# Latest Podcast
# Description
A cybersecurity researcher shares techniques for crafting XSS payloads through JavaScript event handlers and HTML entities to bypass WAFs. The SiCat tool hunts for security exploits using sources including databases like Exploit-DB. There’s a case study of a hacked Confluence server outlining the intruder's steps, utilizing Unix logs and SSH brute force tactics. Shortemall automates finding content behind Short URLs, while Damn Vulnerable RESTaurant exists for training on API vulnerabilities. Techniques for XSS attacks by modifying code to evade filters are discussed. OSINT helps in phishing scams prevention and probes. Linux by Vikku offers resources for bug bounty hunters. A SQL injection flaw in WordPress LayerSlider plugin is exposed with given detection tools. Tactics to set up rogue access points for Wi-Fi tests using Fluxion are shared. A study plan for AWS security mastery is outlined. Chimera is a PowerShell obfuscation tool to avoid AMSI and antivirus detection. A-poc/RedTeam-Tools repository features red team tools and tips. The personal security checklist advises on digital life security in various aspects. APKHunt checks Android apps against OWASP MASVS. Scanners Box offers a kit of infosec scanning tools. OpenCodeInterpreter rivals GPT-4 in code abilities, topping the BigCode leaderboard. Map Developers and Google Maps Scraper aid in business data collection. Keyhole carries out social media analytics. HAR files help analyze network issues. creepyCrawler
# Tradecraft
[#]
A cybersecurity researcher discusses methods to bypass Web Application Firewalls (WAFs) using various JavaScript event handlers and HTML entity encodings to create cross-site scripting (XSS) payloads that work across different protection systems.
[#]
SiCat is a tool for finding security exploits by searching online and local sources, including databases like Exploit-DB and Metasploit Modules.
[#]
The post details a digital forensics investigation on a compromised Confluence server, using Unix authentication and session logs to track the steps of a successful SSH brute force attack by an intruder who gains root access and installs a persistent backdoor account, which is then used to execute privileged commands.
[#]
Shortemall is a Python tool that automates scanning for the hidden content behind Short URLs, capturing screenshots and filtering results, with the latest version adding targeting for specific providers and enhanced user experience features.
[#]
Damn Vulnerable RESTaurant is a purposefully insecure Web API platform designed for teaching developers, ethical hackers, and security engineers how to find and fix common API vulnerabilities in line with the OWASP Top 10 API Security Risks 2023.
[#]
The text describes various techniques for bypassing security filters to execute cross-site scripting (XSS) attacks, highlighting specific code modifications and injection points that can evade common protective measures.
[#]
OSINT methods aid in both prevention and investigation of phishing scams by identifying suspicious elements, confirming illegitimate websites, and tracing the infrastructure used by attackers.
[#]
The channel Linux by Vikku provides various educational resources for bug bounty hunters, including courses, workshops, live hunting sessions, and free resources, aimed at enhancing their skills in finding security vulnerabilities.
[#]
The information details an unauthenticated SQL injection vulnerability in the LayerSlider plugin for WordPress versions 7.9.11 - 7.10.0, and includes a scanner script and instructions for detecting the exploit.
[#]
The article discusses how to set up rogue access points to test Wi-Fi network security using tools such as Fluxion and Wifipumpkin3, which can capture WPA handshakes and monitor network traffic.
[#]
The document outlines a comprehensive study plan for mastering AWS security, emphasizing the importance of understanding IAM, AWS core and security services, security best practices, whitepapers, and enhancing penetration testing skills through hands-on exercises and benchmarks.
[#]
Chimera is a PowerShell obfuscation tool designed to alter malicious scripts to bypass Anti-Malware Scan Interface (AMSI) and antivirus detection by breaking recognizable strings into variables and reconstructing them in the script.
[#]
This GitHub repository, A-poc/RedTeam-Tools, contains a curated collection of over 130 tools and techniques for red team activities and penetration testing, designed to aid in tasks ranging from reconnaissance to persistence, along with tips and strategies from experienced red teamers.
