# Latest Podcast
# Description
Explore Ligolo-Ng as an alternative for network pivoting without SOCKS, contrasting it with Chisel, and delve into its setup in a step-by-step guide. Understand Active Directory attributes and their exploitation, along with defense tactics for Windows security. Update Ivanti Connect Secure to patch a critical XXE vulnerability. Check out a demonstrated BYOVD attack using a Minifilter Driver to halt processes and access its code on GitHub. Decode Cobalt Strike payloads and extract C2 server details from a concise method posted on Reddit. Prevent command injection on NETGEAR WAN by adjusting SSL certificate checks and device time settings to avoid manipulated cron jobs. Consider JSON Smuggling to improve intrusion detection evasion techniques by encoding payloads cleverly. Utilize CloudMiner to run code on Azure Automation service cost-free, meant for responsible educational use. Assess the new Windows sudo command limits and security risks connected to its UAC privileges and RPC server. Protect C2 and phishing ventures with BounceBack, a reverse proxy with extensive filtering options. Unlock STM8-based device firmware using voltage glitches, timers, and scripts, avoiding pricey tools. Quickly apply patches to FortiOS SSL-VPN to close off a severe out-of-bounds write vulnerability. Evaluate honeypot strengths and weaknesses using Honeyscanner. Confirm secure setup of Microsoft 365 with ScubaGear, a tool from CISA. Experience MinDNS, a capable DNS server built in Rust, offering various services under an MIT license. Follow a comprehensive penetration testing guide based on OWASP with real-world examples. Reclaim lost cameras via stolencamerafinder using photo EXIF data.
# Tradecraft
[#]
A detailed guide on Ligolo-Ng covers lateral network movement using reverse TCP/TLS connections to establish tunnels without SOCKS for single and double network pivoting, contrasting its features with Chisel and providing a step-by-step setup and execution process.
[#]
The article provides detailed Active Directory attributes and their exploitation techniques, alongside mitigation strategies to enhance security in Windows environments.
[#]
Ivanti Connect Secure detection config. As Ivanti has a high severity XXE vulnerability that can be exploited to access sensitive data or execute code remotely, and users should apply Ivanti's latest security updates to mitigate this risk.
[#]
A cybersecurity researcher demonstrated the exploitation of a vulnerable signed Minifilter Driver (probmon.sys) for BYOVD attacks, allowing kernel-level termination of a specific process, with the source code available on GitHub.
[#]
A short video showing how to decode a Cobalt Strike shellcode loader with CyberChef and Emulation.
[#]
A command injection vulnerability in NETGEAR WAN interface allows an attacker-controlled server to execute arbitrary commands on the device by manipulating SSL certificate validation and device time settings to trigger a cron job within a specific timeframe.
[#]
Insignificant whitespaces in the JSON standard can be used to encode data without breaking the format. This could aid malicious actors in covert lateral movement or data exfiltration.
[#]
The recently introduced sudo command on Windows only provides elevated privileges via UAC without supporting policies for controlled access, and features an RPC server that lacks proper security configurations, potentially allowing any user to execute elevated commands.
[#]
BounceBack is a reverse proxy tool designed to protect C2 and phishing operations from detection by analyzing and filtering traffic based on a wide range of customizable parameters including IP geolocation and time-based access controls.
[#]
In a project to reverse engineer STM8-based devices' firmware without expensive tools, Jarrett used a simple system employing two 555 timer chips to induce voltage glitches that bypass flash memory readout protection, controlled by adjustable potentiometers, and iteratively refined the process in conjunction with a Python script and STLink V2 programmer until successful firmware dumping was achieved.
[#]
Fortinet has advised immediate patching of FortiOS SSL-VPN due to a critical out-of-bounds write vulnerability, tracked as CVE-2024-21762 with a CVSS score of 9.6, which could allow remote unauthenticated attackers to execute arbitrary code via crafted HTTP requests, and using versions 7.4.3, 7.2.7, 7.0.14, 6.4.15, 6.2.16 or migrating from 6.0 will mitigate the issue.
[#]
Honeyscanner is a tool that tests honeypots for vulnerabilities by simulating cyber attacks and suggesting security improvements based on its analysis.
[#]
ScubaGear, developed by CISA, is a tool for verifying the secure configuration of Microsoft 365 environments against established baseline policies, with additional support for handling exceptions, automated non-interactive assessments, and reporting through various PowerShell commands and OPA policies.
[#]
MinDNS is a high-performance, asynchronous DNS server written in Rust, enabling features such as DNS over UDP/TCP, domain blocking, custom DNS records, logging, and DNS server mirroring, all under an MIT license.
