# Latest Podcast
# Description
The AWS cryptography guide from trailofbits.com emphasizes the importance of selecting the right cloud security tools for data encryption, key management, and handling sensitive information, highlighting AWS services like KMS, CloudHSM, and encryption SDKs. Ken Shirriff's exploration at righto.com into the Bendix Central Air Data Computer reveals the intricate workings of military aircraft's electromechanical components. A significant breakthrough is documented at smlx.dev, where a researcher successfully reverse-engineered GoodWe's solar inverter protocol, identifying security vulnerabilities and developing a secure data gathering method. The HackTheBox guide on gitlab.io offers strategies for exploiting vulnerabilities such as IDOR, SQL injection, and buffer overflow. GitHub hosts the "Apanazar/camstalker" repository, a project aimed at searching random YouTube videos, and another repository offering strategies for cyber-attack analysis. Gitbook.io provides a list of FININT investigation tools, while soroush.me discusses the mitigation of risks associated with disabling ASP.NET ViewState MAC validation. Br0k3nlab.com introduces "Living off the False Positive," a resource for identifying cybersecurity detection weaknesses, and github.com features the Email2WhatsApp OSINT tool, an exploitation tool for Confluence servers, and SecretPixel, a steganography tool. Further contributions include Netlas.io's search strings for finding vulnerable devices, Snoop's and HackBrowserData's latest updates, TorBot for Tor network data analysis, MetaRadar for privacy-respecting Bluetooth scanning, Impacket for remote hash extraction, an analysis of ISFB malware, eHIDS for intrusion detection, AWS-SG-Analyzer for security group auditing, ZLUDA for running CUDA applications on AMD GPUs, Quickemu for creating virtual machines, Hiado for Azure DevOps permissions enumeration, a POC exploit for a libgcrypt vulnerability, a fuzzer integrating the Bochs emulator, a script for generating Active Directory change reports, and FullBypass for circumventing AMSI and PowerShell CLM restrictions. Each article contributes valuable insights into their respective fields, from security and encryption to software development and intrusion detection.
# Tradecraft
[#]
This AWS cryptography guide informs on how to select appropriate cloud security tools for data encryption, key management, and sensitive information handling, introducing services like KMS, CloudHSM, and encryption SDKs, while addressing specific user cases and potential pitfalls.
[#]
Ken Shirriff's blog post details the disassembly and workings of the Bendix Central Air Data Computer's servomotor/tachometer, unveiling electromechanical analog components essential for military aircraft air data calculations.
[#]
A researcher reverse-engineered GoodWe's solar inverter encrypted protocol to monitor metrics locally, discovering significant security flaws in the process and ultimately developing a method to intercept and securely gather data using a Prometheus exporter.
[#]
A HackTheBox guide details exploiting various vulnerabilities, such as IDOR, SQL injection, and buffer overflow, coupled with reverse-engineering and password cracking techniques, to gain elevated access on a simulated target.
[#]
The repository "Apanazar/camstalker" is a public fork of "thedmdim/ytstalker.fun," which is a project for searching random YouTube videos and is licensed under GPL-3.0, with its main languages being Go, HTML, CSS, JavaScript, and Dockerfile.
[#]
The repository contains diverse strategies for analyzing and combating cyber-attacks, alongside fresh insights on security breaches, catering to various roles such as security operations, threat hunting, and incident response.
[#]
The blog post provides a comprehensive list of online tools and resources for conducting financial intelligence (FININT) investigations, including databases for tracking non-profit financing, exploring blockchain transactions, monitoring public employee salaries, and querying financial industry professionals' backgrounds.
[#]
When ASP.NET ViewState MAC validation is disabled, attackers can forge ViewState data to perform remote code execution, but enabling MAC validation, encrypting sensitive parameters, and using ViewStateUserKey property for CSRF protection can mitigate such risks.
[#]
The provided text is an introduction to "Living off the False Positive," a resource that supplies an autogeneratred collection of false positives from popular cybersecurity rule sets, aimed at aiding both red and blue teams in identifying and mitigating weak spots in detection logic and rule creation for improved security measures.
[#]
Email2WhatsApp is a GoLang OSINT tool that allows investigators to find WhatsApp numbers linked to email addresses by querying various databases and employing techniques like brute force, with installation instructions and usage scenarios provided for effective digital investigations.
[#]
An exploitation tool designed by D. Sanjai Kumar is available on GitHub to leverage a Remote Code Execution (RCE) vulnerability in Confluence servers, identified as CVE-2023-22527, with clear instructions for use and a warning to employ it ethically.
[#]
SecretPixel is a steganography tool using AES-256 and RSA encryption to hide compressed data within images via a seeded Least Significant Bit technique, ensuring secure and undetectable embeddings.
[#]
This document provides search strings, known as dorks, for the Netlas.io search engine to find a variety of potentially vulnerable internet-connected devices and services, sorted by categories like IoT devices, webcams, remote access services, and more, which security professionals can use for penetration testing and vulnerability assessment.
[#]
The GitHub release note for Snoop version 1.4.0, dated 2nd January 2024, informs users of potential errors when opening downloaded archives in some operating systems, advising them to use their file explorer instead and providing suggestions for compatible GUI programs for unpacking RAR archives across various platforms.
[#]
The release notes for HackBrowserData v0.4.5 detail feature additions such as support for multiple browsers and export options, bug fixes for error handling, and code optimizations for project structure and output formatting.
[#]
TorBot is an open-source intelligence tool that can crawl, analyze, and visualize data from Tor network sites, with features to save results and configure proxy settings.
