HAQ.NEWS

// Jared Folkins

# Latest Podcast

# Description

The HEDnsExtractor tool helps cyber security folks by pulling out domains/IP networks that could be bad news. Sadly, there's a nasty bug CVE-2024-0204 in GoAnywhere Admin that lets sneaky folks make high-privilege accounts they shouldn't. For you tech heads, there's a guide to writing 64-bit Linux shellcode so you can say "Hello World" with your CPU. R2Frida is a cool thing mixing radare2 with Frida to tweak live processes. Gynvael Coldwind busted a sneaky attack hiding in xz/liblzma that messes with data and sneaks in a backdoor. DroidLysis speeds up reverse engineering for Android apps while Subfinder and httpx are ace for finding digital weak spots. Certificate Transparency logs help spot tricky subdomains, helping in research and bounty hunting. FFUF finds hidden web content, and an SSH honeypot using CVE-2024-3094 waits for hackers. Cloudtopolis cracks passwords using Google's cloud and the net. Sniff out leaked credentials with Chrome and Burp Suite. Compare different EDR products with EDR-Telemetry. Hijack Windows with CcmPwn, and level up your cybersecurity chops with a book covering all things low-level. Some smart cookies found a Linux kernel bug (CVE-2024-1086) and a Cisco Umbrella script that susses out weird DNS requests. There's new malware-sniffing gear for .NET, and the latest tricks for nabbing manually mapped rootkits. Learn all about Windows UAC, poking around group policy bits for security testing, and make stuff safer with the Failsafe-go library. See OSINT trends with MetaOSINT, dig into Mastodon with Masto, and lurk on CashApp profile pics. Bag complex web data with One, track blockchain wallets with Wallet-Tracker CLI, learn malware analysis free from Arch Cloud Labs, and speed-scan websites with PIDRILA. There's a list of tools for taking apart social media, a fancy Cobalt Strike code generator, smackdab in ya face. OffSec Reporting beautifies pentest reports and there's more Telegram and Discord sleuthing gear, plus search savvy IRBIS for personal info digging. PHP library 'telegram-osint-lib' focuses on Telegram for data scraping, and the OSINT Notebook by tjnull organizes your snooping. Gynvael Coldwind had another go at showing how attacks creep into xz/liblzma. Slide into a process on Windows with the NtSetInformationProcess function. CVE-2023-4863 made a boo-boo with WebP images, gotta patch those browsers! Then there's a crafty exploit messing with Google's sign-in, and finally, a treasure trove of cyber security resources for folks gearing up for the OSCP or just being security-smart.

