# Latest Podcast
# Description
Today, Ken Shirriff explains how a 1950s device calculated flight data without a computer. IMDSpoof tricks hackers into attacking a fake system to protect AWS. Learn to find and stop cyber threats with tools like Censys. Enhance Cobalt Strike to hide from security systems. Use GoBuster to find hidden website parts. Learn to hide malware in Excel with XLL dropper. DarkWidow helps hackers take control of Windows systems secretly.
# Tradecraft
[#]
Ken Shirriff's blog post details the reverse-engineering process of the Mach section in a 1950s Bendix mechanical air data computer, which calculated flight data from pressure inputs using analog gears, cams, and differentials.
[#]
Discover and track malicious cyber infrastructure by building specific queries using indicators such as TLS certificate details, server header information, HTTP response data, JA3 hashes, and port configurations, employing tools like regular expressions and services like Censys, and refining searches with ASN details and file names in open directories to proactively block threats and gather intelligence.
[#]
A detailed description on enhancing Cobalt Strike EDR evasion techniques, using options like sleep_mask, stack spoofing, and bytecode alteration to create undetected payloads.
[#]
The content details the creation of an XLL dropper, a type of malware that hackers use to deliver malicious software via Microsoft Excel plugins, by embedding payloads into seemingly innocuous files.
[#]
DarkWidow is a Windows-targeted post-exploitation tool with capabilities for indirect dynamic syscalls, remote process injection, and various evasion techniques such as API hashing, PPID spoofing, and event log disabling when admin privileges are available.
# News
[#]
ExpressVPN patched a bug that leaked DNS requests when Windows users enabled split tunneling, and advises to update to version 12.73.0 or disable the feature as a workaround.
[#]
A high-severity type confusion vulnerability in Google Chrome's V8 engine, identified as CVE-2022-4262, was patched on December 2, 2022, with both a Google update and a detailed PoC available on GitHub, emphasizing the need for users to update their software promptly.
[#]
The U.S. Justice Department has taken down the Warzone RAT's infrastructure and arrested two operatives for their role in the malware distribution and support.
[#]
CISA has added the Fortinet FortiOS vulnerability CVE-2024-21762 to its Known Exploited Vulnerabilities catalog, and federal agencies are required to patch this critical remote code execution security flaw by February 16, 2024.
[#]
Pen Test Partners discovered a security vulnerability in Livall smart helmets, which could leak user audio and location data; Livall has since updated their app with stronger security after being notified.
[#]
CYFIRMA's research team has uncovered a Russian-origin Drainer-as-a-Service operation utilizing Cloudflare and Freenom for ease of launching phishing sites, promoting its widespread and simple use among attackers for stealing cryptocurrency, and the researchers recommend developing incident response plans, vetting third-party vendors, enforcing multi-factor authentication, and engaging in real-time monitoring to mitigate this threat.
