HAQ.NEWS

// jared folkins

# Latest Podcast

Today, pull apart reverse engineering for web apps with AST analysis, RustHound for Active Directory data collection, youneverknow00’s kernelmode DLL injector, pwndoc-ng and pwndoc for pentest reporting, GraphRunner for post-exploitation on Microsoft Entra IDS, TruffleHog for secret detection in code, U-Boot and UART for Android rooting, and techniques to bypass remote browser isolation.

Tradecraft

notes and tools for reverse engineering obfuscated web app code including ast analysis and deobfuscation techniques.
https://gist.github.com/0xdevalias/d8b743efb82c0e9406fc69da0d6c6581

rusthound is a cross-platform active directory data collector for bloodhound with focus on avoiding av detection.
https://github.com/nh-red-team/rusthound

youneverknow00’s repository offers a simple kernelmode dll injector using socket communication and manual mapping.
https://github.com/youneverknow00/kernelmode-dll-injector

pwndoc-ng is an updated pentest report generator with new features for easier and more efficient documentation.
https://github.com/pwndoc-ng/pwndoc-ng

pwndoc is an open-source tool for streamlining penetration test reporting and document generation.
https://github.com/pwndoc/pwndoc

graphrunner is a toolkit for post-exploitation reconnaissance and data extraction on microsoft entra ids using the graph api.
https://securityonline.info/graphrunner-post-exploitation-toolset-for-interacting-with-the-microsoft-graph-api/

use trufflehog to find and fix exposed secrets in your code and prevent security risks.
https://www.blackhillsinfosec.com/rooting-for-secrets-with-trufflehog/

a guide on extracting and rooting the boot image from a pritom p7 android tablet using u-boot and uart connection.
https://tinyhack.com/2024/01/18/using-u-boot-to-extract-boot-image-from-pritom-p7/

learn how to bypass remote browser isolation for effective command and control during offensive cyber operations.
https://posts.specterops.io/calling-home-get-your-callbacks-through-rbi-50633a233999

News

varonis exposes new ways attackers can leak ntlm v2 hashes, patch systems to protect.
https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

cybercriminals use docker servers with xmrig and 9hits viewer to mine crypto and generate fake traffic.
https://www.hackread.com/docker-servers-malware-traffic-boosted-cryptominers/

rapid7 discovers atlantida malware stealing wallet data from chrome extensions, stay updated on protective measures.
https://securityonline.info/atlantida-a-sophisticated-malware-targeting-your-digital-wallets/

siemens patches critical simatic vulnerabilities, users should update immediately.
https://securityonline.info/urgent-siemens-update-addressing-simatics-near-perfect-cvss-scores/

gpu vulnerability leak allows snooping on ai models, patch expected in march.
https://go.theregister.com/feed/www.theregister.com/2024/01/17/leftoverlocals_gpu_flaw/

have i been pwned now includes 71 million emails from naz.api, check and update your passwords.
https://www.bleepingcomputer.com/news/security/have-i-been-pwned-adds-71-million-emails-from-nazapi-stolen-account-list/

atlassian’s jira services faced outage, fixes deployed with monitoring ongoing.
https://www.bleepingcomputer.com/news/technology/jira-down-atlassian-outage-affecting-multiple-cloud-services/

fbi and cisa caution against using china-made drones for u.s. infrastructure due to data security risks.
https://packetstormsecurity.com/news/view/35412/feds-warn-chinese-drones-pose-risk-to-us-critical-infrastructure.html

russian spies created spica, a rust-based backdoor, targeting nato countries and individuals since november 2022.
https://go.theregister.com/feed/www.theregister.com/2024/01/18/google_tag_coldriver_malware/

calvia refuses to pay €10m ransomware demand, delays administrative processes, works on system recovery.
https://www.scmagazine.com/brief/spanish-municipality-rejects-ransomware-demand-payment

atlassian confluence servers can be hacked remotely without passwords, fix by updating to version 8.5.5.
https://packetstormsecurity.com/news/view/35415/atlassian-confluence-vulnerability-enables-remote-code-execution.html

russian coldriver hackers now use custom rust malware for targeted phishing scams, employing decoy pdfs and a backdoor named spica.
https://thehackernews.com/2024/01/russian-coldriver-hackers-expand-beyond.html

massive password breach involving unknown 25 million passwords, secure accounts with strong, unique passwords, and enable 2fa.
https://packetstormsecurity.com/news/view/35413/researcher-uncovers-one-of-the-biggest-password-dumps-in-recent-history.html

nft scam targets token holders using spoofed airdrops and fake websites to steal funds.
https://securityonline.info/sophisticated-nft-scam-campaign/