# Tradecraft

[#] HEDnsExtractor is a tool for cyber security professionals designed to identify potential security threats by extracting and presenting domains and IP networks associated with a target, with added capabilities such as support for IPv6, workflow customization using yaml, and integration with VirusTotal for Threat scoring.
Read More @ securityonline.info
[#] A vulnerability, CVE-2024-0204, in GoAnywhere Admin portal allows the creation of high-privilege admin accounts both post-auth (escalation from low-privilege account) and pre-auth (bypassing setup checks) via path traversal and state manipulation methods.
Read More @ viettelcybersecurity.com
[#] The article provides a step-by-step guide on writing and extracting 64-bit Linux assembly shellcode, highlighting the creation of a "Hello World" example and offering insight into CPU registers, system calls, and techniques to avoid null bytes in payloads.
Read More @ hackingarticles.in
[#] R2Frida is a plugin that combines radare2, a reverse engineering toolkit, with Frida, a dynamic instrumentation toolkit, allowing users to inject scripts and manipulate running processes for security analysis.
Read More @ kitploit.com
[#] A comprehensive analysis by Gynvael Coldwind reveals a multi-stage obfuscation and backdoor insertion attack within the xz/liblzma compression software, showing the steps of data manipulation and script execution for the payload delivery.
Read More @ coldwind.pl
[#] DroidLysis is a tool designed to automate initial reverse engineering tasks for Android applications by disassembling APKs, organizing output, and detecting code that may be suspicious or indicative of certain functionalities.
Read More @ kitploit.com
[#] A cyber security professional utilizes tools such as Subfinder and httpx for subdomain enumeration and port scanning to enhance bug bounty hunting and discover vulnerabilities in digital infrastructures.
Read More @ medium.com
[#] The article explains how to use Certificate Transparency logs and tools like crt.sh and Censys.io for identifying subdomains, which is beneficial in cybersecurity research and bug bounty hunting.
Read More @ medium.com
[#] This article explains how to use the FFUF tool for uncovering hidden web content and subdomains, which can help in identifying potential security vulnerabilities.
Read More @ medium.com
[#] An SSH honeypot has been designed to trap attackers by employing an intentionally vulnerable XZ backdoor, tracked as CVE-2024-3094.
Read More @ github.com
[#] Cloudtopolis is a tool that enables password cracking without owning hardware by using Google Cloud Shell and Google Collaboratory to set up and run Hashtopolis agents for hash breaking tasks.
Read More @ github.com
[#] The text instructs how to identify leaked credentials by using regular expressions to filter network traffic in Google Chrome's Developer Tools and Burp Suite.
Read More @ github.com
[#] The EDR-Telemetry project provides an updated comparison of telemetry features across different Endpoint Detection and Response (EDR) products to help security professionals evaluate these tools.
Read More @ github.com
[#] Hackers can hijack Windows sessions by modifying SCCM client configurations and using a new tool called CcmPwn, which involves uploading a malicious DLL and altering a .NET application's config file.
Read More @ google.com
[#] This document is an open-source book discussing various cyber security topics, including memory vulnerabilities, cache side channels, and compiler security, with a focus on low-level software and compiler developers.
Read More @ github.io
[#] A cybersecurity report details a strategy exploiting a recent Linux io_uring use-after-free vulnerability to gain unauthorized access to system memory pages and potentially modify file permissions or add backdoor accounts.
Read More @ exodusintel.com
[#] The article details an in-depth Linux kernel exploit related to nf_tables CVE-2024-1086, using advanced techniques like Dirty Pagedirectory for achieving root access on various Linux distributions.
Read More @ pwning.tech
[#] Horizon3.ai's NodeZero platform provides tools for automated penetration testing, including internal and external pentests, vulnerability assessments for compliance like PCI DSS, and allows users to evaluate cybersecurity strategies, while their recent advisory exposes a critical PaperCut software vulnerability, CVE-2023-39143, that enables file manipulation and advises immediate patching to version 22.1.3 to mitigate potential risks.
Read More @ horizon3.ai
[#] The article explains how to evade EDR detection by manipulating Sysmon's minifilter altitude value in the registry, and provides mitigation strategies like creating sigma rules for Sysmon Event IDs 13 and 14.
Read More @ co.nz
[#] A security researcher uncovered a way to gain root access on older versions of macOS by mounting the filesystem with altered permissions and modifying a file not protected by System Integrity Protection, but Apple has since fixed this vulnerability.
Read More @ alter-solutions.fr
[#] The latest Tycoon 2FA phishing kit evades detection using sophisticated stealth tactics and targets organizations with AiTM attacks to bypass multi-factor authentication by harvesting Microsoft 365 session cookies.
Read More @ sekoia.io
[#] Cisco's article guides on using Umbrella APIs to detect unusual DNS requests for better network security, with tools for investigation and automation possibilities.
Read More @ cisco.com
[#] This repository provides a script for Cisco Umbrella users to identify unusual DNS requests in their network traffic by comparing company DNS queries against Umbrella's top one million domains.
Read More @ github.com
[#] The blog post details the use of Yara rules and a new Python tool for identifying and classifying .NET-based malware by analyzing metadata like MVID and Typelib GUIDs.