[#]
The MetaRadar app is an offline, privacy-respecting tool for Android that scans Bluetooth environments, filters devices with logical operations, and maps device movement without sharing personal data.
[#]
A new pull request on the Impacket repository details a method for extracting hashes from Windows registry hives remotely without writing to the disk, utilizing WriteDACL privileges and introducing flags for inline extraction and NTDS avoidance to streamline the process.
[#]
An analysis of the ISFB malware's first loader details its evolution from a basic information stealer to complex banking malware, reveals its self-injection method using various APIs for process memory allocation, and outlines the steps taken to reverse engineer and decrypt its configuration using dynamic values and a Python script for automation.
[#]
The GitHub repository "Malware-Research/Resources" provides a collection of tools, tutorials, and links organized by the malware research community to assist in tasks such as finding malware samples, learning reverse engineering, setting up analysis labs, and understanding various cyber attack strategies.
[#]
eHIDS is a Linux Host-based Intrusion Detection System that utilizes eBPF for capturing TCP/UDP network data, DNS requests, process activities, and supports Java RASP command execution monitoring, offering a Go framework for easier implementation of these security monitoring features.
[#]
The AWS-SG-Analyzer is a Python tool for auditing AWS Security Groups, identifying unused or risky configurations, and uses port scanning to validate rules against EC2 instances, which enhances cloud infrastructure security and compliance.
[#]
ZLUDA is a tool that allows unmodified CUDA applications to run on AMD GPUs with near-native performance, offering a practical solution for those looking to utilize AMD hardware for CUDA workloads, albeit with some limitations and known issues detailed on its GitHub repository.
[#]
Quickemu is a tool that simplifies the creation and running of optimized virtual machines for various operating systems, including Windows, macOS, and Linux, without requiring elevated permissions.
[#]
The repository "MLGRadish/CVE-2021-3345" contains a proof of concept (POC) exploit for a vulnerability in libgcrypt version 1.9.0, with instructions on how to build the vulnerable version and how to execute the exploit.
[#]
A fuzzer is being developed that integrates the Bochs emulator into itself for sandboxed syscall handling, enabling snapshot fuzzing of complex targets by intercepting syscalls and managing execution state transitions securely.
[#]
The provided script generates an HTML report detailing recent changes within Active Directory, including newly created, modified, or deleted objects, by querying the AD DS domain controller and grouping the results accordingly.
[#]
The FullBypass tool on GitHub provides a method to circumvent AMSI and PowerShell CLM restrictions, offering a FullLanguage PowerShell reverse shell by using memory hijacking techniques to alter the AmsiScanBuffer function.
# News
[#]
Google Chrome is implementing a "Private Network Access protections" feature to prevent public websites from exploiting vulnerabilities in users' internal network devices by verifying connectivity requests using CORS-preflight requests and potentially blocking them.
[#]
A critical vulnerability (CVE-2023-32484, CVSS 9.8) in Dell EMC Enterprise SONiC software allows remote attackers to bypass authentication, execute commands, and escalate privileges, with a solution to upgrade to patched versions 3.5.5, 4.0.0, or 4.1.1 immediately.
[#]
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) alerts that the Akira Ransomware group is exploiting the Cisco ASA/FTD bug CVE-2020-3259, advising federal agencies to patch by March 7, 2024 to prevent data compromise from memory extraction attacks.
[#]
The blog post details attack techniques targeting Okta, an identity management service, emphasizing the importance of understanding Okta's components and configuration to mitigate potential security risks posed by privilege escalation through misconfigured Role-Based Access Control.
[#]
SpyNote, a Remote Access Trojan targeting Android devices, now abuses Accessibility APIs to hijack crypto wallets by replacing user transaction details with attacker's wallet addresses, prompting caution for users when granting Accessibility API permissions to apps.
[#]
The RansomHouse Group, using a tool named "MrAgent," targets VMware ESXi servers for ransomware attacks, and security teams should prioritize protecting this infrastructure with EDR solutions and hardening tactics.
[#]
Wyze Labs is probing a potential security vulnerability following an AWS connectivity issue that caused service outages, and customers have reported seeing others' camera thumbnails in the app, with Wyze forcing a logout for users to reset tokens as a precaution.
[#]
Google has released Magika, an AI model for accurately identifying file types to bolster cybersecurity, and has launched an AI Cyber Defense Initiative to collaborate with startups and fund security research at academic institutions.
[#]
The ALPHV ransomware group, previously known as DarkSide and BlackMatter, claimed responsibility for breaches at Prudential Financial and loanDepot, with the FBI offering rewards for information leading to their identification after the group's involvement in over 60 attacks globally and estimated $300 million in ransom collections.
[#]
An investigation into a 1979 anthrax outbreak in Sverdlovsk, USSR, conducted by international researchers using OSINT methods, disproves the official Soviet narrative of infected livestock, pinpointing a military facility as the source.
[#]
RansomLook is a monitoring platform that tracks ransomware group activity across multiple online relays and mirrors, reporting on their postings and providing tools for data indexing.
[#]
Proofpoint reports an ongoing cloud attack campaign targeting Microsoft Azure users with phishing and account takeover methods, using specific Linux user-agent strings and multiple source domains for malicious activities, and advises immediate credential changes and monitoring for these indicators to mitigate threats.
[#]
The Gazprombank Investments application is an online service for stock market investing, offering a variety of tools such as stocks, bonds, and currencies, with features like remote account opening via verified Gosuslugi account or passport and tax ID, with a recent update for improved stability.
