HAQ.NEWS
The HAQ.NEWS podcast is brought to you by Jared & Gracie Folkins. It is a daily blog post of information security [tradecraft] tooling news. It's grown into Gracie Folkins' helping her Dad by lending her voice and reading the [news] daily while Jared Folkins chats with Hackers of all type in the industry, via phone, and with permission he shares the recordings of their conversations. Head over to https://haq.news to learn more!
info_outline
2024-04-18 : Dial-Up : Matthew Hickey
04/18/2024
2024-04-18 : Dial-Up : Matthew Hickey
Hey! The other day I gave my good friend HackerFantastic call. We chatted a bit about his family and he also dropped a sweet war story. You should give it a listen! ps don't forget my daughter & I created a fun challenge where you can win a laptop. details ->
/episode/index/show/afce158d-6744-4986-a1d8-544dbf1c110d/id/30884633
info_outline
2024-04-11 : Daily : Gracie Folkins
04/12/2024
2024-04-11 : Daily : Gracie Folkins
A cybersecurity researcher, k0shl, discussed methods for exploiting a Windows telephony service issue, which could control memory wrongly. A malware called Nitrogen tricks users into downloading fake apps leading to ransomware but can be prevented with various strategies. On Reddit, there’s talk about the dangers of batch files in Windows due to argument escaping issues. The C2 Cloud project lets testers control compromised systems efficiently. A Proof of Concept showed a flaw in Jasmin Ransomware’s web panel, allowing unauthorized file access. Carlos Polop’s guide covers penetration testing extensively. Use Countik, an online tool, for analyzing TikTok accounts. An article guides on OSINT for map investigations. Shortemall v3.0, released on April 5, 2024, scans for hidden content in short URLs.
/episode/index/show/afce158d-6744-4986-a1d8-544dbf1c110d/id/30792948
info_outline
2024-04-10 : Daily : Gracie Folkins
04/11/2024
2024-04-10 : Daily : Gracie Folkins
A cybersecurity researcher shares techniques for crafting XSS payloads through JavaScript event handlers and HTML entities to bypass WAFs. The SiCat tool hunts for security exploits using sources including databases like Exploit-DB. There’s a case study of a hacked Confluence server outlining the intruder’s steps, utilizing Unix logs and SSH brute force tactics. Shortemall automates finding content behind Short URLs, while Damn Vulnerable RESTaurant exists for training on API vulnerabilities. Techniques for XSS attacks by modifying code to evade filters are discussed. OSINT helps in phishing scams prevention and probes. Linux by Vikku offers resources for bug bounty hunters. A SQL injection flaw in WordPress LayerSlider plugin is exposed with given detection tools. Tactics to set up rogue access points for Wi-Fi tests using Fluxion are shared. A study plan for AWS security mastery is outlined. Chimera is a PowerShell obfuscation tool to avoid AMSI and antivirus detection. A-poc/RedTeam-Tools repository features red team tools and tips. The personal security checklist advises on digital life security in various aspects. APKHunt checks Android apps against OWASP MASVS. Scanners Box offers a kit of infosec scanning tools. OpenCodeInterpreter rivals GPT-4 in code abilities, topping the BigCode leaderboard. Map Developers and Google Maps Scraper aid in business data collection. Keyhole carries out social media analytics. HAR files help analyze network issues. creepyCrawler is an OSINT tool for site reconnaissance. PretendoNetwork’s SSSL patches Nintendo CA - G3. KDMapper uses Intel driver to load non-signed drivers. GhostMapperUM maps an unsigned driver into memory. GMER handles Windows kernel rootkits. EDRSandblast evades EDR systems. Plandex offers an AI coding engine aiding in software tasks. Memory dump emulation tools like Bochs assist in crash analysis and forensics. wtf is a Windows snapshot-based fuzzer by Axel Souchet. Using Ghidra for analyzing ARM firmware in KatWalk C2 treadmill is elaborated. The KAT Walk C2 VR Treadmill’s set-up and usage are described. Constructing an 8-bit computer with 74xx ICs and an Ethernet adapter for networking. Ivan builds a discrete logic CPU and programming language. Upgrading a discrete logic ALU for improved computer performance. Reverst serves as a reverse-tunnel library using QUIC and HTTP/3 for restricted network services.
/episode/index/show/afce158d-6744-4986-a1d8-544dbf1c110d/id/30775343
info_outline
2024-04-09 : Daily : Gracie Folkins
04/10/2024
2024-04-09 : Daily : Gracie Folkins
In this recent rundown CloudGrappler, a tool for finding threat data in cloud AWS/Azure, and GMER, which detects rootkits in Windows kernel, are highlighted for their importance in cyber security. A blog talking about Cobalt Strike, mentioning how its post-exploit toolkit can use the Community Kit’s scripts for updates.
/episode/index/show/afce158d-6744-4986-a1d8-544dbf1c110d/id/30760748
info_outline
2024-04-08 : Daily : Gracie Folkins
04/08/2024
2024-04-08 : Daily : Gracie Folkins
A Proof of Concept for CVE-2024-3273 shows how to hack into D-Link NAS devices, GDBFuzz improves testing for gadgets and stuff, and Genzai helps find weak spots in IoT things by checking out their dashboards and passwords. The ’nexus’ plugin for IP.Board had a bad security problem but got fixed, and now there’s another tool to break into those D-Link NAS devices using the CVE-2024-3273 weakness. Looking at JumpServer, there’s a couple of CVEs, CVE-2024-29201 and CVE-2024-29202, and you gotta update some things to stop hackers. ADOKit helps test Azure stuff, and DeWatermark.AI takes off watermarks from pics. DroneXtract is for checking out DJI drone data, while VolWeb makes it easier to look at memory for computer clues. Obsidian is a cool and safe app for jotting down cyber threat info, perfect-dll-proxy helps with messing with DLLs in Windows, and the OSTE-Web-Log-Analyzer looks for web attacks in server logs.
