# Latest Podcast
# Description
A cybersecurty hobbyist showed how to use vm2 JavaScript sandbox vulnerabilities to get into a Linux server, find a hash, and root access in a HackTheBox Codify challenge. Web cache issues, which can leak info, need careful monitoring; techniques like underscores in headers and fuzzing help prevent these attacks. The OSTE-Web-Log-Analyzer is a tool in Python for analyzing web logs to spot web attacks. C2 Cloud makes pentesting simpler with its web interface for handling backdoor sessions. To get Wi-Fi passwords from Windows after a breach, you need admin rights or the user's context, and it's suggested to not use WPA2 PSK for private networks.The Xen hypervisor got updated to fix handling of page table entries for superpages. Mahmoud Attia explains how to automate finding XSS vulnerabilities and avoid WAF detection using certain tools. A blog post explained how to create a backdoored Amazon Machine Image (AMI). Another post shows an exploit for BioTime software, allowing directory walking and code execution. A step-by-step method was given to analyze and get a malicious file from a site. MayflyHack has new cybersecurity resources like setting up a SCCM lab, network architecture, image creation, infrastructure deployment, and config management. The site itself provides tutorials for developing cyber security environments. Red Team Attack Lab uses real systems and vulnerabilities for offensive cybersecurity without cloud service costs. OpenGFW firewall is open-source, inspired by China's firewall. Using Validin, 36 phishing domains linked to Latrodectus were found. Global Socket helps to securely communicate through firewalls using encrypted traffic. Japan EQ Locator helps visualize earthquake data, available on GitHub.QuickStego hides text in images, while QuickCrypto does the same with encryption. A Local Privilege Escalation (LPE) vulnerability in macOS filesystems was discovered and patched. Samuel Groß discussed finding vulnerabilities in image format parsers that impact Apple's messenger apps. DroneXtract is softwre for analyzing DJI drone data. Articles explore Windows Containers creation and windows APIs. Web cache attacks can lead to site takeovers, but James Kettle suggests defenses like not caching error pages. FreeTube is a YouTube app for private viewing, and SearXNG is a private metasearch engine that doesn't track users.
# Tradecraft
[#]
A cybersecurity enthusiast demonstrates how to exploit four vulnerabilities in the vm2 JavaScript sandbox to gain access to a Linux server, crack a hash to escalate privileges, and leverage script weaknesses for root access on a HackTheBox Codify challenge.
[#]
Web cache vulnerabilities can expose sensitive information and should be monitored closely, with specific techniques like using underscores in headers and fuzzing with tools to identify and mitigate potential attacks.
[#]
The OSTE-Web-Log-Analyzer is a Python tool used for automating the analysis of web server logs to identify web application attacks, monitor request rates, and detect automated scanners.
[#]
The C2 Cloud is a web-based command and control framework that streamlines penetration testing by managing multiple backdoor sessions through an easy-to-use interface with support for reverse TCP, HTTP, and HTTPS shells.
[#]
Understanding and extracting Wi-Fi network passwords from Windows systems after a security breach requires either administrative privileges or the context of the user who set up the connection, highlighting the need to avoid WPA2 PSK for sensitive networks and instead use stronger, multi-factor authentication methods.
[#]
An update has been made to the Xen hypervisor to fix an issue with how page table entries (PTEs) were managed for superpages, by adjusting the conditions under which the fast path is used and ensuring the PSE bit is not improperly cleared.
[#]
Mahmoud Attia outlines a methodology for automating the discovery of XSS vulnerabilities using tools like waybackurls, gau, and Burp Suite, and offers strategies for avoiding WAF detection while testing.
[#]
A blog post demonstrates how to create and distribute a backdoored Amazon Machine Image that can compromise an AWS account, highlighting the need for caution when using or making AMIs public.
[#]
The repository details a security exploit for BioTime software, which includes multiple vulnerabilities allowing for directory traversal and potential remote code execution, demonstrated via a Python script.
[#]
The article demonstrates a step-by-step analysis of retrieving a malicious file from a website designed to redirect to a legitimate site, by mimicking a Google ad click, ultimately revealing how to obtain and decode the executable for further examination.
[#]
The Red Team Attack Lab is a virtual lab setup for offensive cybersecurity practice using realistic operating systems and vulnerabilities, which is managed locally using Vagrant and Ansible, avoiding the cost of cloud services.
[#]
The OpenGFW firewall is an open-source project inspired by China's Great Firewall, featuring full network protocol support, encrypted traffic detection, and powerful rule management for enhancing Linux security environments.
[#]
Using Validin, a passive DNS tool, 36 phishing domains associated with Latrodectus were uncovered by analyzing redirects and IP addresses, with a focus on domains redirecting to legit PDF hosting sites but used for malicious intent.
[#]
Global Socket is a tool that allows two computers in separate private networks to establish secure communication through firewalls and NAT by initiating services like SSHD on one machine and connecting from another using a secret key and strong encryption.
[#]
QuickStego is a software that lets you conceal text within images, which only users of QuickStego can decipher, though it doesn't encrypt the text and for encrypted steganography, QuickCrypto is recommended, which also conceals files within images.
[#]
A security researcher discovered a Local Privilege Escalation (LPE) vulnerability in macOS filesystems, allowing a user to gain root access by manipulating mount options, which was patched in updates from Apple for Ventura, Monterey and Sonoma.
