# Latest Podcast
# Description
Techniques for discreetly loading DLLs using Windows Thread Pool API's and exploiting Windows kernel vulnerabilities through ROP chains are explained. Clément Amic focuses on exploiting Java deserialization flaws, and the GAP-Burp-Extension helps with fuzzing web apps. Learn a Direct Pointer execution method for shellcode, and check out RustRedOps, a Rust-based repository for Red Team tools. GitAlerts aids in monitoring sensitive files on GitHub, while an exploit, CVE-2023-6241, is out for bypassing memory protections on Pixel 8. Tips for preventing secrets leaks in Docker images, detecting yellow tracking dots with Dotspotter, and exploiting facial recognition systems are discussed. Emora emerges as a tool for searching social network usernames, while various tools for finding JavaScript vulnerabilities are listed. An "Awesome ChatGPT Prompts" repository offers creative prompts, and techniques to exploit identity providers are covered. GTPDOOR Scan helps detect malware-infected hosts, and a list of satellite OSINT tools is compiled. Learn about Ralph Merkle's cryptographic work, and discover Kiddy, a tool for obscuring Linux kernel information.
# Tradecraft
[#]
This blog post explains how to discreetly load DLLs using Windows Thread Pool API's I/O completion callbacks to avoid detection by EDR systems, with a detailed walkthrough and code examples provided.
[#]
This article dives into advanced exploit techniques for Windows kernel vulnerabilities, discussing alternate methods to execute code at the kernel level without violating protective mechanisms like HVCI and Kernel CFG by using Return-Oriented Programming (ROP) chains to leverage existing signed code.
[#]
The GAP-Burp-Extension is a tool for Burp Suite that identifies possible endpoints, parameters, and creates a wordlist specifically for the target to assist in fuzzing and testing web applications.
[#]
The blog post explains how to use Direct Pointer execution as an evasion technique for running shellcode undetected by avoiding the creation of new threads and API calls, making it difficult for antivirus and endpoint detection to flag the binary's execution processes.
[#]
RustRedOps is a repository that provides a collection of advanced Red Team tools and techniques using Rust for offensive cybersecurity tasks, including payload execution, process injection, anti-analysis, and more.
[#]
GitAlerts is a tool for detecting and monitoring sensitive files and secrets in public repositories of GitHub organization users, with features for scanning, reporting, and alerting through Slack integration.
[#]
A security researcher disclosed CVE-2023-6241, an exploit that bypasses Memory Tagging Extension's protections on Pixel 8 by using a GPU bug to manipulate kernel code execution, which was addressed in Android's March security update.
[#]
To prevent secrets from leaking in Docker images, use multi-stage builds to exclude secrets from the final image or BuildKit to inject secrets safely during the build process without including them in the final image.
[#]
This article explains how to exploit security weaknesses in facial recognition and lock systems of turnstiles, illustrating attacks like using high-resolution photos with masks and lock bumping techniques, and advising on protective measures against such vulnerabilities.
[#]
Emora is a new open-source OSINT tool with a graphical user interface that helps users search for usernames across various social networks, with an easy installation process and frequent updates.
[#]
Learn to find and exploit vulnerabilities in JavaScript using manual inspection and automated tools like wget, RegHex, keyhacks, Gau, waybackurls, httpx, subjs, Nuclei, Mantra, SecretFinder, and JSFScan.sh to enhance bug bounty hunting.
[#]
GitAlerts is a tool that enables organizations to detect and monitor secret leaks in public repositories of their GitHub users, offering features such as scanning, monitoring, Slack notifications, and integration with TruffleHog for secret detection.
[#]
The repository "Awesome ChatGPT Prompts" is a curated collection of examples designed to enhance the user experience with ChatGPT, offering customized prompts for various applications, from code generation to creative writing, and even includes links to additional resources like e-books and a prompt generator app.
[#]
Identity providers like AzureAD, Okta, Ping, and OneLogin have techniques that can be exploited by Red Teamers to intercept credentials and authenticate as other users, but awareness and proper defense mechanisms are critical to mitigate these security risks.
[#]
A new multithreaded network scanning tool called GTPDOOR Scan has been released to detect hosts infected with the GTPDOOR malware, offering three different scanning methods to accommodate various firewall configurations.
[#]
The list provided is a compilation of satellite Open Source Intelligence (OSINT) tools and resources for real-time tracking, visualization, and analysis of man-made objects in Earth's orbit, useful for anyone interested in space activity monitoring.
[#]
Kiddy is a Linux kernel modification tool that hides its version information to deflect kernel exploitation by using security through obscurity techniques and altering kernel function behavior.
# News
[#]
Trend Micro, a cybersecurity company, collaborates with law enforcement to disrupt operations of LockBit ransomware, a service used by criminals to attack global organizations, by introducing more stable and innovative ransomware versions and providing managed detection and response services.