/episode/index/show/afce158d-6744-4986-a1d8-544dbf1c110d/id/30733228
info_outline
2024-04-07 : Daily : Gracie Folkins
04/08/2024
2024-04-07 : Daily : Gracie Folkins
A cybersecurty hobbyist showed how to use vm2 JavaScript sandbox vulnerabilities to get into a Linux server, find a hash, and root access in a HackTheBox Codify challenge. Web cache issues, which can leak info, need careful monitoring; techniques like underscores in headers and fuzzing help prevent these attacks. The OSTE-Web-Log-Analyzer is a tool in Python for analyzing web logs to spot web attacks. C2 Cloud makes pentesting simpler with its web interface for handling backdoor sessions. To get Wi-Fi passwords from Windows after a breach, you need admin rights or the user’s context, and it’s suggested to not use WPA2 PSK for private networks.The Xen hypervisor got updated to fix handling of page table entries for superpages. Mahmoud Attia explains how to automate finding XSS vulnerabilities and avoid WAF detection using certain tools. A blog post explained how to create a backdoored Amazon Machine Image (AMI). Another post shows an exploit for BioTime software, allowing directory walking and code execution. A step-by-step method was given to analyze and get a malicious file from a site. MayflyHack has new cybersecurity resources like setting up a SCCM lab, network architecture, image creation, infrastructure deployment, and config management. The site itself provides tutorials for developing cyber security environments. Red Team Attack Lab uses real systems and vulnerabilities for offensive cybersecurity without cloud service costs. OpenGFW firewall is open-source, inspired by China’s firewall. Using Validin, 36 phishing domains linked to Latrodectus were found. Global Socket helps to securely communicate through firewalls using encrypted traffic. Japan EQ Locator helps visualize earthquake data, available on GitHub.QuickStego hides text in images, while QuickCrypto does the same with encryption. A Local Privilege Escalation (LPE) vulnerability in macOS filesystems was discovered and patched. Samuel Groß discussed finding vulnerabilities in image format parsers that impact Apple’s messenger apps. DroneXtract is softwre for analyzing DJI drone data. Articles explore Windows Containers creation and windows APIs. Web cache attacks can lead to site takeovers, but James Kettle suggests defenses like not caching error pages. FreeTube is a YouTube app for private viewing, and SearXNG is a private metasearch engine that doesn’t track users.
/episode/index/show/afce158d-6744-4986-a1d8-544dbf1c110d/id/30725603
info_outline
2024-04-06 : Daily : Gracie Folkins
04/07/2024
2024-04-06 : Daily : Gracie Folkins
Today, AttackGen is a cybersecurity tool for creating scenarios to test incident responses. A blog recommends more secure Wi-Fi password practices. There’s a GitHub Ansible playbooks for fixing a vulnerability CVE-2024-3094. An article offers a comprehensive guide to phishing investigations using Microsoft tools. White Knight Labs’ GitHub focuses on cyber operations tools. Cofense specializes in cyber threat training and detection. Rundll32.exe exploitation is tackled by Cybereason’s AI platform per another article. Bsides Cymru 2023 introduced a method for process injection without traditional threads. OffSec EXP-401 course gives insight into exploit development. Windows HOSTS file management is explained for enhancing security. Monitoring Windows services is crucial for protecting against malicious activities. Payload-Generator simplifies Cobalt Strike payload building. Huntress analysts found ransomware misuse of data backup tools. A cloud penetration test showed a new technique for lateral movement exploiting PSRemoting. Taherio/redi on GitHub scripts the setup of CobaltStrike redirectors. A resource offers cybersecurity techniques for penetration testing. Tim Bandos emphasizes using MITRE’s ATT\u0026CK Framework for threat hunting. Vulnerability Management bootcamp helps start cybersecurity careers. A Cobalt Strike setup guide explains various red team operation techniques. **FortyNorth Security’s tool EDD is for domain data enumeration. A course teaches creating a detection playbook in Security Onion 2.3. HOPain OSINT Search Tools Version 2.0 gathers open-source intelligence. Fast-recon Python script automates sensitive file searches for domains. Web-traffic-generator simulates web traffic. Splunk Attack Range builds cyber attack simulations. Subdomain fuzzing nets a $35,000 bug bounty. Nemanja Mijailovic shares how to download Bandcamp albums not in a user’s collection.
/episode/index/show/afce158d-6744-4986-a1d8-544dbf1c110d/id/30713673
info_outline
2024-04-05 : Daily : Gracie Folkins
04/06/2024
2024-04-05 : Daily : Gracie Folkins
In a recent post, Incinerator was introduced as a tool for reversing engineering Android malware and for security audits on apps. Discussions on r/netsec highlighted "Gram", a web application for threat modeling that works alongside system inventories. Chiasmodon came up as a CLI OSINT tool helping hackers gather info on domains and expanding with features like facial recognition. Readers also learned about alternatives to Netcat like Rlwrap, Rustcat, Pwncat, and Windows ConPty shell for secure connections in penetration testing. Lastly, Tunnelmole was mentioned for safely sharing local servers with the internet.
