# Latest Podcast
# Description
Ken Shirriff takes a dive into a military-grade chip to explore its gate array design and compares it with custom chips, outlining the costs and production differences. A cyber security fan uncovers how to hack into the Rebound box on HackTheBox with techniques that bump up privileges. Trail of Bits launches Ruzzy, a fuzzer to sniff out Ruby code bugs. "forensictools" toolkit makes a one-stop virtual spot for digital forensics, loaded with a bunch of analysis tools. An article unveils a hacking trick to mess with turnstiles using the Wiegand protocol. Lastly, C2 Tracker on GitHub keeps an eye on shady online dealings, nabbing IP addresses to spot malign servers.
# Tradecraft
[#]
Ken Shirriff investigates a military-grade chip from the 7400 series, revealing a gate array design with many unused transistors, and discusses the trade-offs between gate array and custom chips in terms of design cost and manufacturing.
[#]
A cyber security enthusiast demonstrates a step-by-step approach to exploit the Rebound box on HackTheBox, utilizing various techniques like cross-session relay and constrained delegation to escalate privileges and access restricted data.
[#]
Trail of Bits has introduced Ruzzy, a new fuzzing tool designed to enhance the security of Ruby code by identifying bugs through dynamic testing and integrating with the libFuzzer ecosystem.
[#]
The "forensictools" toolkit assists in creating a virtual environment for digital forensics and provides tools for binary analysis, Chrome utilities, debugging, event log analysis, hashing, hex editing, mail forensics, memory forensics, packing, password cracking, registry analysis, utilities, and Windows artifact examination.
[#]
The article details a hacking technique involving physical implant attacks on turnstiles using replay methods and an introduction to the Wiegand protocol, which is susceptible to interception and unauthorized access bypassing multi-layered security measures.
[#]
The C2 Tracker repository on GitHub offers a constantly updated IOC feed that tracks command and control servers, tools, botnets, and information-stealing malware by collecting IP addresses using Shodan searches.
# News
[#]
AT&T acknowledges the leak of data belonging to 73 million customers from a 2019 breach, including secure passcodes for 7.6 million accounts, and advises these customers to reset their account passcodes for protection.
[#]
A sophisticated variant of Vultur banking malware imitates the McAfee Security app and increases risk with new remote control functions and evasion tactics, prompting the advice to download apps only from Google Play and scrutinize app permissions.
[#]
Bruce Schneier's latest blog post highlights concerns about AI trustworthiness, commenting on the difficulty of setting limits on machine learning and the potential influences of input data on AI behavior.
[#]
A C2 Tracker tool provides a daily-updated list of command and control servers, botnets, and malware, utilizing Shodan to collect relevant IP addresses, which users can implement to enhance their cybersecurity defenses.
[#]
Mac users are being targeted by stealer malware through deceptive ads and counterfeit websites, which require increased vigilance and security measures.
[#]
Red Hat has issued a critical security alert for a supply chain attack in certain XZ Utils versions, requiring users to downgrade to a safe release to avoid unauthorized remote access.
[#]
A security breach has been identified in the xz compression library's liblzma component, affecting Debian and potentially other Linux systems, with indications that the ssh server slowdown is linked to a backdoor; users are advised to upgrade their systems immediately to mitigate the risk.
[#]
The main branch of the CVE-2024-3094-checker on GitHub does not currently have the file cve-2024-3094-checker.sh, and users looking for it will encounter a 404 page error.
