# Latest Podcast
Description
Reversing Soviet era computers chips, Awesome GPT Agents, and espionage by Islamic Revolutionary Guard Corps' are the top three links for me today.
Tradecraft
[#]
The GitHub repository "Awesome-GPT-Agents" is a collection of generative pre-trained transformer (GPT) models specialized in various aspects of cybersecurity, from penetration testing to threat intelligence, and requires a ChatGPT Plus subscription for usage as of November 11, 2023.
[#]
The document is a comprehensive guide for understanding and executing modern post-exploitation techniques to compromise and defend Active Directory, including tactics for discovery, privilege escalation, lateral movement, persistence, and detection.
[#]
The post explores Chrome browser exploitation by delving into the V8 JavaScript engine's intricate internals and memory management to understand and expose potential security vulnerabilities.
[#]
A security researcher under the alias 5pider details the design of a new form of position-independent malware implant that avoids the use of reflective DLL loaders, includes global variables, and incorporates compile-time hashing for obfuscation.
[#]
Ken Shirriff's blog offers a detailed walkthrough of reverse-engineering CMOS circuits using a vintage Soviet counter chip as a practical example, explaining how to identify transistor types and their configurations to understand and replicate the chip's logic gates and flip-flops.
[#]
The GitHub repository azureOutlookC2 details a command and control (C2) tool using Microsoft Graph API to remotely control compromised Windows devices via an Outlook mailbox, originally developed as a threat emulation for North Korean APT group InkySquid/ScarCruft/APT37.
[#]
A new tool named ExecIT functions as an evasive loader using DLLs to deploy shellcode without tripping security flags, despite rundll32.exe being a common execution point monitored by Windows security mechanisms.
[#]
Tiny Scan is a versatile web analysis tool that allows users to gather detailed information about a URL's infrastructure, performance, and content, with features such as customizable User-Agent strings, language preferences, and HTTP header settings, and it provides insights like IP location, technology stack details, and SSL certificate status, aiding in tasks from SEO optimization to security assessments.
[#]
Raven is a CI/CD security analysis tool by Cycode Labs, which scans GitHub Actions workflows, identifies vulnerabilities, and uses Neo4j for data visualization, with the aim of improving security practices in software development pipelines.
[#]
Sshuttle serves as a user-friendly proxy server that provides VPN functionalities over ssh without the need for administrator privileges or complex configurations, supports DNS tunneling, and is compatible with several operating systems including Linux and MacOS.
[#]
itm4n's blog post details PrintNightmare's persistence in Windows environments due to mishandled Group Policy settings and offers a step-by-step guide on how to prevent attacks by configuring systems to only install signed printer drivers from trusted servers.
News
[#]
The Insikt Group report reveals the Islamic Revolutionary Guard Corps' use of cyber contractors for espionage and ransomware attacks against Western targets and suggests financial linkages to the IRGC Quds Force in Middle Eastern countries.
[#]
A blog post on xilokar.info discusses a method for extracting firmware keys by gaining EL3 access in hardware.
[#]
Sofia Santos analyzes her year of producing free OSINT challenges, revealing patterns in her creation and publishing schedule, with most tasks designed for beginner to intermediate skill levels and video walkthroughs often recorded during evening hours.
[#]
Microsoft has reduced its gaming workforce by 1,900 jobs, specifically impacting the Xbox, Activision Blizzard, and ZeniMax teams, with the Activision Blizzard's recent structural reorganization resulting in the cancellation of their in-development survival game, codenamed Odyssey.
[#]
FortiGuard Labs discovered malware in Python Package Index (PyPI) affecting both Windows and Linux systems, with files designed to steal sensitive information and cryptocurrency data by using unique transmission methods and scheduled tasks for data exfiltration.
