2024-05-15 // # Description # Tradecraft [#] Credential exposure in front-end code poses severe risks, and recommending systematic secure coding practices, regular training, code reviews, and automated scanning tools like Ferret can mitigate these vulnerabilities. Read More @ https://cremit.io/blog/credential-leakage-risks-hiding-in-frontend-code [#] The article discusses vulnerabilities with Linux character devices, particularly with the systemd-run and pkexec commands, showing how low-privileged users can exploit pseudo-terminal (pty) allocations to interact with high-privileged processes and suggests using chown to restrict access as a mitigation. [more...]

2024-05-14 // How to exploit the id parameter using Time-based Blind SQL Injection and Wayback Machine for vulnerabilities. Autorize is a Burp Suite extension for finding API vulnerabilities with user tokens. Hidden content can be found on 404 error pages using tools like dirsearch. Subdomain takeovers use tools like Subfinder, HTTPX, and Nuclei. A hacker used Dorki.io for an SSRF vulnerability to get AWS EC2 credentials. It discusses finding DOM-based XSS via client-side JavaScript, Bruno IDE for APIs, Reporting API for monitoring errors, and profiling subdomains with httpx and EyeWitness. Techniques for discovering APIs and methods for recon in bug bounties are detailed. Various vulnerabilities in GOG Galaxy and solutions for HTTP parser inconsistencies are explored, alongside insights into NetScout and Klarna’s Gram tools. Tools like unch, Scout Suite, SharpPersistSD, and EFuzz are also reviewed for security testing and auditing. [more...]

2024-05-13 // PingRAT uses ICMP payloads to secretly pass C2 traffic through firewalls, making it undetectable by most AV/EDR solutions. No-Consolation is a Beacon Object File (BOF) that runs unmanaged PEs inline, supporting EXEs and DLLs, without creating new processes or allocating a console. A repository has a list of custom search engines for OSINT, including searches for social media and web services. A document details a proof-of-concept for using Microsoft Windows printers as a C2 channel, exploiting the Internet Printing Protocol. SqliSniper is a Python tool for detecting blind SQL injection in HTTP headers. Andy Gill examines WinSxS and DLL hijacking for initial access and privilege escalation. unch hides messages using invisible Unicode characters. [more...]

2024-04-12 // Laptop Giveaway - There Can Be Only One - Hello, I’m Jared Folkins and I’ve been keeping a secret. I work for Counter Hack. Counter Hack performs ridiculously good Penetration Tests. You should hire us. We are also the makers of the SANS Holiday Hack Challenge. But that’s not the secret. You know that daily HAQ.NEWS podcast my daughter Gracie has been creating? It’s not actually her. Yes, out of sixty-five daily episodes, all of them are Ai generated. All the episodes except one. Your goal is to find the one authentic episode that Gracie created. If you do, please submit your answer using the following form for a chance to win a mac laptop. Be warned, they sound really good. Like, “fooled Gracie’s Mother” good. Best of luck! [more...]

2024-04-11 // A cybersecurity researcher, k0shl, discussed methods for exploiting a Windows telephony service issue, which could control memory wrongly. A malware called Nitrogen tricks users into downloading fake apps leading to ransomware but can be prevented with various strategies. On Reddit, there’s talk about the dangers of batch files in Windows due to argument escaping issues. The C2 Cloud project lets testers control compromised systems efficiently. A Proof of Concept showed a flaw in Jasmin Ransomware’s web panel, allowing unauthorized file access. Carlos Polop’s guide covers penetration testing extensively. Use Countik, an online tool, for analyzing TikTok accounts. An article guides on OSINT for map investigations. Shortemall v3.0, released on April 5, 2024, scans for hidden content in short URLs. [more...]