# Latest Podcast

Today, discover tools like noxer for automating Android pentesting in Nox Emulator, sbscan for detecting Spring Framework vulnerabilities, Kaspersky’s iShutdown for spotting iOS spyware, a new Linux kernel exploit for root access, PyGPOAbuse for editing GPOs, an intro to YARA for reverse engineering, a Cobalt Strike BOF for checking DLL hijacking, techniques for reversing obfuscated JavaScript, the versatile Flipper Zero for hacking, AVRed for improving red teaming obfuscation, and Kaspersky’s scripts for iShutdown analysis on iOS.

Tradecraft

noxer is a python script for automating android pentesting in nox emulator, simplifying setup and analysis.
https://github.com/aggressiveuser/noxer

sbscan is a tool for finding spring framework vulnerabilities and sensitive info leaks.
https://securityonline.info/sbscan-penetration-testing-tool-specifically-designed-for-the-spring-framework/

kaspersky’s ishutdown can spot spyware like pegasus by analyzing ios shutdown.log files; frequent reboots and script use are advised.
https://thehackernews.com/2024/01/new-ishutdown-method-exposes-hidden.html

new linux kernel exploit for ubunt/centos/rhel leverages race condition to gain root access, requires multi-core smp systems.
https://github.com/nassim-asrir/zdi-24-020/

pygpoabuse is a python tool for editing gpo to add local admin or deploy reverse shells.
http://www.kitploit.com/2024/01/pygpoabuse-partial-python.html

oalabs posted a locked intro to yara in a four-part series for reverse engineering.
https://www.reddit.com/r/reverseengineering/comments/198jxj8/introduction_to_yara_fourpart_tutorial_series/

use cobalt strike bof to check dll hijacking via safe search order and mutable file handles.
https://github.com/espressocake/dll-hijack-search-order-bof

reversing obfuscated javascript to manipulate signed url request headers and bypass security controls.
https://buer.haus/2024/01/16/reversing-and-tooling-a-signed-request-hash-in-obfuscated-javascript/

flipper zero is a multi-protocol hacking tool detailed in guides for various security assessments and customizations.
https://infosecwriteups.com/the-ultimate-guide-cheatsheet-to-flipper-zero-d4c42d79d32c

avred tool helps red teamers by detailing how antiviruses detect their files, improving obfuscation.
https://securityonline.info/avred-antivirus-reducer-for-antivirus-redteaming/

kaspersky’s python scripts ishutdown_detect.py, ishutdown_parse.py, and ishutdown_stats.py automate the analysis of ios’s shutdown.log to detect spyware infections.
https://www.bleepingcomputer.com/news/security/ishutdown-scripts-can-help-detect-ios-spyware-on-your-iphone/

News

google incognito mode doesn’t stop data collection; use privacy-focused browsers and plugins for real privacy.
https://www.hackread.com/google-incognito-mode-disclaimer-data-tracking/

cisa alerts to a critical rce flaw in laravel, patch by feb 6 to secure systems.
https://securityonline.info/cisa-warns-of-actively-exploited-laravel-framework-rce-flaw/

the extensive database provides a list of data breaches accessible via an api and rss feed, researched by cyber security experts joseph menn and ed skoudis.
https://haveibeenpwned.com/pwnedwebsites#nazapi

ai-assisted coding creates less secure code; coders should verify ai suggestions to improve safety.
https://www.schneier.com/blog/archives/2024/01/code-written-with-ai-assistants-is-less-secure.html

cisa and fbi alert about androxgh0st botnet targeting cloud services for credential theft.
https://thehackernews.com/2024/01/feds-warn-of-androxgh0st-botnet.html

pax pos devices have high-severity vulnerabilities; updates released in november 2023 fix them.
https://thehackernews.com/2024/01/pax-pos-terminal-flaw-could-allow.html

bigpanzi botnet uses malware to control 170,000 android tv boxes for illegal streaming and ddos attacks.
https://www.bleepingcomputer.com/news/security/bigpanzi-botnet-infects-170-000-android-tv-boxes-with-malware/

