# Latest Podcast
# Description
Analyze SAP Router and DIAG connections for security parameters with the Sncscan tool. Detect ransomware in MySQL with MELEE, and enhance offensive security assessments with the Nemesis Kubernetes pipeline. Identify GitHub Actions vulnerabilities using the Argus static taint analysis tool, and check for Nginx alias traversal issues using Navgix.
# Tradecraft
[#]
Sncscan is a tool created to analyze SAP Secure Network Communications configurations, identifying whether SNC is enabled on SAP Router and DIAG connections, and detailing the security parameters set for these connections.
[#]
The article introduces "MELEE," a security tool designed for detecting ransomware infections within MySQL instances, and details its capabilities in reconnaissance, permission assessment, and infection scanning for security researchers and penetration testers.
[#]
Nemesis is a Kubernetes-based pipeline designed to automate repetitive tasks, enhance analytic capabilities, and amass operational data for offensive security assessments.
[#]
Argus is a security analysis tool for detecting vulnerabilities in GitHub Actions by using static taint analysis to track untrusted data and classifying impacts based on severity.
[#]
dnSpyEx is an enhanced, unofficial fork of the original dnSpy project, offering features like debugging and editing of .NET and Unity assemblies without needing source code, complete with a variety of themes and an array of tools for detailed inspection and modification of assemblies.
[#]
A novel method eliminates the use of iframes for Browser In The Browser phishing attacks, utilizing Evilginx and a Shadow DOM technique to bypass Microsoft login framebusters.
[#]
The repository "pphack" by "edoardottt" contains an advanced tool for scanning client-side prototype pollution vulnerabilities, which can be installed via Go, customized with various flags, and utilized by inputting either single URLs or lists of URLs for security assessment.
[#]
GDBFuzz is a tool that uses hardware breakpoints in microcontrollers to improve fuzzing effectiveness, working with any GDB server and applicable to embedded systems as well as Linux user programs, with a wrapper allowing it to function on various applications.
[#]
A cybersecurity enthusiast reverse-engineered an ESP32-based smart home air purifier to remove its dependency on cloud services and integrated it with Home Assistant for local control.
[#]
The Diamond Model of Intrusion Analysis provides a framework for understanding the key elements of a cyber intrusion—adversary, infrastructure, capability, and victim—enabling security teams to better predict, analyze, and mitigate cyber threats.
[#]
The blog post explains how to use dynamic analysis and Frida, a popular hooking framework, to bypass advanced root detection techniques that some Android apps utilize to prevent execution on compromised devices.
[#]
Telegram Explorer (TEx) is a Python-based tool designed for researchers and investigators to collect, process, and monitor large volumes of data from various Telegram groups, with features such as group analytics, message scraping, media downloading, and integration with Elastic Search and image OCR using Tesseract.
[#]
The GitHub repository 'soxoj/telegram-similar-channels' contains a Python-based command-line interface and Maltego transform tool for searching similar Telegram channels, requiring user registration for a Telegram API ID and hash to function.
[#]
A categorized compilation of resources from the 2023 SANS OSINT Summit includes various tools for searching, extracting, and analyzing data on the web, digital forensics, legal and government records, and methods for bypassing paywall restrictions.
[#]
Motionity is an open-source web-based animation editor that combines elements of After Effects and Canva, offering features like keyframing, video trimming, and layer masking without the need for account creation.
[#]
Twikit is an unofficial Python library that interfaces with Twitter's internal API, enabling users to perform actions like creating tweets, searching tweets, and retrieving trends without needing an official API key, offered in both synchronous and asynchronous programming styles.
[#]
Marcus Hutchins outlines methods for bypassing user mode Endpoint Detection and Response (EDR) hooks, including EDR unhooking, manually mapping DLLs, direct syscalls, indirect syscalls, and call stack spoofing, emphasizing the continual relevance of syscall-based techniques in evading modern security measures.
[#]
The GitHub repository "yeswehack/vulnerable-code-snippets" provides various dockerized code snippets with intentional vulnerabilities for educational purposes in different programming languages, facilitating learning and practice in code analysis and cyber security.
[#]
The nim-shell repository provides a Reverse Shell tool coded in Nim language that claims the ability to circumvent Windows Defender and EDR detection, requiring the user to alter the listening IP address and port in the source code and compile it with Nim for execution.
[#]
Pantheon is a GUI tool developed by Josh Schiavone for discovering and viewing information about network cameras, which includes features like API crawling for camera data, geolocation mapping, and viewing unprotected live feeds, with ethical use strictly advised and installation steps available for various operating systems.
[#]
The content describes "pphack," a sophisticated tool for scanning client-side prototype pollution vulnerabilities, providing installation guidance, usage instructions, advanced flags, examples of usage, and invites contributions to the project under the MIT license.
[#]
MultiDump is a C-based tool for discreetly dumping and extracting LSASS memory, capable of evading Defender alerts, with a Python handler, supporting local and remote modes, and includes features for registry dumping and encryption.
# News
[#]
Lurie Children's Hospital in Chicago is operating with limited capabilities due to a cyberattack that has disrupted their systems, following a similar incident at nearby Saint Anthony Hospital linked to the LockBit ransomware group.
[#]
Researchers at Pen Test Partners discovered a vulnerability in the Airbus Flysmart+ Manager app that could allow attackers within Wi-Fi range to intercept and manipulate data crucial for pilots' takeoff and landing calculations, but the issue has been addressed within the typical aviation industry's update timeframe and no safety incidents have occurred due to existing validation procedures.
