog #安全文章 No Fly List leak (@_nyancrimew), LogSlash (@4A4133), Okta issues (@varonis), ARM bug pwns Pixel (@mmolgtm), golddigger (@ustayready), APCLdr (@NUL0x4C), build your own SANS760 (@Void_Sec), SOCKS4a shellcode, and more!

2023-01-17 07:25   Last Week in Security (LWiS) - 2023-01-16    #Bad Sector Labs Blog #安全文章 SCCM relay to takeover (@_Mayyhem), LAPS 101 (@mega_spl0it), Sliver vs Havoc (@Naw), Defender LPE (@pixiepointsec), CircleCI post mortem, ASRmageddon, and more!

2023-01-10 12:59   Last Week in Security (LWiS) - 2023-01-09    #Bad Sector Labs Blog #安全文章 Korea's browser-ex problem (@WPalant), Prox-Ez (@b1two_ + @YofBalibump), car hacks (@samwcyo), Azure privesc (@_wald0), tons of direct syscall techniques, and more!

2023-01-03 11:35   Last Week in Security (LWiS) - 2023-01-02    #Bad Sector Labs Blog #安全文章 x64dbg scripts and plugins (@_n1ghtw0lf), ShellcodeMutator (@m0rv4i), Dirty-Vanity (@eliran_nissan), Windows Kernel dev 101 (@V3ded), detailed Chrome exploitation (@jack_halon), PassTheChallenge (@ly4k_) and more!

2022-12-13 12:59   Last Week in Security (LWiS) - 2022-12-12    #Bad Sector Labs Blog #安全文章 Apple data privacy, ChatGPT vs bug bounty, Syscall Hooks in Windows (@Denis_Skvortcov), SMSgate, Standalone Managed Service Accounts (@simondotsh), StealthHook (@x86matthew), and more!

2022-12-06 12:59   Last Week in Security (LWiS) - 2022-12-05    #Bad Sector Labs Blog #安全文章 ChatGPT (@OpenAI), Huawei hypervisor research (@lyte__ + @NeatMonster_), Tailscale DNS rebiding attacks (@JJJollyjim), Using CodeQL to find RCE (@frycos), PPLcontrol (@itm4n), and more!

2022-11-29 12:59   Last Week in Security (LWiS) - 2022-11-28    #Bad Sector Labs Blog #安全文章 AWS AppSync exploit (@Frichette_n), F5 unauth RCE, Meta's new VCS, Chrome exploitation (@jack_halon), Kerberoasting customization (@Ben0xA), macOS sandbox escape (@_r3ggi), and more!

2022-11-15 12:59   Last Week in Security (LWiS) - 2022-11-14    #Bad Sector Labs Blog #安全文章 ROADtools Token eXchange (@_dirkjan), Certified pre-owned followup (@harmj0y + @tifkin_), AAD Privileged Access (@0xcsandker), FindEmptySystem (@christruncer), TelemetrySource (@jsecurity101), and more!

2022-11-09 12:58   Last Week in Security (LWiS) - 2022-11-08    #Bad Sector Labs Blog #安全文章 I'm a day late - sorry!

2022-11-01 11:59   Last Week in Security (LWiS) - 2022-10-31    #Bad Sector Labs Blog #安全文章 ? Spooky (forthcoming) OpenSSL 3 critical vuln, RC4 fun (@tiraniddo), Autodial DLL techniques (@TheXC3LL), token leak abuse via webshell (@_Kudaes_), Open-Obfuscator (@rh0main), more exchange pwnage from ? (@orange_8361), and more!

2022-10-25 05:13   Last Week in Security (LWiS) - 2022-10-24    #Bad Sector Labs Blog #安全文章 Untangling Azure Permissions (@0xcsandker), V8 and JS internals of Chrome (@jack_halon), MS Office Online Server RCE chain (@IndiShell1046), ManageEngine Decryptor (@W9HAX), SharedMemUtils (@x86matthew), and more!

2022-10-18 10:20   Last Week in Security (LWiS) - 2022-10-17    #Bad Sector Labs Blog #安全文章 Cobalt Strike RCE (@0x09AL + @FuzzySec), Docker Compose for red teams (@BuckinghamEzra), portable malware (@CaptMeelo), free root servers (@hackerschoice), LastPass tricks (@rbmaslen), practical attacks against NTLMv1 (@n00py1), and more!

2022-10-11 11:45   Last Week in Security (LWiS) - 2022-10-10    #Bad Sector Labs Blog #安全文章 Intel Alder Lake src leak (@vxunderground ), PHP payloads in PNGs (@ROLANDQuentin2), Zimbra RCE via email, macOS Gatekeeper bypass (@JamfSoftware), ShadowSpray (@dec0ne), and more!