Read More @ blogspot.com
[#] This article discusses the detection and evasion of manually mapped rootkits in memory, focusing on device object querying, systems thread detection through APCs, and NMIs, with a mention of driver stomping as a countermeasure.
Read More @ eversinc33.com
[#] The text details User Account Control (UAC) in Windows, highlighting its security function against unauthorized changes, presenting techniques used to bypass it for privilege escalation with defensive strategies, and offering insights into internal mechanics through reverse engineering, exemplified by C++ and PowerShell code.
Read More @ hadess.io
[#] The text outlines various techniques for security testing, including exploiting group policy permissions and user privileges to gain unauthorized access within a network, and suggests methods to secure these vectors against potential attacks.
Read More @ ired.team
[#] Failsafe-go is a Go library offering tools to make applications more reliable through policies like retry, circuit breaker, rate limiting, and fallback mechanisms.
Read More @ github.com
[#] The TropChaud project portfolio introduces MetaOSINT, a detailed analysis of Open Source Intelligence (OSINT) tools and resources trends over five years, featuring interactive visualizations and a searchable database with direct links for further exploration.
Read More @ github.io
[#] Masto is a Python-based Open-Source Intelligence (OSINT) tool used to gather information on Mastodon users and instances, which can perform tasks such as finding user IDs and usernames across instances, obtaining detailed user and instance data, without the user needing to be logged into Mastodon.
Read More @ github.com
[#] A blog post details two methods to uncover hidden profile pictures on CashApp’s web version through browser developer tools or mobile view simulation.
Read More @ hatless1der.com
[#] One is an open-source intelligence (OSINT) tool that enhances research by scraping data from the web and cross-referencing newly discovered information for in-depth profiling.
Read More @ github.com
[#] The Wallet-Tracker CLI is a command-line interface tool that allows users to track blockchain wallet transactions, detect exchanges using exit nodes, visualize data with Neo4j, and obtain information on exchange wallets, with the goal of identifying fraudulent activities.
Read More @ github.com
[#] Arch Cloud Labs offers a free malware analysis course at Hack Space Con 2023, providing a hands-on experience to build skills in analyzing malware, with safety warnings not to run real samples without expertise.
Read More @ github.com
[#] PIDRILA is a fast asynchronous web path scanner created for ethical hackers, featuring proxy support and user agent randomization to scan multiple sites simultaneously.
Read More @ github.com
[#] The Social-Media-OSINT-Tools-Collection is a catalog of assorted tools designed for gathering open-source intelligence from various social media platforms.
Read More @ github.com
[#] The CSSG is a tool added to the Cobalt Strike menu that helps users generate formatted beacon shellcode with various options for encryption, encoding, and compression.
Read More @ github.com
[#] Syslifters has released an Offensive Security reporting tool called OffSec Reporting that simplifies creating pentest reports by allowing users to design in HTML, write in Markdown, and render to PDF, available for both cloud and self-hosted setups.
Read More @ github.com
[#] The repository provides tools and methods for conducting OSINT (Open Source Intelligence) on Telegram and Discord, including both external resources like search engines and Python tools, and internal methods for extracting user information.
Read More @ github.com
[#] IRBIS is a search tool that aggregates personal information from the internet, including social networks and instant messengers, and offers different service plans utilizing a promo code.
Read More @ espysys.eu
[#] The 'telegram-osint-lib' is a PHP based library designed for Open Source Intelligence (OSINT) on Telegram, enabling the creation and execution of scenarios such as tracking user presence, downloading photos, and scraping group member data.
Read More @ github.com
[#] The OSINT Notebook by tjnull offers tools, techniques, and resources for conducting online investigations, along with customizable templates and integration with the note-taking app Joplin to organize findings.
Read More @ github.com
[#] A comprehensive analysis by Gynvael Coldwind reveals a multi-stage obfuscation and backdoor insertion attack within the xz/liblzma compression software, showing the steps of data manipulation and script execution for the payload delivery.
Read More @ coldwind.pl
[#] The article explains how to use the NtSetInformationProcess function for stealthy process injection in Windows, which requires SE_DEBUG privileges and involves writing a CobaltStrike beacon and a Nirvana hook into a legitimate process's memory space.
Read More @ riskinsight-wavestone.com
[#] A patch was made for a WebP image library flaw, CVE-2023-4863, that allows overflow exploitation, affecting various browsers and requiring updates across systems.
Read More @ isosceles.com
[#] A researcher detailed an exploit enabling account hijack through Google's sign-in process, using a Cross-Site Scripting (XSS) vulnerability on login.redacted.com, by altering the OAuth response_type parameter, capturing the authorization code and state from the URL hash, and using a PHP script to complete unauthorized sign-ins.
Read More @ github.com
[#] The provided text outlines a compilation of cyber security resources, including cheatsheets, methodologies, tools, and references for penetration testing, gathered as a preparatory collection for the Offensive Security Certified Professional (OSCP) certification and general infosec practice.
Read More @ github.com