[#]
The personal security checklist provides steps for securing digital life across different facets, including authentication methods, web browsing, and protection of sensitive information across email, messaging, social media, networks, mobile devices, personal computers, smart home technology, personal finances, and physical security, with a focus on avoiding tracking, data collection, and social engineering risks.
[#]
APKHunt is a tool for finding security issues in Android apps by analyzing their code based on the OWASP MASVS framework.
[#]
Scanners Box is an open-source compilation of diverse security scanning tools for experts in the information security industry, featuring modules for different types of vulnerabilities and including resources not covered by familiar tools like nmap and metasploit.
[#]
OpenCodeInterpreter is an open-source system for generating, executing, and improving code based on feedback, closely competing with GPT-4's code abilities and has recently topped the BigCode leaderboard.
[#]
Map Developers offers customizable Google Maps integration tools for websites, including prebuilt functions like area and distance calculators, and the creation of maps based on user specifications.
[#]
The text details how to use a python-based tool called Google Maps Scraper to collect business profile data from Google Maps, with steps for installation, usage instructions, potential benefits, and ethical considerations.
[#]
To analyze network issues, you can inspect the data exchange between your browser and websites by reviewing a HAR file, which records this interaction and can be obtained through your browser's developer tools.
[#]
The creepyCrawler tool is an OSINT utility designed to systematically examine a website to accumulate actionable reconnaissance data like emails, social connections, and subdomains.
[#]
The PretendoNetwork's SSSL repository documents a script that patches Nintendo CA - G3 to bypass SSL verification on the Wii U by exploiting a bug introduced in the system's 5.5.5 firmware update.
[#]
KDMapper is a tool that uses the iqvw64e.sys Intel driver to load non-signed drivers into system memory, bypassing certain security checks, primarily aimed at users with advanced knowledge of driver operations and memory manipulation.
[#]
A tool called GhostMapperUM allows users to manually map an unsigned driver over signed driver memory, potentially avoiding detection by exploiting an Intel driver vulnerability.
[#]
This document provides a technical examination of the GMER anti-rootkit tool's capabilities in exposing and mitigating kernel mode rootkits in Windows systems, detailing its use, underlying principles, and methods for securing against such malware.
[#]
EDRSandblast is a C tool that uses multiple techniques, including a vulnerable signed driver, to evade Endpoint Detection and Response (EDR) systems and bypass protections like LSASS, Credential Guard, and Kernel callbacks, with various operational modes for auditing, memory dumping, and disabling monitoring features.
[#]
Plandex is an open-source, terminal-based AI coding engine that assists in automating complex software development tasks by breaking them down into subtasks and implementing them step-by-step, using the OpenAI API and based on long-running agents to manage projects in a sandboxed environment.
[#]
The post details the utilization of memory dump emulation for debugging, fuzzing crash analysis, and digital forensics by leveraging tools like Bochs, BochsCPU, and parsers like kdmp-parser and udmp-parser, providing step-by-step guidance and Python examples for effectively recreating execution environments.
[#]
The content is a Python script that sets up an emulation environment using Bochs for Windows crash dump analysis, including functions for memory operations, CPU state setup, and system call emulation.
[#]
Axel "0vercl0k" Souchet outlines the development process of a Windows snapshot-based fuzzer called 'wtf', detailing its architecture and the challenges faced during its creation aimed at fuzzing Windows applications like IDA Pro.
[#]
The article provides an in-depth guide on using Ghidra to analyze ARM firmware, including debugging, firmware unpacking, and sensor data optimization for the KatWalk C2 treadmill.
[#]
The repository on GitHub details the creation of an 8-bit computer using 74xx series logic gates and memory ICs, along with documentation, models, design files, and tools for development.
[#]
The blog post details the construction of a discrete logic computer capable of networking, with a focus on Ethernet adapter modules for SPI conversion, receiver operation with MAC address filtering, a simplified fixed-length transmitter, and a programmer's interface, all documented on GitHub.
[#]
Ivan designed and built his own discrete logic CPU with an 8-bit data bus and 16-bit address space, employing a simple set of ALU instructions and a peripheral board to interface with memory, a display, and a keyboard, and even developed his own programming language for it.
