# Latest Podcast
# Description
Today, InfoHound is an OSINT tool for passive reconnaissance on web domains, collecting data such as emails, subdomains, and files. It includes features like LLM-powered role descriptions and service account and data breach checks, with support for custom modules and export options for analysis. CVE-2024-1709 represents a vulnerability in 3CX phone systems permitting remote code execution, remediable by vendor-provided security patches. The Docker Bench for Security is a script performing CIS Docker Benchmark checks to ensure Docker container deployment best practices. A blog post outlines solution steps for the Strings challenge from Mobile Hacking Labs using techniques like static analysis and memory scanning. Advanced CyberChef techniques are explained in an article for extracting malware loader configurations, employing regular expressions and AES decryption. Another article explores kernel mode keylogging in Windows using gafAsyncKeyState, describing dynamic structure location and keystroke reading. Nidhogg is a rootkit for Windows 10 and 11 with capabilities like credential dumping, possibly tripping PatchGuard. A cybersecurity enthusiast shares experiences with a Docker SSH honeypot to monitor attack patterns. Two ebooks, The Windows Process Journey and The Linux Process Journey, delve into process mechanisms in Windows and Linux, while The macOS Process Journey covers macOS processes. "TrueBad0ur/ssh-honeypot" on GitHub is a tool mimicking an SSH server for attack data collection. The `libreasy` repository offers an HTML template for book details, excluding actual PDF hosting. "dockur/windows" on GitHub facilitates running Windows in Docker with varied features and user guidance. Lastly, Hackvertor is a Burp Suite extension for data conversion, available through the BApp store for integration with Burp Suite.
In cryptocurrency news there is upheaval with a gambling platform rug pull, significant financial losses from various attacks, and the revelation of an Australian's disappearance post-bank error. In cybersecurity, the BitForex platform is under scrutiny for a possible exit scam, while the Aleo blockchain and Tornado Cash encountered data and code breaches respectively. Additionally, the South African parliament suffered a data leak, and new malware, "Angel Drainer," targets cryptocurrency users. Security research highlights browser vulnerabilities, and Microsoft exposes a critical Windows flaw. In lighter news, FunnyPlaying's FPGBC Kit brings nostalgia with a modern twist on the Game Boy Color.
In cryptocurrency news there is upheaval with a gambling platform rug pull, significant financial losses from various attacks, and the revelation of an Australian's disappearance post-bank error. In cybersecurity, the BitForex platform is under scrutiny for a possible exit scam, while the Aleo blockchain and Tornado Cash encountered data and code breaches respectively. Additionally, the South African parliament suffered a data leak, and new malware, "Angel Drainer," targets cryptocurrency users. Security research highlights browser vulnerabilities, and Microsoft exposes a critical Windows flaw. In lighter news, FunnyPlaying's FPGBC Kit brings nostalgia with a modern twist on the Game Boy Color.
# Tradecraft
[#]
InfoHound is an OSINT tool designed to perform passive reconnaissance on web domains by gathering substantial amounts of data including emails, subdomains, and files, and offers an evolving set of features like LLM-powered individual role descriptions, service account checks, and data breach checks, which can be enhanced with user-created custom modules and exported for graphical analysis.
[#]
CVE-2024-1709 is a vulnerability in 3CX phone systems allowing remote code execution, which can be mitigated by applying the latest security patches provided by the vendor.
[#]
The Docker Bench for Security is a script that performs automated checks against the CIS Docker Benchmark v1.6.0 to ensure best practices in deploying Docker containers in production, which can be run from the base host or within a Docker container with the right privileges and volumes set.
[#]
The blog post details the process of solving the Strings challenge from Mobile Hacking Labs, involving static analysis, intent manipulation, shared preference modification using Frida, and memory scanning to extract a flag.
[#]
The article provides a step-by-step guide on using advanced CyberChef techniques to extract configurations from multi-stage malware loaders, demonstrating the application of registers, regular expressions, flow control operations, and AES decryption in the process.
[#]
The article discusses an approach for implementing a kernel mode keylogger in Windows using the undocumented data structure gafAsyncKeyState, detailing the steps for locating the structure dynamically, reading keystrokes without API calls, and overcoming the challenge posed by session driver address space.
