# Latest Podcast
# Description
Today, BestEDROfTheMarket is a lab for bypassing Endpoint Detection and Response systems, offering dynamic analysis tools. Vulnerabilities in Plixer Scrutinizer allow unauthorized access, highlighted on Atredis Partners’ GitHub. The Mail-in-the-Middle tool poses spear-phishing risks by intercepting emails. A C# PDF-exploit builder targets Foxit Reader and Adobe Acrobat vulnerabilities. A Python and Go script, URL Regex Match Counter, analyzes URL content. Apache Solr's RCE vulnerability is demonstrated with a POC. Shelter, a Rust-based security tool, obfuscates payloads. Plate Recognizer offers ALPR solutions for vehicle management. ZeroPointSecurity/PInvoke supports projects with P/Invoke signatures. EnumSSN aids in syscall scripting by identifying System Service Numbers.
And in the news, GitHub has introduced default push protection to enhance security against data leaks in public repositories. The ASIO director of Australia highlighted increasing cyber threats to infrastructure, notably from nation-state espionage. Infoblox exposed the Savvy Seahorse phishing campaign, leveraging social media for fraud. Cutout.Pro addressed a data breach impacting 20 million users. Citrix and Sophos encountered leap year bugs, disrupting services. Pepco Group lost $17 million due to a sophisticated phishing attack, prompting a security overhaul. Ivanti faced attacks by UNC5325, linked to China, necessitating patches. The Silver SAML attack threatens identity systems, countered by Entra ID certificates. SPIKEDWINE targets European officials with malware. Legal actions challenge Meta over GDPR issues. Airbnb scam alerts and new Linux malware, GTPDOOR, highlight ongoing digital threats. The OSINT SMART FRAMEWORK offers resources for open-source intelligence, while aviation safety remains a critical concern as reported by The Aviation Herald.
And in the news, GitHub has introduced default push protection to enhance security against data leaks in public repositories. The ASIO director of Australia highlighted increasing cyber threats to infrastructure, notably from nation-state espionage. Infoblox exposed the Savvy Seahorse phishing campaign, leveraging social media for fraud. Cutout.Pro addressed a data breach impacting 20 million users. Citrix and Sophos encountered leap year bugs, disrupting services. Pepco Group lost $17 million due to a sophisticated phishing attack, prompting a security overhaul. Ivanti faced attacks by UNC5325, linked to China, necessitating patches. The Silver SAML attack threatens identity systems, countered by Entra ID certificates. SPIKEDWINE targets European officials with malware. Legal actions challenge Meta over GDPR issues. Airbnb scam alerts and new Linux malware, GTPDOOR, highlight ongoing digital threats. The OSINT SMART FRAMEWORK offers resources for open-source intelligence, while aviation safety remains a critical concern as reported by The Aviation Herald.
# Tradecraft
[#]
BestEDROfTheMarket is a lab environment for practicing bypass techniques against Endpoint Detection and Response systems, featuring user-mode dynamic analysis tools such as API and SSN hooking, with configuration files to specify which functions and patterns to monitor or modify.
[#]
A cyber security assessment of the Plixer Scrutinizer application revealed vulnerabilities by decrypting its Perl content using a hooked SSL import call with LD_PRELOAD, enabling unauthorized server access and environment compromise, with the details documented at Atredis Partners' GitHub repository.
[#]
The blog post outlines how a tool named Mail-in-the-Middle automates intercepting emails sent to mistyped domain addresses, enabling attacks like spear-phishing and information gathering, recommending businesses implement domain and user impersonation protections, monitor similar domains, register shorthand domains for email communication, and provide employee training to mitigate such threats.
[#]
A Proof of Concept (POC) PDF-exploit builder in C# language allows for the crafting of PDF files that exploit certain vulnerabilities in Foxit Reader and Adobe Acrobat V9 to execute arbitrary code when opened.
[#]
URL Regex Match Counter is a script, written in Python and Go, that counts occurrences of regex patterns in the content of specified URLs and includes a bonus script for extracting URLs from websites.
[#]
A Proof of Concept (POC) for a Remote Code Execution (RCE) vulnerability in Apache Solr's Backup/Restore APIs, tracked as CVE-2023-50386, has been published, utilizing Pocsuite3 framework for execution, with prepared config files and Java exploit code available for testing and compilation.