/episode/index/show/afce158d-6744-4986-a1d8-544dbf1c110d/id/30707348
info_outline
2024-04-04 : Daily : Gracie Folkins
04/04/2024
2024-04-04 : Daily : Gracie Folkins
Techniques for stealing AD CS certificates include exporting and bypassing restrictions using tools like Mimikatz. DLL Proxy Loading is a method where an attacker substitutes a legitimate DLL with a fake one to execute malicious code. Secator is a tool that automates security assessments by integrating multiple security commands. ST Smart Things Sentinel is for IoT security, scanning for vulnerabilities and adding devices to a network for monitoring. Portr is an open-source tool for secure SSH tunneling. A privilege escalation bug in Microsoft Intune has been patched by Microsoft. Steganography is used to embed malicious shellcode into images to evade detection. TInjA scans for template injection vulnerabilities in web pages. Fast-recon automates the search for sensitive files online. Airgeddon tests wireless network security, pwnat establishes client communication behind NATs, Lazytainer automatically manages inactive Docker containers, and GitBook is a documentation platform for technical teams. A Python script for bypassing Cloudflare, zeropwn/intelx-maltego for OSINT visualization, a ZoomEye.hk search tool for querying applications, EVILRDP adds features to an RDP client, and a public API command checks ELF binary files for backdoors.
/episode/index/show/afce158d-6744-4986-a1d8-544dbf1c110d/id/30686363
info_outline
2024-04-03 : Daily : Gracie Folkins
04/04/2024
2024-04-03 : Daily : Gracie Folkins
VolWeb helps investigators extract data from memory images, simplifies forensics. LDAP Watchdog monitor changes in LDAP entries, slacks alerts, skips some attributes. CVE-2024-3094, a cybersecurity flaw, learned to detect xz backdoor, updating systems to keep safe. NetScout is a tool for OSINT to dig into URL-related data. Sophisticated UNAPIMON malware evades detection, suggesting better security steps. Root access on macOS gain by filesystem mount tweak now patched. OCEANMAP backdoor used by APT28, allows remote manipulation. Generate Cobalt Strike beacons on Linux with CrossC2. Hakoriginfinder figures original hosts behind proxies. Evilginx 3.3 works with GoPhish, improves phishing campaigns. PowerShell DFIR scripts help in cyber defense on Kali Linux site. Use Gitrecon for info from GitHub/GitLab, and guard private data. Bishop Fox’s Cosmos gives penetration testing. Windows shortcuts and SSH can be phished, yet detectable. DOMPurify bypass found, corrected later. Linodas, Linux malware, hides well thus harder detecting. IceID malware leads to Nokoyawa ransomware in an attack. Dell server has a fixable privilege escalation. RouterOS DoS exploit works with malformed SMB packets. SQL-BOF library handles SQL interaction. "Rebound" VM on HackTheBox teaches cyberattacks-crack hashes, cycle RIDs. Nothing from a 404 error page. EDR systems’ anti-tampering disabled by communication interception. Vulnerability in EDR product by unprotected processes found. Jan gives an offline AI. Rust ransomware making demonstrated for learning, not misuse. Nidhogg rootkit performs stealth operations in Windows without detection. Malicious script in xz utility’s build could hijack functions, requires careful updates. Wireproxy is a userspace WireGuard, offering socks5/http proxy capabilities.
/episode/index/show/afce158d-6744-4986-a1d8-544dbf1c110d/id/30676113
info_outline
2024-04-02 : Daily : Gracie Folkins
04/03/2024
2024-04-02 : Daily : Gracie Folkins
A security engineer found two methods to bypass DOMPurify's protection by targeting how XML and HTML parsers work. The Drozer framework is used for testing Android app vulnerabilities, it's user-friendly and can be set up using Docker. It's important to check Active Directory admin groups to reduce risks. GitHub's xz-vulnerable-honeypot shows how to set up a honeypot detecting SSH attacks. AssetViz draws subdomains as a mind map for penetration testers. ChaiLdr repository helps avoid antivirus using shellcode loader techniques. Misusing the DLL Search Order can allow malware on Windows, so defenses are needed. An Android 14 kernel exploit affects Pixel devices, can gain root access. ADPT simplifies DLL hijack and sideloading exploits automatically. Modpot uses Go and gin for a web app honeypot to catch cyberattacks. Arjun hunts for HTTP parameters effectively. ADCSCoercePotato can force ADCS to authenticate for elevated privileges. HuntKit compiles pentesting tools in Docker for performance. A Python script makes simulated web traffic for network training. Portr safely shares local web services. LLVM is a compiler framework supporting many languages. CS 6120 at Cornell teaches programming language implementation online. A security researcher, amlweems, created a honeypot for CVE-2024-3094. Sudistark/xss-writeups explains an XSS bug on figma.com. An online service checks XZ backdoor in ELF binaries. Microsoft’s ML-For-Beginners provides a 26-lesson course on machine learning. A blog post demonstrates executing a buffer overflow attack. Linux's 'wall' command has a flaw, WallEscape (CVE-2024-28085), which can leak sensitive info. And Helix is a modern text editor offering features for coders.