[#]
The U.S. Federal Trade Commission has issued a warning about scammers posing as its employees to trick people into paying money, providing safety guidelines and urging victims to report incidents on their website.
[#]
Nations Direct Mortgage reported a data breach affecting 83,000 individuals, compromising personal details but found no evidence of data exfiltration or fraudulent use, and is providing free identity monitoring services to the impacted parties.
[#]
Cloudflare experienced a 22% loss in hosted domains following the shutdown of .tk, .cf, and .gq domains by Freenom, impacting nearly all websites previously using these top-level domains due to legal issues and abuse complaints.
[#]
Research at Rhino Security Labs revealed an unauthenticated command injection vulnerability in the Progress Kemp LoadMaster, tracked as CVE-2024-1212, which allowed attackers to gain control if they could access the admin web interface; a patch is now available which administrators should apply immediately to secure their devices.
[#]
The post discusses the mechanics of password-spraying tools and strategies for their effective utilization in gaining unauthorized access.
[#]
Ukrainian law enforcement has detained three individuals for hacking over 100 million email and Instagram accounts and selling them to fraudsters on the darknet, recommending users to strengthen their security with complex passwords and multi-factor authentication.
[#]
Oracle has advised against installing the macOS 14.4 update on Apple silicon CPUs because it causes Java processes to unexpectedly terminate, with no current fix or workaround available.
[#]
The Imperva 2024 Report reveals that APIs, which make up 71% of internet traffic, are increasingly targeted by cybercriminals, due to common security oversights like shadow, deprecated, and unauthenticated APIs, resulting in annual costs of up to $75 billion for businesses; the report advises continuous API inventory and monitoring, risk assessment, and integrated protection strategies to mitigate this threat.
[#]
A failure to specify vendor and product IDs in USBGuard configurations can be exploited to circumvent USB device authorization policies on Linux systems.
[#]
A critical vulnerability in FortiOS SSL VPN identified as CVE-2024-21762 allows for remote code execution and affects over 133,000 systems, which requires immediate patching to the specified secure versions to mitigate risks.
[#]
Two serious vulnerabilities in the Automatic WordPress plugin, CVE-2024-27956 allowing SQL query manipulation and CVE-2024-27954 enabling file downloads, have been fixed in version 3.92.1.
[#]
A Moldovan national was sentenced to 42 months in prison for operating E-Root Marketplace, a site selling over 350,000 stolen credentials that led to ransomware and tax fraud attacks, and law enforcement has recovered $2.3 million in cryptocurrencies from a related romance scam.
[#]
A new version of AcidRain malware called AcidPour is targeting Linux x86 devices, designed to erase data on RAID arrays and UBI filesystems, with unknown victims and scale of attack, while brute-force methods are being used against Linux systems to create backdoor entries for malware like ransomware and DDoS bots.
[#]
Brazilian law enforcement, with support from Interpol, captured five individuals linked to the Grandoreiro banking Trojan by correlating malware samples.
[#]
Researchers have uncovered a "pig butchering" cryptocurrency scam network where criminals have shifted at least $75.3 billion through exchanges, using complex patterns and multiple currencies to disguise illegal transfers and victimize primarily US-based users.
[#]
Cybersecurity researchers have discovered that attackers are using document publishing sites like FlipSnack and Issuu to host phishing scams, avoiding detection by email filters and stealing user credentials through fake Microsoft 365 login pages.
[#]
The Apex Legends Global Series tournament was postponed after a remote code execution exploit was used to hack two players' in-game clients, compromising the event's integrity.
[#]
Microsoft's AITM honeytoken may provide an alert to impersonation attacks, but attackers can quickly identify and resolve the alert, making it a less effective defense strategy.
[#]
Ethereum's CREATE2 opcode is being exploited in cyber-attacks to empty cryptocurrency wallets, urging a need for enhanced security measures.
[#]
A new malware called AcidPour targets Linux x86 IoT and network devices, wipes data, and may pose a bigger threat by affecting a wider range of systems compared to its predecessor AcidRain.
[#]
NHS Dumfries and Galloway in Scotland is responding to a cyberattack which may have exposed patient and staff data, and while there's no immediate threat to life, they remind everyone to be cautious with unknown communications and report any suspicious activities.
[#]
Over 83,000 clients of Nations Direct Mortgage had personal data compromised in a cyberattack, prompting legal actions and the provision of free identity protection services.
[#]
Mintlify, an AI documentation firm, had a data breach leading to 91 GitHub tokens being exposed due to a system flaw, but further misuse of tokens is under investigation.
[#]
A new variant of AcidRain wiper malware, called AcidPour, has been enhanced to target embedded device memory and make data recovery more difficult, posing a significant threat to various devices and systems.
[#]
The U.S. government is actively breaking down the Chinese cyberespionage operation Volt Typhoon, which poses a serious threat to the nation's critical infrastructure, while also forming task forces to protect the water supply from cyberattacks.