security experts reveal bigpanzi botnet infecting smart tvs for cybercrimes, urge community collaboration to counter the threat.
https://go.theregister.com/feed/www.theregister.com/2024/01/18/bigpanzi_botnet_smart_tvs/

macos backdoor in chinese pirated apps evades detection, emulate official processes, attacks use modified khepri project code.
https://www.darkreading.com/vulnerabilities-threats/stealthy-backdoor-found-hiding-in-pirated-macos-apps

illicit crypto addresses received over $24 billion in 2023, highlighting the need for improved digital asset monitoring.
https://packetstormsecurity.com/news/view/35410/illicit-crypto-addresses-received-at-least-24.2-billion-in-2023.html

sarah meiklejohn disproved bitcoin’s anonymity by tracing transactions on its blockchain.
https://packetstormsecurity.com/news/view/35416/how-a-27-year-old-busted-the-myth-of-bitcoins-anonymity.html

pax terminals had six bugs fixed, update your devices to avoid cyberattacks.
https://www.scmagazine.com/brief/cyberattacks-likely-with-pax-payment-terminal-bugs

cyberattackers exploit docker for fake web traffic, turn credits into cash; secure your containers.
https://www.darkreading.com/cloud-security/cybercriminals-abuse-aws-ses-send-verified-phishing-emails

chaes malware version 4.1 praises security researchers with hidden messages and refines browser activity theft.
https://www.darkreading.com/threat-intelligence/chaes-infostealer-code-threat-hunter-love-notes

kansas state university it systems hit by cyberattack, causing service disruptions including email and video.
https://www.bleepingcomputer.com/news/security/kansas-state-university-cyberattack-disrupts-it-network-and-services/

insurance broker’s flawed api exposed over 650,000 emails, fix delayed, change the password immediately.
https://go.theregister.com/feed/www.theregister.com/2024/01/18/ttibi_office_buggy/

tensorflow’s ci/cd misconfigurations fixed to prevent supply chain poisoning by requiring pull request approvals and restricting token permissions.
https://thehackernews.com/2024/01/tensorflow-cicd-flaw-exposed-supply.html

foxsemicon targeted in ransomware attack; hackers threaten to leak 5tb of customer data if ransom not paid.
https://www.scmagazine.com/brief/ransomware-attack-impacts-foxsemicon

haier issued a takedown notice to a developer for unauthorized home assistant plugins that may cause the firm financial harm.
https://www.bleepingcomputer.com/news/security/haier-hits-home-assistant-plugin-dev-with-takedown-notice/

mint sandstorm targets middle eastern experts with personalized phishing and deploys media-based backdoors for espionage.
https://securityonline.info/mint-sandstorm-campaigns-targeted-cyber-attacks-on-middle-eastern-experts/

iranian hackers use sophisticated phishing to target middle eastern affairs experts.
https://thehackernews.com/2024/01/iranian-hackers-masquerades-as.html

inferno drainer stole $80m in crypto by phishing, remind users to verify websites for authenticity.
https://www.darkreading.com/cloud-security/80m-crypto-disappears-drainer-malware-hell

attackers exploit docker api to deploy xmrig miner and 9hits traffic bot for dual monetization.
https://www.bleepingcomputer.com/news/security/docker-hosts-hacked-in-ongoing-website-traffic-theft-scheme/

juniper patches critical security flaws, users should update to fixed junos versions detailed in blog post.
https://labs.watchtowr.com/the-second-wednesday-of-the-first-month-of-every-quarter-juniper-0day-revisited/

attackers exploit ivanti vpn flaws; apply mitigation after backups and run external integrity checks.
https://www.volexity.com/blog/2024/01/18/ivanti-connect-secure-vpn-exploitation-new-observations/ news

# F.A.Q

Problem

Many websites are using AI/ML to create clickbait which actually doesn't have any valuable content.

Value

I use AI to de-clickbait the clickbait by allowing AI to read my news for me. Then it creates a meaningful tldr; regarding the articles of interest which helps discern what I should read. It is saving me a ton of time.

Why

FWIW HAQ.NEWS really started out as my personal news feed, enriched by Ai, and converted into something quick and easy to read. But then I started getting requests for features like rss, Gracie got involved, and with the super-power of Ai things have taken on a life of their own.

Sharing

I currently post daily infosec news to x, linkedin, mastodon and rss.

I also post daily infosec podcasts and interviews to apple podcasts and spotify.

Ads

This isn't an Ad.

current friend of haq 2024-01-19

I want to encourage people and projects that impress me, by posting a banner linking their work, as it's my desire to help others. I do not take or make any money.

Thanks,
Jared Folkins