[#]
The repository Voorivex/pentest-guide on GitHub provides an organized guide for penetration testing following the OWASP framework and includes additional test cases, resources, and examples for conducting various security assessments.
[#]
Stolencamerafinder is a website that uses EXIF metadata serial numbers from photographs to locate other images taken with the same camera, intended to help users find lost or stolen cameras, with enhanced search options available for Pro users, but requiring original images and browser support from Chrome or Firefox.
[#]
TinEye provides reverse image search services and image recognition products that enable users to locate online instances of specific images for purposes such as content moderation, fraud detection, labeling, copyright compliance, and color searching, as well as offering consulting expertise in computer vision and large-scale image search challenges.
[#]
A Python script named yesitsme is designed to assist in OSINT investigations by searching for Instagram profiles using a person's name, email, or phone number via the indexing capabilities of dumpor.com.
[#]
The content covers a range of topics from introductory to advanced data science and big data analytics using Python and Apache Spark, including deep learning, machine learning for healthcare, ethical considerations in robotics, and includes resources like cheat sheets, university assignments, and certification preparation for AWS and Google Cloud.
[#]
DOUGLAS-042 is a PowerShell script designed to accelerate threat hunting and incident response by collecting key evidence from forensic and volatile data within Windows systems, automating the process and saving results with the machine's hostname for efficient forensic analysis.
[#]
A repository on GitHub titled "OSINT-for-countries" is a curated list of tools, links, and methodologies for conducting open-source intelligence specific to individual countries and regions, open for contributions through pull requests by the cyber security community.
[#]
A GitHub repository titled 'voip-caller' by user iveresk provides code to exploit a vulnerability on VoIP devices through port 5060 to make calls with a predetermined message, with a Docker option available for widespread application.
[#]
Scribd.VPDFS.com is an online tool that allows users to download documents from Scribd using various methods including direct website entry, URL modification, and a Telegram bot, with current support including documents, presentations, and a beta test for books and audiobooks.
# News
[#]
U.S. law enforcement action disrupted the operation of the KV-botnet, a network of compromised routers by China-sponsored hackers, leading to its operators restructuring their tactics, as defenders are advised to patch and monitor devices to mitigate such threats.
[#]
HijackLoader, a loader malware, has updated its defense evasion with new techniques increasing stealth, as researchers reveal its use in delivering multiple payloads via phishing, making it a more dangerous and elusive threat to cybersecurity.
[#]
A Saudi Arabian Islamic charity organization was infiltrated by a sophisticated cyber espionage campaign using a novel backdoor named Zardoor, which exfiltrates data and establishes command-and-control using living-off-the-land binaries and open-source tools, with Cisco Talos revealing the operation that possibly began in March 2021.
[#]
Google has initiated a pilot program in Singapore to curtail the sideloading of Android apps that misuse permissions for financial fraud, with those attempts being thwarted by Google Play Protect which displays a warning message, while Apple reinforces its iOS app security policies in the EU under the new DMA regulations.
[#]
Chinese state-sponsored hackers dubbed Volt Typhoon infiltrated U.S. critical infrastructure for five years using advanced stealth techniques to maintain persistent, undetected access, with government agencies advising improved security measures and vigilance to counteract such prolonged threat campaigns.
[#]
A new HijackLoader malware variant uses process hollowing and delayed assembly tactics to evade detection, highlighting the need for security teams to adopt advanced tools and strategies beyond signature-based antivirus products.
[#]
A North Korea-linked hacking group, Kimsuky, is reportedly deploying new Golang-based malware, 'Troll Stealer' and a backdoor named 'GoBear,' aimed at stealing sensitive information and certificates from South Korean targets, with both using stolen legitimate certificates for concealment.
[#]
Fortinet has released updates to address a critical zero-day remote code execution vulnerability in multiple versions of FortiOS, and users of affected versions are advised to apply the patches or upgrade, while also being cautioned about two older unpatched vulnerabilities exploited by APTs.
[#]
ClamAV antivirus has a critical vulnerability, CVE-2024-20328, which can be exploited without user interaction using a crafted file name to execute arbitrary code, and users should update to patched versions 1.2.2 or 1.0.5 to mitigate the risk.
[#]
A new variant of MoqHao Android malware automatically starts malicious activities without user interaction, using sophisticated smishing and fraudulent Pinterest links to infect devices and prompting for risky permissions, while Google works on future Android mitigations and cybersecurity firm QiAnXin reports a separate botnet threat from the Bigpanzi group targeting smart TVs and set-top boxes in Brazil.