/episode/index/show/afce158d-6744-4986-a1d8-544dbf1c110d/id/30657233
info_outline
2024-04-01 : Daily : Gracie Folkins
04/01/2024
2024-04-01 : Daily : Gracie Folkins
The HEDnsExtractor tool helps cyber security folks by pulling out domains/IP networks that could be bad news. Sadly, there's a nasty bug CVE-2024-0204 in GoAnywhere Admin that lets sneaky folks make high-privilege accounts they shouldn't. For you tech heads, there's a guide to writing 64-bit Linux shellcode so you can say "Hello World" with your CPU. R2Frida is a cool thing mixing radare2 with Frida to tweak live processes. Gynvael Coldwind busted a sneaky attack hiding in xz/liblzma that messes with data and sneaks in a backdoor. DroidLysis speeds up reverse engineering for Android apps while Subfinder and httpx are ace for finding digital weak spots. Certificate Transparency logs help spot tricky subdomains, helping in research and bounty hunting. FFUF finds hidden web content, and an SSH honeypot using CVE-2024-3094 waits for hackers. Cloudtopolis cracks passwords using Google's cloud and the net. Sniff out leaked credentials with Chrome and Burp Suite. Compare different EDR products with EDR-Telemetry. Hijack Windows with CcmPwn, and level up your cybersecurity chops with a book covering all things low-level. Some smart cookies found a Linux kernel bug (CVE-2024-1086) and a Cisco Umbrella script that susses out weird DNS requests. There's new malware-sniffing gear for .NET, and the latest tricks for nabbing manually mapped rootkits. Learn all about Windows UAC, poking around group policy bits for security testing, and make stuff safer with the Failsafe-go library. See OSINT trends with MetaOSINT, dig into Mastodon with Masto, and lurk on CashApp profile pics. Bag complex web data with One, track blockchain wallets with Wallet-Tracker CLI, learn malware analysis free from Arch Cloud Labs, and speed-scan websites with PIDRILA. There's a list of tools for taking apart social media, a fancy Cobalt Strike code generator, smackdab in ya face. OffSec Reporting beautifies pentest reports and there's more Telegram and Discord sleuthing gear, plus search savvy IRBIS for personal info digging. PHP library 'telegram-osint-lib' focuses on Telegram for data scraping, and the OSINT Notebook by tjnull organizes your snooping. Gynvael Coldwind had another go at showing how attacks creep into xz/liblzma. Slide into a process on Windows with the NtSetInformationProcess function. CVE-2023-4863 made a boo-boo with WebP images, gotta patch those browsers! Then there's a crafty exploit messing with Google's sign-in, and finally, a treasure trove of cyber security resources for folks gearing up for the OSCP or just being security-smart.
/episode/index/show/afce158d-6744-4986-a1d8-544dbf1c110d/id/30628983
info_outline
2024-03-31 : Daily : Gracie Folkins
03/31/2024
2024-03-31 : Daily : Gracie Folkins
Ken Shirriff takes a dive into a military-grade chip to explore its gate array design and compares it with custom chips, outlining the costs and production differences. A cyber security fan uncovers how to hack into the Rebound box on HackTheBox with techniques that bump up privileges. Trail of Bits launches Ruzzy, a fuzzer to sniff out Ruby code bugs. "forensictools" toolkit makes a one-stop virtual spot for digital forensics, loaded with a bunch of analysis tools. An article unveils a hacking trick to mess with turnstiles using the Wiegand protocol. Lastly, C2 Tracker on GitHub keeps an eye on shady online dealings, nabbing IP addresses to spot malign servers.
/episode/index/show/afce158d-6744-4986-a1d8-544dbf1c110d/id/30613238
info_outline
2024-03-30 : Daily : Gracie Folkins
03/30/2024
2024-03-30 : Daily : Gracie Folkins
This article teaches malware develpers how to dodge antivirus by changing NTFS attributes, in-memory tricks, digital certificates, and more, with tips for security pros. There’s updates on malware IOCs vital for knowing and stopping threats. Cloud_Enum looks for open cloud stuff on AWS, Azure, and others using keywords. Telerecon helps with Intel on Telegram, like scraping chats and seeing user links, but you need to set it up right. Awesome Cloud Security Labs has free security exercises for cloud tech. Netlas.io scans the internet for research and can spot industrial controls online needing better security. Backslash-powered-scanner finds hidden injection problems in servers and slides past firewalls. You can learn how to use Rust language in cybersecurity with their tool. There’s a full guide on Windows for malware work, and a project for a DNS Tunnel Keylogger to sneak out info without getting caught. Lastly, learn to spot .NET malware with GUIDs and MVIDs, and find Yara rules online.
/episode/index/show/afce158d-6744-4986-a1d8-544dbf1c110d/id/30605693
info_outline
2024-03-29 : Daily : Gracie Folkins
03/29/2024
2024-03-29 : Daily : Gracie Folkins
This series helps with emulating IoT malware using Docker and Qiling. A pro explains using Velociraptor on VMware ESXi hypervisors for forensics. Security flaws in ChatGPT allow XSS attacks. A JavaScript file cleverly hides AsyncRAT deployment. There's a binary exploitation roadmap from basics through pwn.college. SARA teaches making Android Trojans. BruteUnpackage cracks compressed file passwords. Demonstrate elevated privileges with CVE-2024-1086 on Linux. CVE-2023-48788 exploit for Fortinet's FortiClient EMS is on GitHub. Understand Open Redirect vulnerability in IIS using JavaScript. CVE-2024-25153 proof-of-concept affects Fortra FileCatalyst Workflow. Xiaomi WiFi routers had security issues now fixed. A 64-bit library loads DLLs stealthily. Lastly, Meckazin/ChromeKatz extracts browser cookies from memory.