ukrainian hacker arrested for infecting cloud servers with mining malware resulting in $2m cryptocurrency theft.
https://www.scmagazine.com/brief/hacker-behind-theft-of-over-2m-in-cryptocurrency-arrested

ai voice imitation scams are rising; verify unexpected calls through known contacts or police.
https://www.malwarebytes.com/blog/news/2024/01/ai-used-to-fake-voices-of-loved-ones-in-ive-been-in-an-accident-scams

balada injector malware exploits wordpress pop-up builder xss flaw, update and monitor site integrity to protect.
https://www.darkreading.com/application-security/7k-wordpress-sites-compromised-balada-injector

inferno drainer phishing scam stole $80m from crypto wallets using multichain drainers and fake wallet connect protocols.
https://www.hackread.com/inferno-drainer-phishing-scammers-crypto-wallets/

over 178,000 sonicwall firewalls are at risk and users should immediately restrict web management access and update firmware.
https://packetstormsecurity.com/news/view/35407/sonicwall-api-opens-178k-firewalls-to-attack.html

extortion bot auto-wipes weak-credentialed postgresql and mysql databases; strong passwords are needed to safeguard.
https://go.theregister.com/feed/www.theregister.com/2024/01/17/extortion_bot_is_autopwning_postgresql/

nokia targets us government business amidst chinese telecom equipment concerns.
https://go.theregister.com/feed/www.theregister.com/2024/01/17/nokia_us_sales_list/

piyush kumawat shares daily resources for finding and fixing security vulnerabilities online.
https://infosecwriteups.com/daily-bug-bounty-writeups-2d754b87a546

github updated keys after a credential leak bug, users should pull new public keys via api for future security.
https://www.bleepingcomputer.com/news/security/github-rotates-keys-to-mitigate-impact-of-credential-exposing-flaw/

macos infostealers like keysteal and atomic are bypassing apple’s xprotect, update defenses.
https://www.darkreading.com/endpoint-security/sophisticated-macos-infostealers-apple-built-in-detection

uk watchdog fines companies for illegal marketing calls, reminder to adhere to privacy laws and respect do not call lists.
https://go.theregister.com/feed/www.theregister.com/2024/01/17/ico_cold_call_fines/

patch netscaler to prevent cve-2023-6548/6549 remote code execution or dos attacks.
https://securityonline.info/cve-2023-6548-6549-two-new-citrix-netscaler-zero-days-exploited-in-attacks/

sophisticated phishing scam targets meta business owners using trademark infringement scare, verify through official channels to protect accounts.
https://www.hackread.com/phishing-scam-meta-businesses-trademark-threats/

leftoverlocals vulnerability in various gpus allows unauthorized data recovery; vendors are releasing patches.
https://www.bleepingcomputer.com/news/security/amd-apple-qualcomm-gpus-leak-ai-data-in-leftoverlocals-attacks/

google warns of an actively exploited chrome zero-day, urging users to update their browsers immediately.
https://packetstormsecurity.com/news/view/35406/google-warns-of-chrome-browser-zero-day-being-exploited.html

netcraft exposes health product scams using cheap gtlds mimicking news outlets; caution advised when visiting new sites.
https://go.theregister.com/feed/www.theregister.com/2024/01/17/netcraft_health_scams_analysis/

github rotated keys due to unsafe reflection vulnerability, users must update to patched versions.
https://thehackernews.com/2024/01/github-rotates-keys-after-high-severity.html

google patched a chrome zero-day vulnerability, upgrade to 120.0.6099.224/225 immediately.
https://thehackernews.com/2024/01/zero-day-alert-update-chrome-now-to-fix.html

androxgh0st malware exploits old vulnerabilities for credential theft; update systems and review .env files to mitigate risk.
https://go.theregister.com/feed/www.theregister.com/2024/01/17/fbi_botnet_warning/