[#]
Shelter is a Rust-based security tool that utilizes Return Oriented Programming (ROP) to obfuscate the in-memory payload with AES-128 encryption, making it difficult for memory scanners to detect.
[#]
Plate Recognizer offers a suite of Automatic License Plate Recognition (ALPR) software solutions, including Snapshot, Stream, ParkPow, Blur, ContainerID, BoatID, and USDOT-OCR, that can process various quality images and video for vehicle identification and parking management across numerous environments and more than 90 countries, with both cloud-based and on-premise options available.
[#]
The GitHub repository ZeroPointSecurity/PInvoke provides a collection of code-generated P/Invoke signatures that can be implemented into projects, which is beneficial and donations are appreciated for the support of the resource.
[#]
The text lists various Windows API functions related to security and system operations, which hackers can use to manipulate processes, services, tokens, and memory, essential for penetration testing and cyber defense.
[#]
The EnumSSN tool enumerates System Service Numbers and syscall instruction addresses in the ntdll module by parsing the Process Environment Block without utilizing GetModuleHandleA and GetProcAddress, providing capabilities useful for indirect syscall scripting.
# News
[#]
GitHub has initiated default push protection across all public repositories to mitigate the risk of accidental secret leaks such as API keys and tokens by scanning and blocking sensitive data during code pushes, with additional documentation available for user guidance on managing this feature.
[#]
Australia's ASIO director warns of increased cyber threats to critical infrastructure from nation-state actors, with incidents of espionage including recruitment of former politicians and academics to gather intelligence.
[#]
Infoblox has identified a phishing scam by Savvy Seahorse, using fake investment platforms via Facebook ads and sophisticated DNS techniques to defraud users, redirecting them to fake trading platforms and siphoning funds to Russian banks.
[#]
Cutout.Pro's data breach has exposed personal details of 20 million users; affected individuals should immediately change passwords and watch for phishing attempts.
[#]
Citrix and Sophos software encountered leap year-related bugs on February 29, 2024, causing outages and security certificate errors respectively, with workarounds involving system date changes and software updates to resolve the issues.
[#]
Pepco Group's Hungarian operations suffered a $17 million loss due to a sophisticated phishing attack, with the company responding by conducting a comprehensive assessment of their systems and processes.
[#]
A threat group linked to China, known as UNC5325, has exploited vulnerabilities in Ivanti network devices, leading to the release of patches for high-severity issues and the creation of a tool for integrity checking by Ivanti.
[#]
Cybersecurity researchers have uncovered a new attack method called Silver SAML which targets identity systems by forging SAML responses, and although Microsoft has been notified, organizations are advised to utilize only Entra ID self-signed certificates for SAML signing to prevent exploitation.
[#]
A new espionage group labeled SPIKEDWINE has been discreetly targeting European officials with a sophisticated malware campaign utilizing a decoy wine-tasting event invitation and deploying an undetectable backdoor known as WINELOADER, with operations traced back to July 2023 and ongoing efforts to resist detection through memory forensics and selective server responses.
[#]
Consumer groups in the EU have filed legal complaints challenging Meta's imposed choice on users to consent to data profiling or pay for an ad-free version, alleging violations of GDPR principles.
[#]
A new malware campaign named SPIKEDWINE, using a backdoor called WINELOADER, aims at European officials linked to Indian diplomatic events via malicious PDFs, requiring heightened vigilance and security measures.
[#]
A Malwarebytes employee foiled an Airbnb scam redirecting to a counterfeit Tripadvisor site that could have cost him €2500 and underscores the need for vigilance in online booking, utilizing direct platform bookings, scrutinizing emailed links, confirming site authenticity, and using software that alerts to suspect sites.
[#]
A new Linux malware named GTPDOOR has been found targeting telecom networks by exploiting GPRS roaming exchanges to enable command-and-control operations through GPRS Tunnelling Protocol, alluding to the activities of the threat actor LightBasin, with recommendations for telecom sectors to strengthen their network security against such backdoors.
[#]
Bohdan Taranenko's OSINT SMART FRAMEWORK is a free, weekly updated reference guide providing links to various open-source intelligence (OSINT) resources across multiple disciplines for researchers and security professionals.
[#]
The Aviation Herald reported various aviation incidents between Feb 16th and Feb 29th, 2024, including technical failures, collisions, and emergency landings, illustrating the importance of robust aircraft maintenance and stringent air traffic control protocols to prevent such events.
