# Latest Podcast
# Description
Today, a method is revealed to extract PEAP credentials from Windows networks by decrypting the DPAPI blob. An exploitation tool for Jenkins servers is now available to scan for CVE-2024-23897 vulnerabilities. Nathan Baggs demonstrates how to use dotPeek to reverse-engineer game code. The Troll-A utility detects sensitive data in WARC files. An approach is shared for finding an AWS Account ID via a VPC Endpoint and CloudTrail logs. A guide is provided for exploiting a Linux server and gaining control over MySQL for privilege escalation. PE-sieve has been updated for more precise shellcode detection. An AWS cloud was compromised by exploiting IAM permissions. A flaw in the Bricks Builder plugin for WordPress (CVE-2024-25600) allows remote code execution, with Nuclei template and PoC shared for detection and exploitation. Instructions are provided for building a Transformer model in PyTorch. The Ethical Hacking MindMap serves as a learning guide for newcomers. Lastly, a method to save Kali Linux terminal commands to GitHub is outlined to preserve data across VM setups.
And in the news, research by Lab52 unveils efforts by the Turla group with a modified Kazuar trojan. PayPal targets stolen super-cookies threats. Axie Infinity's Jeff Zirlin and wallets face crypto-theft, highlighted by PeckShield. The LockBit group threatens with new FBI material leaks. A critical SQL Injection flaw in WordPress's Ultimate Member plugin demands updates. The RCMP combats a cyberattack aftermath, while ConnectWise ScreenConnect users must upgrade due to severe exploits.
And in the news, research by Lab52 unveils efforts by the Turla group with a modified Kazuar trojan. PayPal targets stolen super-cookies threats. Axie Infinity's Jeff Zirlin and wallets face crypto-theft, highlighted by PeckShield. The LockBit group threatens with new FBI material leaks. A critical SQL Injection flaw in WordPress's Ultimate Member plugin demands updates. The RCMP combats a cyberattack aftermath, while ConnectWise ScreenConnect users must upgrade due to severe exploits.
# Tradecraft
[#]
The blog post details a method to extract PEAP credentials from a wired Windows network by capturing and decrypting the DPAPI blob using mimikatz or impacket scripts, highlighting a hardcoded salt value used in the encryption process.
[#]
A new exploitation and scanning tool for Jenkins servers affected by CVE-2024-23897 is available, targeting versions ≤ 2.441 & ≤ LTS 2.426.2, allowing users to find and potentially exploit vulnerabilities in these instances.
[#]
The video by Nathan Baggs demonstrates the use of dotPeek, a .NET decompiler from JetBrains, to reverse-engineer and modify a game's code to reduce its scariness.
[#]
Troll-A is a command-line utility designed to detect and extract sensitive information like passwords and API keys from WARC files, offering features such as support for various compression protocols, integration with the Gitleaks ruleset, and high-performance concurrent processing.
[#]
[tag]This guide instructs on exploiting a Linux server hosting a web application by scanning for vulnerabilities using tools like nmap, gobuster, and wpscan, then gaining initial access through SSH password cracking, with further steps including local enumeration and taking control of a MySQL server to establish a foothold for potential privilege escalation.
[#]
PE-sieve, a tool for detecting shellcode in memory areas outside of typical modules, now supports custom pattern definitions for more targeted scanning, as detailed in its recent update documentation.
[#]
An AWS cloud environment was compromised by exploiting IAM permissions, initially gaining access through an exposed Hadoop service, then escalating privileges by finding AWS keys, using a tool called enumerate-iam.py, and further leveraging EC2 and IAM roles for higher access levels.
[#]
A vulnerability in the Bricks Builder plugin for WordPress, identified as CVE-2024-25600, allows for unauthenticated remote code execution, with a tool available that automates exploitation including nonce retrieval and arbitrary command execution.
[#]
A Nuclei template is available to detect the Bricks Builder plugin vulnerability in WordPress, allowing remote code execution, with a PoC provided for automated testing.
[#]
The content explains how to build a Transformer model from scratch in PyTorch, covering multi-head attention, attention masking, encoder and decoder blocks, with an application in reversing word sequences.
[#]
The Ethical Hacking MindMap is a visual reference created from various cybersecurity resources, designed to help newcomers understand ethical hacking concepts and practical techniques, with an upcoming version to focus on applied knowledge from Capture The Flag challenges and port interactions.
[#]
A method for automatically saving and syncing Kali Linux terminal command history to a private GitHub repository using a bash script and cron jobs has been outlined to prevent loss of data when setting up fresh virtual machines.
# News
[#]
Research from Lab52 has identified a new campaign by the espionage group Turla using a custom variant of the Kazuar trojan, concealed with 'Pelmeni Wrapper', to target government and industry entities, providing technical details and indicators of compromise for defense enhancement.
[#]
PayPal has developed a new patent-pending method to detect and prevent unauthorized access by identifying and evaluating the risk of stolen super-cookies during user authentication processes.
[#]
Nearly $10 million was stolen from Axie Infinity co-founder Jeff Zirlin's wallet, with funds transferred to a cryptocurrency mixer; blockchain cybersecurity firm PeckShield tracked the theft, highlighting the risks associated with cryptocurrency wallets and the need for robust security measures.
[#]
LockBit cybercrime group has introduced a new onion site, recently posted FBI-related content with a countdown, and is expected to increase targeting of government entities in support of nations, calling for heightened vigilance and enforcement of a no-ransom policy to combat the threat.
[#]
A critical SQL Injection vulnerability CVE-2024-1071, in the Ultimate Member plugin versions 2.1.3 to 2.8.2, affects 200,000 WordPress sites and requires updating to patched version 2.8.3 to secure against active exploitation.
[#]
The Royal Canadian Mounted Police's network was hit by a cyber attack, prompting a criminal investigation, with no current threat to public safety or impact on operations, and the previously downed RCMP website is now restored.
[#]
ConnectWise ScreenConnect installations are vulnerable to critical exploits, CVE-2024-1709 and CVE-2024-1708, allowing remote code execution and data access; organizations should immediately upgrade to version 23.9.8 or apply interim version 22.4 to mitigate risks.
[#]
LockBit ransomware service spokesperson "LockBitSupp" has reportedly begun cooperating with law enforcement after international operation Cronos led to the arrest of group members, seizure of servers and release of a decryption tool for victims, causing substantial disruption to the group's activities.
[#]
Ken Shirriff's blog explores the Arma Micro Computer from 1962, an early aerospace computer used on vehicles from Navy ships to Air Force One, featuring an unusual 22-bit serial architecture and non-destructive readout memory using transfluxors.
