# Latest Podcast
# Description
Explore the HackTheBox Keeper box exploitation via default credentials and KeePass vulnerability (CVE-2022-32784) for SSH key access; delve into Windows Golang binaries analysis with gftrace; uncover time-based blind SQL injection in HTTP headers using SqliSniper with multi-threading and Discord alerts; learn Windows process injection via thread pools from SafeBreach Labs and Alon Leviev; assess system defenses with HardeningMeter's table/CSV outputs; enhance pen-testing with Rapid7's Metasploit for Fortra GoAnywhere MFT (CVE-2024-0204); boost XSS strategies with radhasec's 8000+ payload xss_payload repository; implement Proxy DLL Loading via 0xf00I's Rust tool; stay updated on password security with Lares Labs; access Appsec tools on Whitespots' GitLab; exploit Ivanti SSRF vulnerability (CVE-2024-21893); probe Docker hosts with DockerExploit; detect web malware with sussyfinder; terminate processes using Antonio Parata's 's4killer' and probmon.sys vulnerability; demonstrate Windows thread pools with fin3ss3g0d's NativeThreadpool; inject memory shells into WebLogic with MemshellKit (CVE-2017-10271); heed FBI's warning on global KV-botnet spread; beware of RustDoor macOS backdoor; secure networks against libuv's SSRF flaw (CVE-2024-24806); consider Canada's potential Flipper Zero ban; act on Fortinet's FortiOS RCE (CVE-2024-21762) and FortiSIEM flaws; watch for Trojan.MAC.RustDoor as Visual Studio update; defend against AndroxGh0st botnet with Imperva's indicators; shut down VexTrio's 70,000-site malware/phishing network; address Ivanti's authentication bypass (CVE-2024-22024); enhance defenses against SIM-swapping post-breach; respond to CU Solutions Group's data leak; avoid fake "Temu" domains; and tackle Ivanti's SSRF vulnerability as noted by the National Vulnerability Database.
# Tradecraft
[#]
The post details a step-by-step exploitation of the "Keeper" box on HackTheBox, which involves using default credentials to access a ticketing system, exploiting a vulnerability (CVE-2022-32784) in KeePass to retrieve a root SSH key, and converting it for root access to the target machine.
[#]
gftrace is a command-line tool for tracing Windows API calls in Golang binaries, relying on the asmstdcall function to log names, parameters, and return values without needing to hook APIs or have signatures.
[#]
SqliSniper is a Python-based tool used for detecting time-based blind SQL injection vulnerabilities in HTTP headers, offering features like multi-threaded scanning, Discord notifications, false positive checks, and the ability to customize payloads and headers.
[#]
The written piece details a method for process injection in Windows systems by manipulating thread pools, crediting SafeBreach Labs and Alon Leviev for the original research on this technique.
[#]
HardeningMeter is a Python-based open-source tool for evaluating the security hardening of binaries and systems, which checks for protection mechanisms and outputs results in table or CSV format.
[#]
Rapid7's latest Metasploit release features a critical exploit for Fortra GoAnywhere MFT's CVE-2024-0204 and other significant updates and fixes, enhancing toolsets for penetration testing, vulnerability management, and security automation.
[#]
The repository 'radhasec/xss_payload' contains over 8000 XSS payloads collected by Abhishek Meena, intended to assist bug bounty hunters in identifying and exploiting cross-site scripting vulnerabilities.
[#]
The repository "0xf00I/DLLProxying-rs" contains a Rust-based implementation for Proxy DLL Loading, a technique used to intercept API calls and can serve various purposes such as application persistence, ETW/ETI stack tracing evasion, or the injection of C# implants into a process.
[#]
The article outlines a comprehensive analysis of password security trends based on a dataset of cracked passwords, revealing widespread password reuse, common weak passwords, industry patterns, and offers insights into creating stronger passwords with a focus on password length, unique generation, and the use of password managers.
[#]
The GitHub repository "DockerExploit" provides a Python-based tool for scanning and exploiting Docker hosts via the Docker Remote API, promoting security research and vulnerability testing with strict educational and ethical guidelines.
[#]
The 'sussyfinder' is a compact PHP scanner designed for identifying web-based malware, backdoors, and webshells, utilizing token and hash comparison to filter out obfuscations and providing a web interface for easy result interpretation and management.
[#]
The NativeThreadpool repository by fin3ss3g0d provides a demonstration of how to implement a thread pool utilizing native Windows APIs for executing work and timer callbacks in C.
[#]
The MemshellKit is a Java-based tool designed for the injection of customizable memory shells into various frameworks, notably incorporating an injector for the CVE-2017-10271 vulnerability within the WebLogic server environment.
# News
[#]
Insurance companies Washington National and Bankers Life suffered data breaches due to SIM-swapping attacks, affecting over 66,000 customers, with ongoing investigations and advice to use authentication apps and additional security measures for protection against similar incidents.
[#]
A new malware network called KV-botnet infects SOHO devices worldwide, prompting a takedown operation by the FBI, while cybersecurity teams adapt to its evolving tactics and resilience.
[#]
Bitdefender researchers have identified a new macOS backdoor called RustDoor, which is likely associated with the Black Basta and Alphv/BlackCat ransomware groups, and is capable of file exfiltration and running on both Intel and Arm architectures.
[#]
A critical SSRF vulnerability, CVE-2024-24806, found in the 'uv_getaddrinfo' function of the libuv library, leading to potential exposure of internal APIs and information, has been rectified in version v1.48.0.
[#]
Canada is set to ban the Flipper Zero device due to its use in car thefts, although the manufacturer asserts it cannot hijack cars made after the 1990s and is intended for legitimate security testing purposes.
[#]
CISA has verified that a critical remote code execution vulnerability in Fortinet's FortiOS (CVE-2024-21762), remedied by Fortinet and necessitating the deactivation of SSL VPN to mitigate risk if updates can't be applied promptly, is being actively exploited, alongside two additional FortiSIEM flaws (CVE-2024-23108, CVE-2024-23109) linked to a previously addressed issue.
[#]
A new macOS malware, dubbed Trojan.MAC.RustDoor and potentially linked to the ALPHV ransomware family, masquerades as a Visual Studio code editor update to steal data, requiring users to be cautious of unsolicited software updates.
[#]
Imperva's research identifies new compromise indicators for the AndroxGh0st botnet, targeting vulnerabilities in various applications, with recommendations for regular patching and updates as a defense measure.
[#]
Researchers have unveiled VexTrio, a network leveraging over 70,000 compromised websites to distribute malware and phishing attacks since at least 2017, with Check Point and Infoblox providing indicators of compromise for IT environments to detect and counteract this threat.
[#]
Ivanti has not credited watchTowr for uncovering CVE-2024-22024 in its security products, and admins are advised to apply the January 31 mitigation and perform a device factory reset for protection as a full patch schedule completion has been delayed, with no current active exploits reported for this high-severity authentication bypass flaw.
[#]
A misconfiguration in CU Solutions Group's cloud database led to the exposure of over 3 million records including sensitive client data and plaintext passwords, which was responsibly disclosed and secured on the same day, highlighting the importance of proper database management and robust cybersecurity measures.
[#]
Scammers have registered over 800 bogus "Temu" domains in the past three months to deceive consumers into revealing credentials via phishing emails disguised as Temu giveaways; consumers should verify sender addresses and avoid suspicious links to prevent credential theft.
[#]
The National Vulnerability Database reports a high-severity server-side request forgery vulnerability in various Ivanti products, requiring immediate application of vendor-specified mitigations or discontinuation of product use.