[#]
Chinese advanced persistent threat group Earth Krahang has compromised over 70 organizations worldwide by exploiting vulnerabilities in Openfire servers and Control Web Panel, using tactics like spear-phishing and VPNs to infiltrate networks.
[#]
Atos' stock value dropped by 20% after Airbus ended talks to buy Atos' big data and security units, leaving Atos looking for other strategic options for these assets while facing upcoming debt repayments.
[#]
A telecom manager pled guilty to conducting illegal SIM swaps using his managerial credentials, in exchange for Bitcoin payments, allowing co-conspirators to hijack customers' phone numbers and access their accounts, with sentencing scheduled for July 2024.
[#]
Trend Micro researchers uncovered that the Earth Krahang APT group breached over 70 government organizations worldwide, using spear-phishing and exploiting vulnerabilities such as CVE-2023-32315 and CVE-2022-21587 for cyberespionage.
[#]
A phishing campaign, called Operation PhantomBlu, is using a Microsoft Office exploit involving OLE template manipulation to distribute NetSupport RAT, by tricking victims into opening a bogus salary report email and running a malicious embedded printer icon.
[#]
The website Have I Been Pwned provides an overview of various data breaches, allowing users to check if their personal information has been compromised by searching through exposed email addresses, passwords, and other sensitive data from numerous incidents across various services.
[#]
The SEC has fined two investment advisers a total of $400,000 for falsely claiming to use AI technology in their financial products, a practice known as "AI washing."
[#]
The Chinese hacking group Earth Krahang has infiltrated 70 organizations worldwide, mostly government entities, using spear-phishing and exploiting server vulnerabilities, prompting the need for stronger cyber defenses and password management.
[#]
Over 900 websites using Google Firebase were found with misconfigurations, exposing sensitive data like user passwords and billing details; website owners are advised to secure their Firebase configurations to prevent data leaks.
[#]
Fujitsu has announced a security breach involving malware which possibly led to unauthorized access to customer data, prompting the company to strengthen their defenses, notify affected individuals, and report the incident to the appropriate authorities.
[#]
Over 133,000 Fortinet devices remain unpatched for a critical remote code execution vulnerability CVE-2024-21762, exposing them to potential cyber-attacks, while a new SQL injection bug CVE-2023-48788 in FortiClient EMS also needs immediate patching.
[#]
Fortra has fixed a critical remote code execution bug, CVE-2024-25153, in its FileCatalyst file transfer tool, and users are advised to update to version 5.1.6 Build 114 to prevent potential cyber attacks.
[#]
Microsoft plans to stop supporting RSA keys under 2048 bits for TLS server authentication to improve security, and organizations should upgrade their keys to avoid connection issues with Windows servers.
[#]
SonicWall Capture Labs researchers have identified a trend of Android adware apps imitating popular games to deliver unwanted ads and collect personal data, recommending users to check app permissions and legitimacy, and to use security solutions for protection.
[#]
SonicWall researchers have discovered a new version of WhiteSnake malware that steals sensitive data and can remotely control infected computers; users should avoid suspicious downloads, update software, and use security tools to protect themselves.
[#]
Microsoft announced the release of Copilot for Security, a generative AI tool that increases efficiency and accuracy for security teams by providing natural language insights from security products and custom prompts with support for multiple languages, aiming to improve incident response and analysis.
[#]
The blog env.fail reports an infosec issue where a singular vulnerability led to the compromise of 900 sites, affecting 125 million accounts.
[#]
Researchers discovered a widespread misconfiguration in Firebase that exposed approximately 125 million user records, including plaintext passwords and financial details, across 900 websites, prompting them to inform the affected parties and suggest fixes for the security weakness.
[#]
The website GLOBE_ is experiencing unusually high traffic and has reduced search quality temporarily, urging users to sign up for updates on the upcoming launch of Explorer V2.
[#]
Real-time air quality data from the World Air Quality Index project shows pollution levels worldwide based on particulates, ozone, and various gases, aiding in personal and public health risk assessment.
[#]
The public cadastral map has been updated with a new layer titled "Belarus Literary" which features the state land registry, addresses, unconstructed plots, territorial zoning, and more data layers for enhanced attribute information.
[#]
EasyCounter is a web service providing insights into websites' traffic, user engagement, domain data, safety, server technology, and presence on social media for web analytics and competitive analysis.
[#]
The Middle East Forum provides a database to help law enforcement identify over 125 jihadist groups recruiting in the West and offers intelligence bulletins on threats and training seminars for identifying signs of extremism linked to past attacks like the Boston bombings.
[#]
The CrisisWatch global conflict tracker reports escalations in several regions, including a significant increase in violence in Gaza, political instability in Chad, and mounting tensions in Senegal and the DR Congo, while also noting potential peace opportunities in the Israel/Palestine conflict.