[#]
Samuel Groß from Project Zero discusses vulnerabilities in image format parsers, particularly targeting interactionless code paths in messenger apps within the Apple ecosystem, using a low-overhead fuzzing approach to find and report multiple issues that were subsequently fixed, focusing on enhancing security by reducing attack surfaces and promoting continuous fuzz-testing by developers.
[#]
DroneXtract is a digital forensics software suite used to analyze DJI drone data for things like flight paths and telemetry, with features for visualizing data, checking data integrity, and uncovering hidden information in media files.
[#]
A technical exploration into the creation of Windows Containers reveals the process of transforming a Job Object into a Server Silo using Windows APIs, aiming to understand the system's attack surface.
[#]
This article explains the steps involved in converting a standard Job Object into a Server Silo for Windows Containers, detailing key RPC calls and Kernel mechanisms.
[#]
Web cache attacks manipulate unkeyed inputs or exploit misconfigurations, allowing attackers to serve error pages or harmful payloads, and defenses include not caching error codes or sanitizing cache configurations.
[#]
James Kettle's research presents a methodology for exploiting web cache key handling vulnerabilities to perform attacks such as site takeover and denial of service, and offers techniques to identify and exploit these vulnerabilities effectively.
[#]
FreeTube is an open-source desktop application created for viewing YouTube content privately, without ads, and without using official YouTube APIs, thereby preventing Google from tracking your cookies and JavaScript, with additional features including subscriptions without an account, various theme support, and recommendations to use a VPN or Tor for enhanced privacy.
[#]
SearXNG is a privacy-focused metasearch engine that compiles results from various search services without tracking or profiling its users, offering documentation for use and development, and is open for community contributions via GitHub.
# News
[#]
The U.S. Department of Health and Human Services advises healthcare sector IT help desks to enhance verification processes, as attackers impersonate employees to enroll rogue multi-factor authentication devices and redirect financial transactions.
[#]
Cisco has informed customers about a cross-site scripting vulnerability in end-of-life small business routers, advising to disable remote management and block relevant ports as there will be no patch released.
[#]
Cybercriminals are exploiting a critical Magento flaw, tracked as CVE-2024-20720, to plant backdoors for stealing payment data, with six individuals recently charged in Russia for related crimes, requiring merchants to apply Adobe's February security updates promptly.
[#]
Over 92,000 D-Link NAS devices are at risk due to an arbitrary command injection flaw and a hardcoded backdoor account, users should stop using these unsupported models and update to secure devices.
[#]
Terraform Labs and its founder were found guilty of fraud for lying about the stability of their Terra coin, leading to $40 billion in damages, with the founder now in custody for multiple criminal cases.
[#]
A Bing advertisement falsely representing NordVPN was discovered to distribute the SecTopRAT malware, prompting the removal of the malicious Dropbox account and an ongoing investigation into the active malvertising campaign.
[#]
Dell has patched a high-severity BIOS vulnerability impacting PowerEdge and Precision Rack servers which could have allowed unauthorized privilege escalation; users should apply the update immediately.
[#]
Cybersecurity firm Wiz.io has discovered vulnerabilities in the AI service Hugging Face that could allow attackers to execute code and access private AI models, prompting collaboration between the two companies to enhance security measures.
[#]
Panera Bread experienced a significant IT outage on March 22, affecting ordering systems and raising concerns about a potential ransomware attack, but they have resumed operations without confirming the cause.
[#]
The Kaspersky fan club forum experienced a data breach affecting 57,000 users and the Russian Prosecutor's Office was also hacked, leaking criminal records; users should reset passwords and be cautious of phishing attempts.
[#]
Magento stores are being attacked by malware exploiting CVE-2024-20720, which inserts a persistent backdoor in the XML code, along with stealing payment info, requiring merchants to scan for backdoors and update to the latest Magento versions to prevent further compromise.
[#]
Recent Windows 10 updates have disrupted Microsoft Connected Cache node discovery, but administrators can restore functionality using DOCacheHost policy configuration or Group Policies as temporary measures while Microsoft works on a solution.
[#]
Xen Security Advisory CVE-2015-7835 (XSA-148) indicates a vulnerability where Paravirtualization (PV) guests could create large writable page mappings that might allow malicious administrators to take control of a system, with patches available for Xen versions 3.4 and newer to fix the issue.
[#]
Brazilian law enforcement, trained by The Exodus Road at TraffickWatch Academy and equipped with Cellebrite's digital investigative tools, rescued a teenager from human traffickers and exposed an international criminal network.
[#]
The error message indicates that the web page you are trying to access is missing on the server, and the solution is to ensure that the URL is correct, the filename matches precisely, and proper file permissions are set.
[#]
The Linux 6.5 kernel has a vulnerability identified as CVE-2024-26630, where a pointer leak can occur due to a read-after-type-change in the cachestat() function, and users should apply the provided fix to prevent potential security breaches.
[#]
A malicious campaign has been detected by AhnLab Security Intelligence Center, exploiting Google Ads tracking to distribute malware, which impersonates legitimate installer files for apps like Notion and Slack, and injects Rhadamanthys malware into Windows system files to steal user data.
[#]
An Israeli intelligence leader accidentally revealed his identity online due to a security oversight linked to a book he published under a pseudonym about AI in warfare.
[#]
The page titled "My interesting researches" cannot be located, suggesting a need to check the website's structure or update the link to provide the intended information.