/episode/index/show/afce158d-6744-4986-a1d8-544dbf1c110d/id/30600543
info_outline
2024-03-28 : Daily : Gracie Folkins
03/28/2024
2024-03-28 : Daily : Gracie Folkins
In a recent blog post, a data-only exploitation technique has been discussed which affects the Linux kernel’s io_uring. The technique lets attackers control memory pages and escalate privileges without changing kernel code. Zero Day Engineering offers masterclasses in software vulnerability research and exploit development with resources from conferences. A security researcher showed steps for unpacking Agent Tesla malware, analyzing its stages, and decrypting the payload. Ryan Weil explained deobfuscating the control flow in Agent Tesla by creating a plugin for de4dot and restoring code readability. Frida is a toolkit for modifying how programs run across multiple operating systems without needing source code. Noia is a sandbox file browser that simplifies examining mobile application files with Frida, suitable for rooted and non-rooted devices. VolWeb is a digital forensic tool using Volatility 3 for memory analysis and integration with CTI platforms. Domain Hunter Pro automates collecting web assets and interfaces with security tools, aimed at those in security testing.You can exploit local admin access to blind an EDR by tweaking the registry and rebooting to ensure Sysmon blindness. An in-depth analysis covers a Linux kernel vulnerability and exploitation, also providing research insights. There’s a guide on Velociraptor, a forensic tool, setup in a Windows lab environment. Suricata Hunting Rules provides network anomaly detection rules for Suricata IDS on GitHub. Nuclei v3.2 offers secure scanning of targets with authentication via a YAML file. An OSINT text outlines defending against cyber-attacks and info for cybersecurity careers. A repository holds dictionaries for penetration testers for password attacks and vulnerability finding. An article shows using DNS pivoting with Validin to analyze cyber infrastructures like LokiBot. The process of finding malware in open-source software through code analysis is detailed.A piece explains creating a self-replicating UEFI application and covers related techniques.BestEdrOfTheMarket is an open-source project for studying EDR detection strategies.The unKover project details an anti-rootkit tool which reveals unauthorized Windows drivers.A Google sub-domain XSS vulnerability was uncovered and resolved for a $4,133.70 reward.An article explains Windows syscall execution with a focus on kernel structure roles.Matthew Alt bypassed security protections on STM32 microcontrollers with Electromagnetic Fault Injection.Lastly, a script demonstrated a collision in SHA-256 hash function challenging its reliability.
/episode/index/show/afce158d-6744-4986-a1d8-544dbf1c110d/id/30587733
info_outline
2024-03-27 : Daily : Gracie Folkins
03/27/2024
2024-03-27 : Daily : Gracie Folkins
A new exploit for local privilege escalation in Linux kernels (CVE-2024-1086) affects versions 5.14 to 6.6. A security flaw’s been found that let’s people get more access on Apple macOS systems by messing with file system mount options; it’s been fixed now. There’s this thing, ChromeKatz, that can grab cookies from Chromium browsers. AutoWLAN helps set up a mobile hotspot with a Raspberry Pi and lets people make it more secure. Matthew Alt showed how to mess with STM32F4 microcontrollers using EMFI. Agenda ransomware is hitting VMWare’s vCenter and ESXi servers hard with their new tricks. Folks can make a bad Amazon Machine Image (AMI) that gets into other people’s AWS accounts. There’s a fix for a problem where folks could read files they shouldn’t in Adobe ColdFusion (CVE-2024-20767). Tracecat helps security teams be smarter and faster with cool AI stuff, and mailtools does email things for learning. A script on GitHub can set up AnyDesk with better security options. You can use Grafana Labs tools for keeping an eye on apps and make it safer with GitHub Action. Some smarties figured out how to take advantage of a hole in HTTP .NET Remoting (CVE-2024-29059). Devs can make assembly code easier with x86inc.asm. AMD Zen 2 and Zen 3 chips might be messed up by Rowhammer attacks, even with DDR4 and DDR5. Telegram-Anti-Revoke used to keep messages in Telegram from going poof, but it’s not being looked after anymore.
/episode/index/show/afce158d-6744-4986-a1d8-544dbf1c110d/id/30571748
info_outline
2024-03-26 : Daily : Gracie Folkins
03/26/2024
2024-03-26 : Daily : Gracie Folkins
A vulnerability in JustSystems Ichitaro Word Processor was fixed after Cisco Talos reported it. Git-Rotate helps avoid IP detection on GitHub during password attacks. AzureNum gathers data on Microsoft Entra IDs. There's a way to disable Windows Defender by tweaking system permissions. An OS engineer explains overcoming a Linux kernel bug (CVE-2023-0461) using advanced hacking techniques. DynamicMSBuilder makes .NET builds unique to dodge security checks. Dropper on GitHub crafts risky Office docs. BlueSpy steals audio from Bluetooth gadgets without user permision. Radamsa tests program stability with bad data. "WhoIsWho" shows other ways to do "whoami" tasks. Chiasmodon is a tool for domain info like emails. Tips for email investigation using OSINT tools are shared. To fix a "404 error," you should check the website URL. Various OSINT tools can find online profiles by nickname/email. Python scripts can automate file, web, and database work. Mr.Holmes mines public data about domains and such. Google Dork Maker creates search queries for hard-to-find data. Analyzing Latrodectus loader involves removing code clutter to see the harmful payload. Lastly, Telegram-Anti-Revoke was a plugin to keep Telegram messages from disappearing.
/episode/index/show/afce158d-6744-4986-a1d8-544dbf1c110d/id/30556053
info_outline
2024-03-25 : Daily : Gracie Folkins
03/25/2024
2024-03-25 : Daily : Gracie Folkins
Cybersecurity AI Pentest Muse offers creative solutions for professionals, helping analyze code and craft payloads. Alisa Esage shares JIT engine and VM escape exploits on GitHub. unKover, a PoC anti-rootkit, detects malicious drivers using specialized techniques. A new malware analysis toolkit features 98 tools for various tasks, plus updates. DroneXtract analyzes data from DJI drones, including file parsing and telemetry. bootfuzz tests MBR-based system BIOS, requesting more tests on physical hardware. Octopii by RedHunt Labs scans for personal identifiable information using OCR and NLP technologies. Osintracker provides a browser-based tool for OSINT investigators. OffSec-Reporting by Syslifters enables cybersecurity report generation. 'telegram-osint-lib' on GitHub provides a Telegram API for OSINT activities, and TJ-OSINT-Notebook includes tools and resources for OSINT work. GitOSINT Bot will return for professional use with paid APIs after being discontinued due to misuse. Various scripts scrape social media profiles, supporting Python. "HackingEnVivo/Doxing" is a Python tool for gathering personal info via doxing. A document offers resources and tools for OSINT. HINTS stores intelligence on targets and plans for secure user authentication and reporting. TELEKRAM-DOX hosts a Telegram flood bot. Social_X embeds RATs in files and warns against illegal use. SoulTaker packs multiple hacking features. LinkDox gathers info through different techniques. 'krishpranav/car-osint' helps gather vehicle associated data. DaProfiler collects digital identities to correct personal info leaks. Graver script exploits a vulnerability in Grav CMS. 'FattusRattus/Grandstream' scripts target Grandstream Phones vulnerabilities. CVE-2021-31630 PoC allows OpenPLC remote code execution. 'asploit' repository provides backdoors for multiple web servers. Exploit configurations for CVE-2021-44228 vulnerability and usage instructions are provided. f5_scanner identifies devices vulnerable to CVE-2020-5902. NoMoney is an information gathering tool that combines data from platforms. Learn low-level bit manipulation techniques for embedded systems. ComplianceAsCode project aids in maintaining security policies. MTProxy process for Telegram is outlined on GitHub. Akamai shares a privilege escalation technique detection in Active Directory. Neutron, an AI-driven assistant, joins Nebula Pro's free tier. A Python script checks for systems vulnerable to a new denial of service attack, CVE-2024–2169.
