HAQ.NEWS

Hey! The other day I gave my good friend HackerFantastic call. We chatted a bit about his family and he also dropped a sweet war story. You should give it a listen!    ps don't forget my daughter & I created a fun challenge where you can win a laptop. details ->  

HAQ.NEWS

A cybersecurity researcher, k0shl, discussed methods for exploiting a Windows telephony service issue, which could control memory wrongly. A malware called Nitrogen tricks users into downloading fake apps leading to ransomware but can be prevented with various strategies. On Reddit, there’s talk about the dangers of batch files in Windows due to argument escaping issues. The C2 Cloud project lets testers control compromised systems efficiently. A Proof of Concept showed a flaw in Jasmin Ransomware’s web panel, allowing unauthorized file access. Carlos Polop’s guide covers penetration...

HAQ.NEWS

A cybersecurity researcher shares techniques for crafting XSS payloads through JavaScript event handlers and HTML entities to bypass WAFs. The SiCat tool hunts for security exploits using sources including databases like Exploit-DB. There’s a case study of a hacked Confluence server outlining the intruder’s steps, utilizing Unix logs and SSH brute force tactics. Shortemall automates finding content behind Short URLs, while Damn Vulnerable RESTaurant exists for training on API vulnerabilities. Techniques for XSS attacks by modifying code to evade filters are discussed. OSINT helps in...

HAQ.NEWS

In this recent rundown CloudGrappler, a tool for finding threat data in cloud AWS/Azure, and GMER, which detects rootkits in Windows kernel, are highlighted for their importance in cyber security. A blog talking about Cobalt Strike, mentioning how its post-exploit toolkit can use the Community Kit’s scripts for updates.

HAQ.NEWS

A Proof of Concept for CVE-2024-3273 shows how to hack into D-Link NAS devices, GDBFuzz improves testing for gadgets and stuff, and Genzai helps find weak spots in IoT things by checking out their dashboards and passwords. The ’nexus’ plugin for IP.Board had a bad security problem but got fixed, and now there’s another tool to break into those D-Link NAS devices using the CVE-2024-3273 weakness. Looking at JumpServer, there’s a couple of CVEs, CVE-2024-29201 and CVE-2024-29202, and you gotta update some things to stop hackers. ADOKit helps test Azure stuff, and DeWatermark.AI takes off...

HAQ.NEWS

A cybersecurty hobbyist showed how to use vm2 JavaScript sandbox vulnerabilities to get into a Linux server, find a hash, and root access in a HackTheBox Codify challenge. Web cache issues, which can leak info, need careful monitoring; techniques like underscores in headers and fuzzing help prevent these attacks. The OSTE-Web-Log-Analyzer is a tool in Python for analyzing web logs to spot web attacks. C2 Cloud makes pentesting simpler with its web interface for handling backdoor sessions. To get Wi-Fi passwords from Windows after a breach, you need admin rights or the user’s context, and...

HAQ.NEWS

Today, AttackGen is a cybersecurity tool for creating scenarios to test incident responses. A blog recommends more secure Wi-Fi password practices. There’s a GitHub Ansible playbooks for fixing a vulnerability CVE-2024-3094. An article offers a comprehensive guide to phishing investigations using Microsoft tools. White Knight Labs’ GitHub focuses on cyber operations tools. Cofense specializes in cyber threat training and detection. Rundll32.exe exploitation is tackled by Cybereason’s AI platform per another article. Bsides Cymru 2023 introduced a method for process injection without...

HAQ.NEWS

In a recent post, Incinerator was introduced as a tool for reversing engineering Android malware and for security audits on apps. Discussions on r/netsec highlighted "Gram", a web application for threat modeling that works alongside system inventories. Chiasmodon came up as a CLI OSINT tool helping hackers gather info on domains and expanding with features like facial recognition. Readers also learned about alternatives to Netcat like Rlwrap, Rustcat, Pwncat, and Windows ConPty shell for secure connections in penetration testing. Lastly, Tunnelmole was mentioned for safely sharing local...

HAQ.NEWS

Techniques for stealing AD CS certificates include exporting and bypassing restrictions using tools like Mimikatz. DLL Proxy Loading is a method where an attacker substitutes a legitimate DLL with a fake one to execute malicious code. Secator is a tool that automates security assessments by integrating multiple security commands. ST Smart Things Sentinel is for IoT security, scanning for vulnerabilities and adding devices to a network for monitoring. Portr is an open-source tool for secure SSH tunneling. A privilege escalation bug in Microsoft Intune has been patched by Microsoft....

HAQ.NEWS

VolWeb helps investigators extract data from memory images, simplifies forensics. LDAP Watchdog monitor changes in LDAP entries, slacks alerts, skips some attributes. CVE-2024-3094, a cybersecurity flaw, learned to detect xz backdoor, updating systems to keep safe. NetScout is a tool for OSINT to dig into URL-related data. Sophisticated UNAPIMON malware evades detection, suggesting better security steps. Root access on macOS gain by filesystem mount tweak now patched. OCEANMAP backdoor used by APT28, allows remote manipulation. Generate Cobalt Strike beacons on Linux with CrossC2....