# Latest Podcast
# Description
Today in tradecraft, Sahil Ahamad outlines a web application security reconnaissance strategy, focusing on finding data storage and other assets. Shriyans Sudhi introduces a method for generating subdomain wordlists for cybersecurity analysis. Daniel Grzelak highlights AWS metadata enumeration techniques and security practices. Asbawy presents a strategy for identifying and exploiting a critical RCE vulnerability. Techniques for discovering and exploiting GraphQL and SQL injection vulnerabilities are detailed. SQLMap tamper scripts are explained as methods to bypass web application firewalls. An article describes using httpx and dig for subdomain takeover scenarios. A video explains the creation of shellcode for educational purposes. A Python script for exploiting a vulnerability in ConnectWise ScreenConnect is shared. Lastly, 'github-secrets' reveals hidden or removed GitHub commits, uncovering potentially sensitive data.
And in the news, critical security issues include an authentication bypass vulnerability in ConnectWise ScreenConnect, requiring immediate updates. Two individuals were convicted for mail fraud involving counterfeit iPhones. Apple enhances iMessage encryption with PQ3 to combat future quantum attacks. GDPR impacts lead to significant data storage and processing reductions in Europe. A scam with a fake Exodus cryptocurrency wallet resulted in substantial Bitcoin theft. North Korean group Lazarus targets security researchers via LinkedIn. Dancho Danchev exposes LockBit ransomware associate. Cado Security identifies a malware campaign, Commando Cat, targeting Docker APIs. An SQL Injection vulnerability was found in the AI ChatBot plugin for WordPress. Lastly, Cyble reports on the CriminalMW Group's evolution of Android banking trojans in Brazil.
And in the news, critical security issues include an authentication bypass vulnerability in ConnectWise ScreenConnect, requiring immediate updates. Two individuals were convicted for mail fraud involving counterfeit iPhones. Apple enhances iMessage encryption with PQ3 to combat future quantum attacks. GDPR impacts lead to significant data storage and processing reductions in Europe. A scam with a fake Exodus cryptocurrency wallet resulted in substantial Bitcoin theft. North Korean group Lazarus targets security researchers via LinkedIn. Dancho Danchev exposes LockBit ransomware associate. Cado Security identifies a malware campaign, Commando Cat, targeting Docker APIs. An SQL Injection vulnerability was found in the AI ChatBot plugin for WordPress. Lastly, Cyble reports on the CriminalMW Group's evolution of Android banking trojans in Brazil.
# Tradecraft
[#]
Sahil Ahamad details a comprehensive reconnaissance strategy for web application security, including tool modifications, visual recon methods, and approaches to finding data storage buckets and other assets for more successful security testing.
[#]
Shriyans Sudhi developed a process for creating a wordlist of subdomains from various companies by extracting them from a dataset, and then cleaning and organizing the data to form different useful wordlists for cybersecurity purposes.
[#]
Security researcher Daniel Grzelak demonstrates how AWS metadata, including account IDs and resource tags, can be enumerated using conditional policy keys, advising to avoid storing sensitive data in tags, to use separate accounts for publishing resources, and to restrict unauthorized account access in policies.
[#]
An article by Asbawy details a method of identifying and exploiting a critical RCE vulnerability using Shodan search filters and a custom automation script available on GitHub.
[#]
The article provides instruction on discovering and exploiting GraphQL endpoints and SQL injection vulnerabilities, covering methodology from confirming endpoint presence to extracting database information using tools or manual query construction.
[#]
SQLMap tamper scripts can modify SQL queries to bypass web application firewalls and filters by employing various techniques such as encoding, comment injection, and logical substitutions.
[#]
The article outlines a process using httpx and dig to identify and exploit subdomain takeover vulnerabilities, particularly illustrating this by taking over an unclaimed subdomain hosted on Google Cloud Platform and connected with Leadpages services.
[#]
The video provides an overview of shellcode, an essential component for exploiting software vulnerabilities, and guides viewers through the creation of two shellcode injection malware components for educational purposes.
[#]
A Python script designed to exploit a vulnerability in ConnectWise ScreenConnect that enables unauthorized user addition by bypassing authentication has been published on GitHub.
[#]
A tool called 'github-secrets' has been developed to identify and reveal commits on GitHub that are not visible in the public git history, including those removed via force-push, potentially exposing sensitive data not intended for public release.
# News
[#]
A critical authentication bypass vulnerability in ConnectWise ScreenConnect (versions 23.9.7 and earlier) has been exploited, with attackers potentially able to control the server; users should update immediately to version 23.9.8 and check for indicators of compromise to secure their systems.
[#]
Two individuals were convicted for committing mail fraud by sending over 5,000 counterfeit iPhones to Apple, exploiting the warranty replacement program for financial gain, with both facing up to 20 years in prison.
[#]
Apple is enhancing iMessage's encryption with PQ3, a protocol designed to protect against potential future quantum computer attacks, by using post-quantum cryptography in key establishment and ongoing rekeying, ensuring even if device cryptographic state is compromised, message keys remain secure.
[#]
Recent economic research indicates that the GDPR has caused European companies to reduce data storage by 26% and data processing by 15%, due to higher data management costs stemming from privacy regulation compliance.
[#]
A scam involving a fake Exodus cryptocurrency wallet app in the Canonical Snap Store resulted in the theft of approximately $490K in Bitcoin; users should remove all listed suspicious snaps with the provided command and Canonical is urged to implement stricter review processes for financial and crypto-related applications.
[#]
North Korean cyber group Lazarus is exploiting LinkedIn to trick security researchers into opening malicious links, suggesting that users should thoroughly verify unknown contacts to prevent potential spearphishing attacks.
[#]
Dancho Danchev's February 21, 2024 blog post reveals the identity of LockBit ransomware associate Artur Ravilevich Sungatov through OSINT, backed by associated emails and sample photos.
[#]
Researchers at Cado Security discovered a comprehensive malware campaign named Commando Cat, which targets Docker API endpoints for cryptojacking, deploys multiple sophisticated payloads including a process hiding mechanism, and attempts to steal cloud service provider credentials while simultaneously deploying measures to evade detection and ensure persistence.
[#]
The AI ChatBot plugin for WordPress versions up to and including 4.8.9 has an SQL Injection vulnerability in the 'qc_wpbo_search_response' function that allows unauthenticated attackers to extract sensitive data, necessitating an update to a secure version.
[#]
Cyble's blog post on the CriminalMW Group examines the evolution of Android banking trojans targeting Brazilian financial institutions and details malware rebranding tactics alongside law enforcement actions and recommendations for cybersecurity best practices.