/episode/index/show/afce158d-6744-4986-a1d8-544dbf1c110d/id/30533348
info_outline
2024-03-24 : Daily : Gracie Folkins
03/25/2024
2024-03-24 : Daily : Gracie Folkins
Kubesploit is a framework for attacking container environments, with modules for both exploits and defenses. Ken Shirriff explores the Intel 8088 prefetch system, which boosts performance by pre-fetching instructions. A cyber security tutorial demonstrates how to exploit a vulnerability in Metabase. The Sr2T tool converts security scan reports into readable formats. A new tool extracts URLs and paths from web pages, suggesting improvements for handling applications. Researchers exploit a Chrome vulnerability by manipulating heap allocation patterns. Olivier Laflamme’s blog teaches emulating IoT firmware using QEMU. Reverser_ai offers automated reverse engineering tools on consumer hardware. The rev.ng decompiler has a modern interface and structure detection for code analysis. NoArgs hides command-line arguments of a process for covert operations. Emora is an open-source tool for finding user accounts with just a username. Secure coding guides teach prevention of common security issues. Sysmon blocks malicious file execution as backup to EDR systems in critical environments. Understanding process creation is important for cybersecurity. SquareX browser extension improves online safety. A vulnerability in Android’s Package Manager was exploited on Samsung devices. Scripts for finding vulnerable systems on networks using search engines. Auto-Gmail-Creator GitHub repository automates Gmail account creation. Python script discussed for SSH and FTP brute-forcing. Alisa Esage shares exploit code for competitions. Guide for testing AWS security. Repository for creating reverse shells and bypassing antivirus for educational purposes. Directory listing of educational cyber security content and tools. Resources for the Certified Red Team Expert (CRTE) exam. Cheatsheet-God provides cyber security resources. Command & Control frameworks are key for cyber operations. Code for manipulating Windows process’s command line arguments. International Anti Crime Academy gives guidance on investigating the Dark Web. Exploitation of the old TRACE method and HTTP/2 desync issues for web attacks. Method for privilege escalation in Azure. Handling dangling pointer errors through proper labeling and restructuring. Chrome’s detector for dangling pointers forces crashes to prevent their use. "Bob the Smuggler" conceals and encrypts files in other files to bypass security. DOMPurify’s deficiency is patched to prevent sanitization bypass. Method for maintaining persistent access with a malicious DLL. WindowsHardeningScript enhances Windows 10/11 security with system modifications.
/episode/index/show/afce158d-6744-4986-a1d8-544dbf1c110d/id/30521523
info_outline
2024-03-23 : Daily : Gracie Folkins
03/23/2024
2024-03-23 : Daily : Gracie Folkins
The amazing nimvoke is a Nim library for safely doing indirect syscalls and making DInvoke style delegate declarations, with examples shown for use in Nim projects. Skytrack is a Python tool for tracking planes using public data, creating PDFs about them, plus a feature to convert tail numbers and ICAO codes. A security researcher found a bug to listen in on Bluetooth speakers with Just Work pairing, tested with nRF Connect app. NetSoc_OSINT by XDeadHackerX can get info from social networks without needing an account or API. Testing file upload vulnerabilities includes several advanced methods like checking PHP functions, exploiting paths, testing XSS and XXE payloads, and ZIP Slip. SpecterInsight 2.3.0 has a ransomware emulation that safely encrypts files, evades defenses, and comes with a decrypter. CS-AutoPostChain for CobaltStrike focuses on post-exploitation while staying stealthy. Obsidian can turn into a Cyber Threat Intelligence platform for analysts to manage data and analyze links. Someone shared solutions for JavaScript ‘Capture the Flag’ puzzles, demonstrating weird JS behaviors like type coercion. Setting up notifications for new local admin accounts on Intune devices needs PowerShell scripts, Azure, and sending alerts through email or Teams. Managing data and configs, users can reset filters and adjust kernel object settings. ReverserAI is a Binary Ninja plugin using local LLMs to suggest names for reverse-engineered functions offline, and ‘reverser_ai’ on GitHub also does this for malware such as PowerPC files. Lastly, there’s a guide for checking SMB services on Windows using netexec, smbclient, Impacket, and nmap for finding vulnerabilities and other tasks.
