# Latest Podcast
# Description
Today, extract macOS passwords with osx-password-dumper, scan networks via NetProbe, test servers with HTTP Garden, maintain access with RedTeam-Checker, analyze cloud security with PoiEx, solve CAPTCHAs using AI with a project by AashiqRamachandran, and learn more about vulnerabilities and breaches affecting AnyDesk, Meta, and Microsoft products.
# Tradecraft
[#]
The repository contains a bash script designed for macOS systems to extract user .plist files and convert them to a hash format compatible with password-cracking tools like John The Ripper or Hashcat, requiring root access to operate.
[#]
NetProbe is a Python-based network scanning tool that sends ARP requests across a specified IP range to identify and list devices, providing details like IP and MAC addresses, manufacturers, and models, with features for live tracking, saving results, and filtering by manufacturer or IP range.
[#]
The HTTP Garden is an assemblage of HTTP servers and proxies designed for differential testing and fuzzing, simplifying the discovery of vulnerabilities, with specific instructions for setup, dependencies, and usage detailed, as well as a record of bugs found using the tool.
[#]
RedTeam-Checker is a Python-based automation tool aimed at maintaining persistent access by monitoring backdoors and default settings on compromised systems, requiring Python 3.10, installation of dependencies via pip, and configuration of target machines through logins.csv and scoring.csv for effective operation.
[#]
PoiEx is a VS Code extension for cloud security analysis that visualizes infrastructure as code interactions, integrates Semgrep for scanning, and allows for notes and real-time collaboration, aiming to aid in the identification of security vulnerabilities.
[#]
A GitHub project by AashiqRamachandran offers a solution for automatically solving various CAPTCHAs through a multi-modal Large Language Model, using Google's Vertex AI for model inference and providing specificity in captcha type identification and corresponding solving methods for text and mathematical variations.
# News
[#]
A finance employee was deceived into transferring $25 million to scammers who used deepfake technology to impersonate the company's CFO and other staff during a video call, leading to six arrests and the exposure of a broader issue with fraudsters using AI to bypass facial recognition in identity theft cases.
[#]
Security researchers identified a cross-site scripting (XSS) vulnerability via the Clipboard API in Excalidraw utilized by Meta, and a sandbox escape issue through iframe properties in Microsoft Whiteboard, both requiring careful clipboard handling and validation to mitigate potential exploits.
[#]
Cybersecurity updates reveal that hackers are selling old AnyDesk credentials on the darknet, not from a recent breach, with over 30,000 potential access points, prompting statements from AnyDesk urging users to reset passwords, alongside discussions on law enforcement portal breaches and potential Instagram exploits.
[#]
AnyDesk confirmed a cyberattack on its production systems that compromised 18,317 customer credentials, now sold on the Dark Web; customers are advised to enable MFA and whitelist connections for better security.
[#]
A new variant of Mispadu Stealer malware exploits the CVE-2023-36025 vulnerability to bypass Windows SmartScreen warnings and steal information, with recently observed activities expanding to various regions beyond its original Latin American targets.