[#]
The cybercriminal group Patchwork is using romantic lures to trick users in Pakistan and India into downloading malware-infested Android apps, which are designed to steal personal data and intercept communications.
[#]
In 2023, ethically-motivated hackers uncovered 835 vulnerabilities on websites like the US Department of Defense and LinkedIn, earning $450,000 through bug bounty programs, reflecting the growing reliance on these partnerships to enhance cybersecurity.
[#]
Scammers impersonated a multinational company's CFO and staff using deepfake technology during a video call to deceive an employee into transferring $25.5 million to fraudulent accounts.
[#]
Over 1.1 million MESVision clients' data was exposed through a zero-day flaw in Progress Software's MOVEit Transfer, requiring immediate vulnerability patching and enhanced security measures.
[#]
The Pegasus spyware, developed by NSO Group, has been used to target and compromise the iPhones of journalists and activists in Jordan, with Access Now and Citizen Lab advising that activating Lockdown Mode can help prevent reinfections.
[#]
Cybersecurity researchers at Palo Alto Networks Unit 42 have reported a new variant of the Mispadu banking Trojan that is exploiting a patched vulnerability in Windows SmartScreen (CVE-2023-36025) to steal bank account credentials in Latin America.
[#]
Ripple co-founder Chris Larsen's personal XRP wallet was compromised, leading to a theft of $112 million of XRP, with most funds frozen and under investigation, highlighting the necessity for robust personal wallet security measures.
[#]
Pen Test Partners discovered a significant security flaw in the Airbus Flysmart+ Manager app, which allowed insecure server communication and potential data tampering but has since been addressed by Airbus with a fix confirmed in February 2023.
[#]
Palo Alto's Unit 42 discovered a sophisticated new variant of the Mispadu Stealer malware targeting Mexican users by bypassing Windows Defender SmartScreen warnings, and cybersecurity experts recommend staying informed and employing strong endpoint protection to defend against such evolving threats.
[#]
The FritzFrog P2P botnet, known for exploiting weak SSH credentials since January 2020, has evolved to leverage the Log4Shell vulnerability for spreading within compromised networks and employs the PwnKit flaw for privilege escalation.
[#]
Cybersecurity researchers have observed an advanced upgrade of HeadCrab malware, known for attacking Redis servers for cryptocurrency mining, which now uses fileless techniques to evade detection and has doubled its compromise of servers to 2,300 within a year.
[#]
An INTERPOL operation named Synergia, conducted from September to November 2023, involving 60 agencies across 55 countries, has resulted in the arrest of 31 individuals, identification of 70 suspects, and the takedown of over 1,300 malicious servers linked to various cybercrimes including phishing, ransomware, and banking malware.
[#]
Former CIA engineer Joshua Schulte received a 40-year sentence for leaking classified CIA documents to WikiLeaks and possessing child pornography.
[#]
Security researchers have analyzed the DiceLoader malware used by the cybercriminal group FIN7, highlighting its complex obfuscation techniques and inner mechanisms, which includes leveraging a PowerShell script for delivery, using linked lists and IoCompletionPorts for efficient process memory injection and inter-thread communications, and employing XOR operations for concealing communications and server configurations, with an escalated number of command and control servers indicating increased activity as of January 2024.
[#]
Over 2,000 Ukrainian computers have been infected by DirtyMoe malware, leading to cryptojacking and DDoS attacks, with the CERT-UA advising organizations to update systems, segment networks, and monitor traffic, while Shuckworm's ongoing phishing campaign targets military personnel using a PowerShell backdoor named SUBTLE-PAWS that also propagates through removable drives.
[#]
The U.S. Treasury has imposed sanctions on six Iranian officials from the IRGC-CEC connected to cyber attacks on critical infrastructure, including a water utility in Pennsylvania and systems in Israel and Europe, with Homeland Justice also targeting Albania's INSTAT.
[#]
Microsoft is experimenting with adding a 'sudo' command to Windows Server 2025 that will enable admins to elevate privileges for console applications, currently visible in a leaked preview build but restricted to developer mode and not fully functional yet.
[#]
A proof-of-concept tool has been released demonstrating a recently patched iOS kernel vulnerability, CVE-2024-23208, that allowed arbitrary code execution with kernel privileges, with Apple resolving the issue in the iOS and iPadOS 17.3 updates.
[#]
SIM swappers indicted for stealing $400 million in crypto, possibly exonerating Sam Bankman-Fried of this specific theft, while critical vulnerabilities and patch updates are announced for multiple tech products and systems.
[#]
ESET Research uncovers MoustachedBouncer, a cyberespionage group targeting foreign embassies in Belarus since 2014, using email and ISP-level attacks to install espionage-focused malware like NightClub and Disco, with countermeasures including end-to-end encrypted VPN use recommended.
[#]
ASEC has detailed the ongoing threat of the BlueShell malware targeting Linux systems in South Korea and Thailand, which is a Go language-developed backdoor with sophisticated evasion capabilities, and stressed the necessity of keeping systems up to date and using the latest version of antivirus software to prevent infections.
[#]
Europol has released the Cybercrime Training Competency Framework, a guide detailing essential skills for law enforcement in cybercrime investigation and digital evidence management, developed in collaboration with multiple European cybersecurity and judicial organizations.
[#]
A significant security issue was patched in runc 1.1.12, where a file descriptor leak allowed attackers to access the host filesystem and potentially gain full control of the host system; users should update to the patched version to prevent these container escape attacks.
