HAQ.NEWS

// jared folkins

# Latest Podcast

Today, utilize GSSAPI-Abuse for Active Directory vulnerability detection, HackTheBox’s Bookworm challenge exploiting XSS and SQL injection, Bash commands for network management, PHunter for OSINT phone analysis, CoWitness for web app testing simulation, IPATool for iOS app retrieval, Logboost for enhanced log analysis, a hardware hacking infographic, AngryOxide for advanced WiFi exploitation, WScan’s machine learning-based web security scanner, a V8 JavaScript engine exploit in Chrome, Freeze.rs for EDR evasion in Rust, and AllForOne’s comprehensive Nuclei YAML template collection.

Tradecraft

gssapi-abuse tool finds and fixes active directory hosts vulnerable to gssapi authentication abuse.
http://www.kitploit.com/2024/01/gssapi-abuse-tool-for-enumerating.html

hackthebox’s bookworm challenge involves exploiting cross-site scripting, file upload checks, and sql injection to gain server access.
https://0xdf.gitlab.io/2024/01/20/htb-bookworm.html

the post details various bash commands and techniques for network management, system info acquisition, and privilege escalation.
https://github.com/redteamrecipe/redteamrecipe.github.io/blob/559ad553a27351059d61715f8005e4d31ec2ef08/_posts/2024-11-17-bash-tips-tricks.md

phunter is an osint tool for gathering information from phone numbers, including operator, location, and ownership details.
https://github.com/rvrsh3ll/phunter

cowitness is a versatile tool for simulating http and dns servers to improve web app testing.
https://github.com/stolenusername/cowitness

ipatool is a command-line utility for searching and downloading ios apps from the app store.
https://github.com/majd/ipatool

logboost enriches logs with geolocation, dns, osint, and asn data for better security analysis.
https://www.reddit.com/r/netsec/comments/19bdl6j/logboost_a_tool_for_parsing_and_enriching_ip/

hardware hacking cheatsheet infograph is a visual guide with practical tips for breaking into hardware systems.
https://github.com/arunmagesh/hw_hacking_cheatsheet

angryoxide is a new rust-based 802.11 wifi exploitation tool for advanced attacks and hash capture.
https://securityonline.info/angryoxide-802-11-attack-tool/

wscan is an open-source web security scanner using machine learning for enhanced automation and accuracy in penetration testing.
https://github.com/chushuai/wscan/blob/main/readme_en.md

exploit detailed for v8 javascript engine in chrome, patch released, related techniques ineffective with new wasm security measures.
https://blog.exodusintel.com/2024/01/19/google-chrome-v8-cve-2024-0517-out-of-bounds-write-code-execution/

freeze.rs is a rust toolkit for evading edr by manipulating suspended processes and syscalls.
https://github.com/tylous/freeze.rs

allforone collects nuclei yaml templates from multiple repositories to streamline vulnerability template access for security research.
https://github.com/aggressiveuser/allforone

News

microsoft countered midnight blizzard’s email breach by boosting legacy system security.
https://msrc.microsoft.com/blog/2024/01/microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/

outlook’s vulnerability, cve-2023-35636, leaks ntlm v2 hashes; apply dec. 12 patch and prefer kerberos.
https://www.scmagazine.com/news/accepting-a-calendar-invite-in-outlook-could-leak-your-password

tandasat reported a fix for the hvci vulnerabilty cve-2024-21305 on github, with a $1000 bug bounty awarded by msrc.
https://github.com/tandasat/cve-2024-21305

breachforums hacking forum admin gets 20 years supervised release for cyber crimes.
https://www.bleepingcomputer.com/news/security/breachforums-hacking-forum-admin-sentenced-to-20-years-supervised-release/

meta consistently fails to remove imposter instagram accounts, watermark your photos and report via web forms for protection.
https://www.bleepingcomputer.com/news/security/meta-wont-remove-fake-instagram-profiles-used-for-obvious-catfishing/

researchers connect 3am ransomware to conti and royal cybercrime groups.
https://www.bleepingcomputer.com/news/security/researchers-link-3am-ransomware-to-conti-royal-cybercrime-gangs/

cisa directs agencies to mitigate ivanti zero-day flaws; fix expected next week.
https://thehackernews.com/2024/01/cisa-issues-emergency-directive-to.html

google chrome’s v8 javascript engine had a bug allowing hackers to manipulate memory, which is now fixed with cve-2024-0517.
https://blog.exodusintel.com/2024/01/19/google-chrome-v8-cve-2024-0517-out-of-bounds-write-code-execution/

ta866 revives with phishing emails using pdfs to spread wasabi seed and screenshotter malware.
https://thehackernews.com/2024/01/invoice-phishing-alert-ta866-deploys.html

russian apt group midnight blizzard hacks microsoft executives’ emails using password spray attack.
https://thehackernews.com/2024/01/microsofts-top-execs-emails-breached-in.html

five suspects charged for embezzling over $7 million from an it firm through fraudulent expense claims.
https://go.theregister.com/feed/www.theregister.com/2024/01/19/5_fake_expenses_claim/

vmware patched critical zero-day used by chinese hackers, update servers now.
https://thehackernews.com/2024/01/chinese-hackers-silently-weaponized.html

leftoverlocals vulnerability lets attackers steal data from gpu local memory, patch your gpu firmware to defend against leaks.
https://blog.trailofbits.com/2024/01/16/leftoverlocals-listening-to-llm-responses-through-leaked-gpu-local-memory/

morphisec reports the sophisticated chae$ 4.1 malware uses email, stealth, and a chronod module to steal data.
https://securityonline.info/morphisec-reveals-chae-4-1-a-new-era-of-malware-sophistication/

study claims google’s auto-deletion of sensitive location data is unreliable, potentially exposing personal visits to places like abortion clinics.
https://www.malwarebytes.com/blog/news/2024/01/google-failing-to-scrub-abortion-access-in-location-history-study-claims

vf corp faced a december data breach, to secure your data, ensure strong authentication and monitor systems for unauthorized access.
https://securityaffairs.com/157786/data-breach/vf-corp-december-data-breach.html

attackers in argentina bypassed 2fa to hack payoneer accounts; update your security settings now.
https://www.bleepingcomputer.com/news/security/payoneer-accounts-in-argentina-hacked-in-2fa-bypass-attacks/

# F.A.Q

Problem

Many websites are using AI/ML to create clickbait which actually doesn't have any valuable content.

Value

I use AI to de-clickbait the clickbait by allowing AI to read my news for me. Then it creates a meaningful tldr; regarding the articles of interest which helps discern what I should read. It is saving me a ton of time.

Why

FWIW HAQ.NEWS really started out as my personal news feed, enriched by Ai, and converted into something quick and easy to read. But then I started getting requests for features like rss, Gracie got involved, and with the super-power of Ai things have taken on a life of their own.

Sharing

I currently post daily infosec news to x, linkedin, mastodon and rss.

I also post daily infosec podcasts and interviews to apple podcasts and spotify.

Ads

This isn't an Ad.

current friend of haq 2024-01-21

I want to encourage people and projects that impress me, by posting a banner linking their work, as it's my desire to help others. I do not take or make any money.

Thanks,
Jared Folkins