# Latest Podcast
# Description
In a recent hacking challenge, participants aim to gain unauthorized administrative access on a Windows domain using various cyber-attack methods. Dorkish is a Chrome extension aiding in OSINT for better reconnaissance with custom search queries. An article explains advanced malware development techniques for executing malicious code stealthily by exploiting Windows features. LLM4Decompile is a new tool using language models for decompiling binary code for improved cybersecurity analysis. Shelter technique conceals payloads in memory using ROP-based obfuscation and encryption. AttackGen assists organizations in testing incident response via customizable scenarios. DirDar finds restricted web directories, and Backup-Finder for Burp Suite reveals potentially sensitive files on webservers.
# Tradecraft
[#]
The document describes a hacking challenge where the user performs a series of cyber attacks on a Windows domain controller to escalate privileges and gain unauthorized administrative access using various cyber security tools and techniques.
[#]
Dorkish is a Chrome extension designed to assist with OSINT by providing tools for creating and using custom search queries for Google and Shodan, aimed at enhancing the reconnaissance phase during cybersecurity investigations.
[#]
The article details various advanced malware development techniques that focus on stealthily injecting or executing malicious code within legitimate processes, employing methods such as thread hijacking, Dynamic Data Exchange, DNS and API injections, and misuse of common Windows features like clipboard and edit controls to avoid detection.
[#]
Researchers have developed LLM4Decompile, a tool using large language models for decompiling binary code and have shared the models, code, and data for further community-driven improvement, acknowledging the need for better testing and evaluation methods against established decompilers like Ghidra and IDA Pro.
[#]
Shelter is a technique that uses ROP-based sleep obfuscation and AES-128 encryption to hide a payload in memory from scanners, requiring no traditional triggers like APC, HWBP, or timers, and must be implemented in Rust by adding it to the cargo.toml file.
[#]
A cybersecurity tool named AttackGen has been introduced to help organizations test their incident response capabilities by creating customizable scenarios based on the MITRE ATT&CK framework and threat actor profiles.
[#]
DirDar is a cybersecurity tool that identifies and provides access to web directories that are normally restricted by detecting and utilizing directory listings.
[#]
Backup-Finder is a Burp Suite extension designed for detecting backup, old, temporary, and unreferenced files on webservers, which might contain sensitive information, thus helping to prevent potential data leakage.
# News
[#]
North Korea-linked Lazarus APT group is reportedly laundering $23 million through the mixer platform Tornado Cash, highlighting the importance of wallet screening tools for cryptocurrency exchanges and financial institutions to prevent transactions with sanctioned entities.
[#]
Cybersecurity researchers discovered 17 GitHub repositories offering cracked software that deliver RisePro info stealer, a malware designed to extract sensitive information and exfiltrate it via Telegram channels.
[#]
Tarlogic Security revealed a new Bluetooth vulnerability named "BlueSpy," which allows attackers to use Bluetooth headsets in discoverable mode to eavesdrop by exploiting the "JustWorks" pairing method, with suggestions to use headsets with secure pairing and remain alert to unauthorized pairing requests.
[#]
Healthcare organizations in Scotland and Ireland experienced cybersecurity incidents, with a cyberattack disrupting NHS Scotland's services and exposing data, and a misconfigured Salesforce portal in Ireland exposing millions of patients' COVID vaccination details.
[#]
Researchers have uncovered a new speculative execution attack named 'GhostRace' that affects all CPU and OS vendors by exploiting synchronization mechanisms, and both software developers and hardware vendors are currently working to address this vulnerability.