[#]
Fortinet has made public a critical vulnerability in its SSL VPN on FortiOS, marked CVE-2024-21762, which is likely exploited in active attacks and can be mitigated by upgrading to versions not affected by this flaw.
[#]
Bitdefender has identified a new malware targeting Mac users, named Trojan.MAC.RustDoor, which disguises itself as a Visual Studio update and possesses the ability to perform various malicious activities, including file manipulation and system reconnaissance, requiring users and cybersecurity professionals to update their defense strategies.
[#]
The Black Basta ransomware group claimed responsibility for a cyberattack on Hyundai Motor Europe, allegedly stealing three terabytes of data from various company departments.
[#]
A critical vulnerability in FortiOS fgfmd daemon, CVE-2024-23113, allows remote code execution and requires users to upgrade to versions 7.4.3, 7.2.7, or 7.0.14 and above, or to restrict fgfm access as a temporary mitigation.
[#]
Fortinet reports an actively exploited critical remote code execution vulnerability, CVE-2024-21762, in FortiOS SSL VPN, recommending immediate upgrade to patched versions or disabling SSL VPN as a workaround.
[#]
SonicWall's SonicOS firmware version 7.1.1-7040 contains a high-severity authentication vulnerability, CVE-2024-22394, which could allow remote attackers to bypass authentication; affected organizations should update their devices promptly to mitigate this risk.
[#]
Check Point Research reveals the continued threat of old CVEs in Microsoft Word and Excel as more than 13,000 malware samples from 2023 exploit these vulnerabilities, evading detection through sophisticated methods, with finance, government, and healthcare sectors as primary targets, highlighting the necessity for vigilant software updates and cybersecurity training.
[#]
The Reserve Bank of India is enhancing its digital currency with programmability for targeted transactions and offline capabilities to operate in areas with poor internet service, complemented by plans for a framework to bolster digital payment authentication methods.
[#]
Ivanti Connect Secure's recent patch inadvertently introduced a higher impact bug, CVE-2024-22024, allowing for a basic Out-of-Bounds XML External Entity injection that can be verified using a specific Nuclei template without enabling widespread exploitation.
[#]
Pig butchering scams involve manipulating victims through fake romances and cryptocurrency investments, with scammers using Tether to transfer funds, which despite evidence, companies like Tether and major exchanges often fail to freeze, facilitating large-scale fraud and money laundering.
[#]
Researchers have identified a sophisticated new banking Trojan called "Coyote" targeting 61 Brazilian banking apps, utilizing Squirrel and the Nim programming language for evasion and potential to evolve into a wider threat, with Brazilian malware developers historically known to expand attacks globally.
[#]
The LectureNotes Learning App exposed over 2.1 million users' data due to a misconfigured MongoDB database, revealing sensitive information, which has been rectified, while other reports discuss breaches affecting French healthcare firms and a cyberattack on a California union as well as a SIM swapping attack on US insurers.
[#]
Two U.S. insurers, Bankers Life and Casualty Company and Washington National Insurance Company, reported a data breach affecting over 66,000 customers due to a SIM swapping attack, and Rebecca Moody recommends using secure authentication apps to prevent such attacks.
[#]
Microsoft has fixed a compatibility issue in Windows 11 23H2 that caused desktop icons to erratically move on systems using Windows Copilot with multiple monitors, with no longer any block on updates for those systems.
[#]
Cisco Talos researchers uncovered the Zardoor backdoor, a sophisticated malware framework utilized in espionage against Islamic non-profits, leveraging customized reverse proxy tools and living-off-the-land binaries for long-term infiltration and evasion.
[#]
The FBI advocates for the extension of Section 702 FISA powers to deter Chinese cyber threats without warrants, while critics and potential legislative reforms call for heightened privacy protections including warrant requirements for American data queries.
[#]
A critical vulnerability, CVE-2024-24821 with a CVSS score of 8.8, has been identified in the Composer PHP tool that could allow code execution and privilege escalation; users should upgrade to Composer versions 2.7.0 or 2.2.23 to mitigate the issue.
[#]
Group-IB has uncovered a cybercrime gang called ResumeLooters that used SQL injection and XSS attacks to pilfer personal data from job boards and e-commerce sites across Asia, amassing over two million emails and other personal details, with the majority of targets located in the APAC region.
[#]
The United States government has increased a bounty up to $15 million for information on Hive ransomware operators after a successful FBI operation that disrupted the gang's activities and provided decryption keys to save potential victim payouts.
[#]
The Israeli Defense Forces have been inadvertently revealing soldier locations in Gaza due to improper Operation Security practices, sparking a directive for more rigorous adherence to guidelines to prevent such sensitive information leaks.