/episode/index/show/afce158d-6744-4986-a1d8-544dbf1c110d/id/30512773
info_outline
2024-03-22 : Daily : Gracie Folkins
03/23/2024
2024-03-22 : Daily : Gracie Folkins
Today’s cybersecurity updates cover a range of topics, starting with techniques for SMB enumeration. WebSockets face risks from CSWSH, and there’s a keylogger that uses DNS tunneling for data exfiltration. GitHub now offers code scanning autobix, while a Chrome vulnerability (CVE-2023-3079) threatens JavaScript engine security. "asploit" emerges as a new tool for server-side backdoors, and "Bob the Smuggler" adeptly hides malicious payloads using HTML Smuggling. OSTE-Meta-Scanner scans for web injection flaws, and Attacknet challenges blockchain nodes. Abusing DACL for domain control is explained, and Hadess enlightens on cybersecurity. Rembg handles background removal in images. Wigle.net helps in tracking down WiFi-connected suspects, while Netlas.io optimizes attack surface discovery. Project Zero delves into MTE in kernel security, and Windows 11 showcases a protective KUSER_SHARED_DATA tweak. A browser exploit for Microsoft Edge is dissected. Microsoft Exchange servers prove risky for domains, prompting calls for permission limitations. Lastly, HiddenVM lets you run OSes within Tails.
/episode/index/show/afce158d-6744-4986-a1d8-544dbf1c110d/id/30507258
info_outline
2024-03-21 : Daily : Gracie Folkins
03/21/2024
2024-03-21 : Daily : Gracie Folkins
At SpecterOps, they found that Microsoft Exchange Server might lead to domain control attacks due to permission setups in Active Directory, unless mitigated by splitting permissions or restricting Exchange’s rights. MultiDump is a new tool avoiding Windows LSASS memory dump detection with encryption and requires updated parsing tools. Another article showcases how to exploit Android Jetpack Navigation to access any app fragment. Guillaume Caillé describes bypassing ‘Loader Lock’ by DLL side-loading differently. Microsoft’s PyRIT helps identify risks in generative AI, while OWASP OFFAT tests APIs for vulnerabilities. Tutorials and tools are discussed for IP search engines and Extractify extracts data for cyber analysis. Stuart McClure and another professional provide insights into cyber threats. WorldviewAI’s site brings global info, including cyber warfare. Advangle helps create advanced web searches, and Profile Discover finds social media profiles fast. Iván Santos Malpica shares web security bypass methods, and another security pro shows that manual SQL injection can outperform tools like sqlmap. Rishi introduces Nuclei templates to detect phishing, and a Python Flask app has template injection vulnerabilities. A GitHub repo displays an exploit for an aiohttp server (CVE-2024-23334). Lastly, a Linux Bash script uses Google dorking for info gathering.
/episode/index/show/afce158d-6744-4986-a1d8-544dbf1c110d/id/30487978
info_outline
2024-03-20 : Daily : Gracie Folkins
03/20/2024
2024-03-20 : Daily : Gracie Folkins
Techniques for discreetly loading DLLs using Windows Thread Pool API's and exploiting Windows kernel vulnerabilities through ROP chains are explained. Clément Amic focuses on exploiting Java deserialization flaws, and the GAP-Burp-Extension helps with fuzzing web apps. Learn a Direct Pointer execution method for shellcode, and check out RustRedOps, a Rust-based repository for Red Team tools. GitAlerts aids in monitoring sensitive files on GitHub, while an exploit, CVE-2023-6241, is out for bypassing memory protections on Pixel 8. Tips for preventing secrets leaks in Docker images, detecting yellow tracking dots with Dotspotter, and exploiting facial recognition systems are discussed. Emora emerges as a tool for searching social network usernames, while various tools for finding JavaScript vulnerabilities are listed. An "Awesome ChatGPT Prompts" repository offers creative prompts, and techniques to exploit identity providers are covered. GTPDOOR Scan helps detect malware-infected hosts, and a list of satellite OSINT tools is compiled. Learn about Ralph Merkle's cryptographic work, and discover Kiddy, a tool for obscuring Linux kernel information.
/episode/index/show/afce158d-6744-4986-a1d8-544dbf1c110d/id/30463658
info_outline
2024-03-19 : Daily : Gracie Folkins
03/19/2024
2024-03-19 : Daily : Gracie Folkins
Today, Trail of Bits releasing weAudit, which helps with code auditing in VSCode. There's a tool called Instagram User ID Finder for users to find Instagram IDs without logging in. The site Kontragenta.net offers a database for verifying information about legal subjects and others. Various OSINT tools are listed for cyber intelligence like search engines, and domain info. A text talks about a free phone number search tool for investigating numbers. An expert released a kernel exploit analysis for Android 14 on Google Pixel devices. Geowifi helps find WiFi networks by BSSID/SSID. ShodanX is a cybersecurity tool for using Shodan for free. Firefox's security is improved through JSIPC and tooling for identifying sandbox vulnerabilities. NoArgs hides Windows process arguments for privacy. The xai-org/grok-1 repository has a huge Grok-1 model requiring a strong GPU. Shodan is a search engine for finding exposed internet devices. There's a discussion on military tech showing a pivot to drones over traditional aircraft. Techniques like Return Oriented Programming for buffer overflow exploits and a new method called JSON Smuggling are explained.
/episode/index/show/afce158d-6744-4986-a1d8-544dbf1c110d/id/30441488
info_outline
2024-03-18 : Daily : Gracie Folkins
03/18/2024
2024-03-18 : Daily : Gracie Folkins
Today, MapXplore is a tool that improts data from sqlmap to PostgreSQL or SQLite, makin it easer for searching and managing information. linWinPwn is a bash script for auditing and penetration testing Active Directory on Linux systems. There’s a new set of proof-of-concept modules for Windows OS kernel-mode rootkit techniques, focusing on various methods and compatible with 64-bit Windows 10 post the 2004 update. luijait created DarkGPT, an AI-based Open Source Intelligence tool that uses GPT-4-200K to spot compromised databases, needing Python 3.8. DNS-Tunnel-Keylogger is for sending keystrokes via DNS tunneling from a compromised system to an attacker server. Warp brings a Rust-built terminal for Linux with AI and tools for better productivity, like editing, command generation, and workflows.