# News

[#] A Linux backdoor named DinodasRAT, which can control infected computers and steal data, was used to target users in China, Taiwan, Turkey, and Uzbekistan, with researchers advising that infected systems should remove the malware and strengthen their security protocols.
Read More @ securityaffairs.com
[#] Asus routers have been targeted by an updated TheMoon malware, infecting 6,000 devices in 72 hours, highlighting the need for regular firmware updates, disabling router remote access, strong password usage, and considering home network security solutions.
Read More @ hackread.com
[#] Linux kernels from 5.14 up to 6.6.14 have a serious privilege-escalation vulnerability, marked as CVE-2024-1086, which can be exploited for root access, and users should apply the provided patches to prevent potential system compromise.
Read More @ theregister.com
[#] United Nations peacekeeping operations in Central Africa are at risk of cyber attacks by state-sponsored actors, necessitating improved cybersecurity measures such as enhanced threat hunting, securing software supply chains, and ensuring the secure handling of sensitive data.
Read More @ darkreading.com
[#] Activision urges players to enable 2FA after an infostealer malware campaign leaks millions of gaming account credentials, with Discord users also heavily affected.
Read More @ bleepingcomputer.com
[#] Red Hat has announced a security issue in xz data compression software versions 5.6.0 and 5.6.1, potentially affecting Fedora Linux 40 and Rawhide, with the backdoor enabling unauthorized remote access, and users should revert to xz-5.4.x to stay safe.
Read More @ theregister.com
[#] An unknown group added a hidden backdoor in the xz library used by OpenSSH, which was discovered due to a performance issue, highlighting the need for better security in managing foundational open-source software.
Read More @ packetstormsecurity.com
[#] AT&T has confirmed a data breach affecting 73 million customers, originating from a 2021 incident involving ShinyHunters and recently leaked on a cybercrime forum, impacting data which may date back to 2019 and includes sensitive personal information.
Read More @ securityaffairs.com
[#] A data breach notification service called Have I Been Pwned provides an API and an RSS feed for breached websites, detailing compromised accounts, data types, and breach dates.
Read More @ haveibeenpwned.com
[#] In recent cyber security events, the Solana blockchain faced multiple wallet drains associated with trading bots, Prisma Finance was exploited for $12 million due to smart contract flaws, the LENX project experienced a $10 million rug pull possibly by a co-founder, KuCoin founders were charged with running an unlicensed money transmission business, the Munchables crypto game on Ethereum was hacked for $62.5 million but funds were returned, Curio's governance tokens were exploited resulting in a $16 million loss, Solana encountered a surge in racist meme tokens, the Lucky Star Currency project executed a second rug pull, and Rob Robb was charged with stealing $1.2 million for a fake MEV bot project.
Read More @ web3isgoinggreat.com
[#] Arch Linux has announced that their xz package versions 5.6.0-1 and 5.6.1-1 were compromised with a backdoor, and users should execute a full system upgrade or pull the latest container images to secure their systems.
Read More @ archlinux.org
[#] Humata AI recently secured $3.5 million in funding, offering a PDF management tool that summarizes and compares documents, with security features including encrypted cloud storage and role-based access control, aiming to enhance efficiency for researchers and businesses.
Read More @ vercel.app
[#] Google Drive's error message suggests a problem with the URL provided or the file's existence, and it directs users to drive.google.com/start/apps for more information on using its suite of productivity tools.
Read More @ google.com
[#] Researchers have disclosed that AMD Zen-based platforms are susceptible to Rowhammer attacks despite mitigations, with DDR4 and the first known DDR5 bit flips demonstrated, suggesting more research needed for DDR5 pattern effectiveness.
Read More @ ethz.ch
[#] Lumen Technologies' Black Lotus Labs discovered that outdated routers and IoT devices have been infected by TheMoon malware, contributing to a criminal proxy service called Faceless, and they advise regularly rebooting routers and updating devices to prevent such compromises.
Read More @ lumen.com
[#] Google's security team details their experience with preventing UDP loops in QUIC by updating servers to minimize the risk of reflected resets that can cause network overload.
Read More @ google.com
[#] Unit 42 reports a surge in StrelaStealer malware attacks, targeting email credentials across the EU and US, with updated tactics to evade detection; users should employ Advanced WildFire and Cortex XDR for protection and engage the Incident Response team if compromised.
Read More @ paloaltonetworks.com
[#] The Checkmarx Security Research Team uncovered a complex cyber attack using fake Python infrastructure, impacting over 170,000 users by exploiting software supply chains, including top.gg's GitHub repository, using methods like account takeovers and malicious package distribution, necessitating careful validation of dependencies and increased security vigilance.
Read More @ checkmarx.com
[#] OpenAI's GPT Store, slated for early 2024 launch, offers a community-driven platform for distributing and monetizing custom GPTs, similar to an App Store for AI.
Read More @ gptshunter.com
[#] GitHub Pages is not configured here; to resolve this, follow GitHub's documentation to set it up properly for your repository, organization, or user account.
Read More @ github.io
[#] Elasticsearch versions between 7.0.0 to 7.17.12 and 8.0.0 to 8.9.0 have a vulnerability causing a stack overflow and denial of service, fixed in versions 7.17.13 and 8.9.1.
Read More @ github.com

# F.A.Q

Problem

Many websites are using AI/ML to create clickbait which actually doesn't have any valuable content.

Value

I use AI to de-clickbait the clickbait by allowing AI to read my news for me. Then it creates a meaningful tldr; regarding the articles of interest which helps discern what I should read. It is saving me a ton of time.

Why

FWIW HAQ.NEWS really started out as my personal news feed, enriched by Ai, and converted into something quick and easy to read. But then I started getting requests for features like rss, Gracie got involved, and with the super-power of Ai things have taken on a life of their own.

Sharing

I currently post daily infosec news to x, linkedin, mastodon and rss.

I also post daily infosec podcasts and interviews to apple podcasts and spotify.

Ads

This isn't an Ad.

current friend of haq 2024-04-01

I want to encourage people and projects that impress me, by posting a banner linking their work, as it's my desire to help others. I do not take or make any money.

Thanks,
Jared Folkins