[#]
Nidhogg is a versatile and user-friendly rootkit for Windows 10 and Windows 11 that offers a wide range of operations from the kernel space, including process and file protection, credential dumping, and script execution, but using certain features may risk triggering PatchGuard.
[#]
A cybersecurity enthusiast details setting up an SSH honeypot using Docker to log commands and monitor brute-force attack patterns, including top usernames and passwords attempted, and the geographic origins of the attacks.
[#]
The Windows Process Journey ebook provides an overview of the operational mechanisms of Windows processes, while The Linux Process Journey covers task management and the threading model used in Linux, and The macOS Process Journey elucidates process handling in the macOS environment.
[#]
The GitHub repository "TrueBad0ur/ssh-honeypot" provides a tool that simulates an SSH server to record attackers' credentials and command attempts, using a fake shell environment and SQLite for logging.
[#]
The repository `libreasy` by user `TrueBad0ur` on GitHub provides a simple HTML template for storing book details such as previews, authors, titles, and download links, but does not host the actual PDFs, offering instructions for contribution and requiring image compression prior to uploading.
[#]
The GitHub repository "dockur/windows" provides a means to run Windows within a Docker container, offering features like ISO downloader, KVM acceleration, web-based viewer, and includes instructions on usage, customization, and troubleshooting for diverse user scenarios.
[#]
Hackvertor is a Burp Suite extension that enables conversion of data through customizable tags, supporting operations like base64 encoding and regex, with installation done via the BApp store and usage integrated directly within Burp Suite's interface.
# News
[#]
Recent incidents in the cryptocurrency space include a gambling platform Rug pull, an Australian's disappearance after a transfer error, a DeFi exploit thwarted by a whitehat, a hack on a project with an amusing name, a co-founder's wallet loss, an influencer's alleged pump-and-dump scheme, the AAX exchange's post-shutdown fund movement, a spam wave on GitHub for token airdrops, a significant exchange hack, and insider trading suspicions following a high-profile NFT acquisition.
[#]
Recent cyber incidents include a likely exit scam by BitForex after $57 million was withdrawn, a privacy leak from Aleo blockchain due to a copy/paste error, Tornado Cash's code exploit risking user funds, a $100 million romance scam operation linked to human trafficking in Myanmar, RiskOnBlast's $1.3 million rug pull on the Blast blockchain, an Australian man absconding with $585,000 due to a bank error, a narrowly avoided $1.3 million hack of Blueberry Protocol, a $170,000 hack on DeezNutz_404 due to code flaws, a $9.5 million loss by an Axie Infinity co-founder from wallet compromise, and allegations of pump-and-dump schemes by the influencer Crypto Rover.
[#]
The South African parliament's website leaked members' personal contact information, compromising their operational security and underscoring the need for rigorous data protection protocols.
[#]
A new malware called "Angel Drainer" is hijacking websites and phishing sites to steal credentials and funds from cryptocurrency wallets, with over $25 million already stolen; users should update antivirus software and be cautious of suspicious online activity to protect their assets.
[#]
Research outlines various security vulnerabilities in web browsers such as XSS and RCE attacks in Chromium Edge, local file disclosure across multiple browsers, and security risks in Firefox and Microsoft Outlook, with recommended patches or strategic mitigations for each issue.
[#]
Researchers at Microsoft uncovered a critical 20-year-old stack corruption vulnerability in a core Windows OS library, accessible from Chromium-based browser sandboxes through the Web Speech API, which could potentially enable a browser and full system compromise if exploited.
[#]
A memory alignment issue in certain filesystems like ext4 and btrfs has significantly weakened ASLR for 32-bit libraries over 2MB in size and reduced entropy for 64-bit libraries in recent Linux kernel versions, with a fix for the lost randomization pending in Ubuntu's future release.
[#]
FunnyPlaying offers a $69.90 FPGBC Kit for enthusiasts to simulate real Game Boy Color hardware using FPGA, with several components like the housing and buttons sold separately, and the latest firmware available for download.
