# Latest Podcast
# Description
The blog post introduces DUALITY, a method to create persistent red team footholds by backdooring multiple DLLs, with a follow-up explaining its use for initial access and undetectability. SharpADWS serves as a Red Team tool for less detectable Active Directory reconnaissance and exploitation. Researchers detail extracting Secure Onboard Communication keys from a 2021 Toyota RAV4 Prime for third-party device integration. For web application reconnaissance, methods and tools like SecurityTrails and Burp Suite are discussed. A technique using Shodan is explained for locating accessible admin/setup panels. Steps for securing SSH and GIT operations with Yubikeys in WSL2 are provided. Enhancing Nmap to detect OPC UA services in ICS environments is outlined with a new service probe. Mahmoud Hamed revealed a self-XSS combined with CORS misconfiguration leading to user PII leakage. Jineesh AK discovered an email enumeration vulnerability patched by adding input validation. WebViews in Android apps can present JavaScript XSS vulnerabilities; secure coding practices are suggested along with relevant tools. TELEKRAM-DOX repository contains a telegram flood bot for bombarding messages.
Remy develops a system for fingerprint BTLE devices to enhance BTLE security discussions. Joff Thyer presents a CI/CD pipeline method for generating unique malware artifacts. The tool Subdomains-Spider is introduced for subdomain discovery. F31 is a script for Kali Linux aiming to reduce network detection. A cyber security expert shares techniques for gaining Domain Admin privileges. Lastly, SmuggleFuzz is described as an adaptable, HTTP downgrade smuggling scanner.
# Tradecraft
[#]
The blog post outlines a method called DUALITY for creating a persistent red team foothold by backdooring multiple Dynamic Link Libraries (DLLs) that can maintain infection even through program updates by re-infecting each other, and the upcoming Part II will explore using this technique for initial access and improved undetectability.
[#]
The blog post details a process for extracting Secure Onboard Communication keys from a 2021 Toyota RAV4 Prime by reverse engineering and exploiting the power steering ECU, enabling the use of third-party devices on the vehicle's CAN bus.
[#]
The article outlines methods and tools for web application reconnaissance, including subdomain enumeration, directory and file enumeration, parameter fuzzing, and collecting related URLs, using tools like SecurityTrails, Amass, Assetfinder, Subfinder, ffuf, Arjun, Paramspider, Gospider, Burp Suite, Waybackurls, Gau, Katana, and Hakrawler.
[#]
A security researcher explains a method to locate accessible admin/setup panels using Shodan by filtering search results to exclude pages requiring authorization and then performing facet analysis to refine these results further.
[#]
The article explains how to secure SSH and GIT operations using the FIDO2 interface of Yubikeys within Windows Subsystem for Linux (WSL2), including steps to update SSH clients, configure keys, and enable persistent environment variables for seamless integration.
[#]
A security researcher has developed a method to enhance Nmap's capabilities by creating a new service probe and match for detecting OPC UA services, often used on non-standard ports in ICS environments, and has detailed the process for others to contribute similar enhancements to Nmap's codebase.
[#]
Mahmoud Hamed demonstrated how chaining a self-XSS vulnerability with a CORS misconfiguration can bypass SameSite cookie protections and leak user PII, prompting the affected program to fix the misconfiguration.
[#]
A security engineer named Jineesh AK identified an email enumeration vulnerability in an API endpoint, which was corrected by adding input validation and captcha to the registration process.
[#]
The article details the security concerns of using WebViews in Android applications, specifically regarding JavaScript-enabled XSS vulnerabilities and the exposure of Java objects, while mentioning tools like Burp Suite for MITM attacks and JADX for APK decompilation, alongside providing a secure and insecure APK example for hands-on understanding.
[#]
The TELEKRAM-DOX repository on GitHub offers a Python-based telegram flood bot capable of sending multiple messages to a group or chat using a bot account, which requires a token from BotFather and utilizes telegram API to operate.
[#]
Remy's recent work on Bluetooth Low-Energy (BTLE) involves creating a distributed set of scanning devices to identify and fingerprint BTLE devices by collecting unique advertisement attributes and GATT profiles, with the aim of fostering more informed discussions on BTLE security.
[#]
A blog post by Joff Thyer details a comprehensive CI/CD pipeline method for generating unique malware artifacts to evade detection by employing a "Malware As A Service" approach, with an emphasis on containerized environments, dynamic generation, and post-processing tracking.
[#]
The text details a tool called Subdomains-Spider, a Python-based script used for scanning and discovering subdomains of a given target domain using a list of potential subdomains provided in a text file.
[#]
F31 is a bash script for Kali Linux that helps reduce detection on networks by changing hostnames, manipulating traffic, and altering MAC addresses, with an accompanying reset script to revert changes.
[#]
"SmuggleFuzz" is an adaptable, rapid, HTTP downgrade smuggling scanner for security testing that allows for customized gadget lists and confirmation of vulnerabilities.
# News
[#]
Major vulnerabilities in Eken and Tuck brand doorbell cameras allow remote viewing and control, prompting some retailers to offer refunds and remove the products from sale.
[#]
Cybersecurity experts reveal non-standard penetration methods used by Red Teams and malicious actors, including USB drops, compromised devices via mail, port authority attacks, drone-delivered access points, insider bribery, and exploitation of vulnerable drivers for initial system access.
[#]
The 6th Edition of the Hacker Powered Security Report is available for download, offering insights into modern penetration testing, comparing traditional and community-driven Pentest as a Service (PTaaS) with automated methods, emphasizing the speed, quality, and value of these security services.