/episode/index/show/afce158d-6744-4986-a1d8-544dbf1c110d/id/30422888
info_outline
2024-03-17 : Daily : Gracie Folkins
03/17/2024
2024-03-17 : Daily : Gracie Folkins
In a recent hacking challenge, participants aim to gain unauthorized administrative access on a Windows domain using various cyber-attack methods. Dorkish is a Chrome extension aiding in OSINT for better reconnaissance with custom search queries. An article explains advanced malware development techniques for executing malicious code stealthily by exploiting Windows features. LLM4Decompile is a new tool using language models for decompiling binary code for improved cybersecurity analysis. Shelter technique conceals payloads in memory using ROP-based obfuscation and encryption. AttackGen assists organizations in testing incident response via customizable scenarios. DirDar finds restricted web directories, and Backup-Finder for Burp Suite reveals potentially sensitive files on webservers. https://haq.news/2024/03/17/
/episode/index/show/afce158d-6744-4986-a1d8-544dbf1c110d/id/30406878
info_outline
2024-03-16 : Daily : Gracie Folkins
03/16/2024
2024-03-16 : Daily : Gracie Folkins
The International Monetary Fund's email system was hacked and they're looking into it but no other part of the system is in trouble. BunnyLoader 3.0 malware can steal logins and act like it's not bad stuff. The U.S. Department of Justice grabbed $2.3 million in cryptocurrency from Binance for a scam. Aylo Global Entertainment stopped people in Texas from going to PornHub and wants a new way to make sure users are old enough. Some guy from Moldova got in trouble for 42 months cause he ran a bad site named E-Root. IT helpdesk folks are being tricked by hackers acting like they work there. McDonald's tech messed up worldwide because someone did a big oops, but it's fixing now. A CPU data leak named GhostRace got found out, like Spectre, but there are ways to stop it. US lawmakers might say bye to TikTok if the Chinese owners don't sell it. Jonathan Katz did bad SIM swaps for Bitcoin. Again, a big mess happened at McDonald's 'cause of a tech oops. Lotsa cyber incidents with Ethereum, Twitter, Kickstarter, and other places. A startup made a cool robot called Figure 01 with help from OpenAI, it's smarter than Tesla's. UK Defence Secretary's jet had GPS and talky problems near some place called Kaliningrad, Russia's fault, but all was okay. INTERPOL says bad computer crimes are going up 'cause of smart tech and cryptocurrency. A Russian-Canadian hacker and other bad computer news happened. There's this really sneaky StopCrypt ransomware now, bad guys want money to unlock your files. France Travail has a big break-in, lotsa personal stuff out there now. ShadowSyndicate is hacking stuff with old aiohttp holes, and Google Chrome is stopping more phishy sites to keep you safe. Some smart C++ dude wants the computer language to be safer. Bad guys in China are tricking people with not real Notepad++. Fortinet EMS had a big bad hole but it's better now. FCC made a new safe sticker for smart thingamajigs to show they're following rules. ChatGPT plugins had a bad problem that could let people see what they shouldn't. The FTC played undercovers and got some companies to pay back $26 million for lying about fixing computers. More bad computer news with UltraEdit for macOS. Apache CXF had a hole, so update it now. Phoenix Contact's CHARX SEC had real bad problems, get a patch or be careful. Apache ZooKeeper told people where stuff is hidden, but they fixed it. JSONata had a huge oh no, but they got a fix for it. Senator Wyden is worried about Chinese safe locks with backdoors. 5Ghoul issues got a bit fixed but not all good yet. A man from Portugal with autism doesn't wanna go to the US. Malpulse is watching bad servers. A website Ahmia tells you to be careful not to go to a fake one. Cool lists of Chrome extensions help with secret web stuff. "bad-opsec" on GitHub teaches about computer no-nos. LABЭKS looks at spies and their history. A website has a cool map with all the boats and stuff. The submarine cable map got updated to show wires under the water. And TeleGeography helps phone companies know stuff
/episode/index/show/afce158d-6744-4986-a1d8-544dbf1c110d/id/30401838
info_outline
2024-03-15 : Daily : Gracie Folkins
03/15/2024
2024-03-15 : Daily : Gracie Folkins
The Tor Project made WebTunnel to help people avoid internet blocks. Cryptocurrency services share tools for secret money stuff. Google Chrome is fighting off bad websites now. There's trouble with eSIM swapping hurting bank safety. Mikhail Vasiliev got caught and is in jail now. A big problem happened with France Travail, showing a lot of people's personal info. Restoro and Reimage have to pay a lot for making mistakes. Microsoft's new thing, Copilot for Security, is supposed to protect computers better.
/episode/index/show/afce158d-6744-4986-a1d8-544dbf1c110d/id/30388743
info_outline
2024-03-14 : Daily : Gracie Folkins
03/14/2024
2024-03-14 : Daily : Gracie Folkins
Researchers from Salt Labs discovered critical vulnerabilities in ChatGPT and GitHub, leading to rapid resolutions. A high-severity flaw in Kubernetes (CVE-2023-5528) demands urgent patching for Windows nodes. Henry Onyedikachi Echefu's involvement in a $6 million BEC scam underscores the FBI's warning about rising BEC losses. PixPirate Android malware targets Brazil's Pix payment platform by avoiding launcher icon detection. BlackCat ransomware's suspected exit scam follows the Change Healthcare data leak. Amidst cyberattacks, Microsoft's March 2024 Patch Tuesday addressed 60 security issues, and ZeroFox introduced an EASM service with threat intelligence. Major breaches and cybersecurity incidents continue to challenge global security efforts.
/episode/index/show/afce158d-6744-4986-a1d8-544dbf1c110d/id/30377173