[#]
The blog post explains the process of upgrading a discrete logic ALU to perform various operations such as addition, subtraction, negation, and logical shifts through the use of multiplexers, buffers, and adder circuits, ultimately enhancing the speed and performance of the author's custom-built computer.
[#]
Reverst is a reverse-tunnel server and client library that uses the QUIC protocol and HTTP/3 for creating load-balanced and secure tunnels from services in restricted networks to the public internet.
# News
[#]
A critical vulnerability in Rust, CVE-2024-24576, enables command injection on Windows systems and will be patched in Rust 1.77.2, requiring immediate update by developers.
[#]
Microsoft Security Response Center has announced that they will start using the Common Weakness Enumeration standard to classify and publish data on the root causes of vulnerabilities in Microsoft products to improve transparency and security practices.
[#]
Group Health Cooperative of South Central Wisconsin reported a data breach in January by the BlackSuit ransomware gang, impacting over 500,000 individuals' personal and medical information, leading to increased security measures and advisories for affected parties to monitor their healthcare communications.
[#]
LG smart TVs running WebOS versions 4 through 7 had four security vulnerabilities that could let an attacker take control, but a patch released on March 22 fixes these issues, so users should update their TVs immediately.
[#]
Home Depot admitted a third-party SaaS vendor accidentally exposed associate names, work emails, and user IDs, which could lead to targeted phishing attacks; experts suggest rigorous vetting and use of encryption for SaaS providers to prevent such incidents.
[#]
Stormshield, a European cybersecurity firm, has published a technical analysis of the Crypt888 ransomware, which targets older Windows versions and uses a simple and outdated DES encryption algorithm, noting that their Breach Fighter service can detect and block this threat.
[#]
Over 340,000 individuals' data, including personal and medical information, was stolen in a cyberattack on a consulting firm working with the U.S. Department of Justice, causing an extended delay in notifying victims and prompting calls for stronger cybersecurity measures for such vendors.
[#]
US insurers are utilizing drone-captured aerial photos analyzed by AI to justify the denial of home insurance policies, prompting concerns over privacy and the accuracy of property assessments.
[#]
Researchers at Fortinet uncovered a complex phishing scheme using SVG file attachments to deploy VenomRAT and other malware via the ScrubCrypt and BatCloak obfuscation tools, with multiple evasion techniques to avoid detection.
[#]
Microsoft's April 2024 Patch Tuesday update fixed 150 security issues, including 67 that could allow remote code execution, while researchers have uncovered techniques to stealthily download files from SharePoint without triggering alarms, which Microsoft claims do not require immediate action but should be monitored by admins for unusual access patterns.
[#]
The Romanian hacker group RUBYCARP, active for over a decade, operates a botnet for crypto mining and phishing, using public exploits and brute-force attacks and leveraging IRC for communication.
[#]
Security researchers have found that around 92,000 D-Link devices are at risk due to unpatched vulnerabilities, with hackers actively exploiting them, and the best defense is to replace end-of-life devices or update to the latest firmware if available.
[#]
Smart TVs manufactured by LG were found to have severe security flaws that could allow attackers to take control and steal data; users should update their TVs immediately as patches were released in March 2024.
[#]
The 2023 breach of Microsoft Exchange attributed to China exposed senior U.S. officials' emails, with a new report criticizing Microsoft's security lapses and recommending urgent improvements to prevent similar incidents.
[#]
LG smart TVs had security vulnerabilities that could let attackers bypass protections and gain root access, which have been patched as of March 22, 2024, so users should update their TVs promptly.
[#]
The latest UK government report indicates that a majority of businesses lack an incident response plan for cyber breaches and rarely report such incidents to proper authorities, resulting in minimal preventive action taken post-breach.
[#]
The group Lazy Koala used the LazyStealer malware to steal login credentials from several countries' government agencies via phishing and Telegram, with security experts recommending staff training, layered defenses, and network monitoring as countermeasures.
[#]
A man named Matthew David Keirans admitted to using another person's identity for 35 years in all aspects of his life, which led to the real person, William Donald Woods, being wrongfully imprisoned; a DNA test eventually proved Woods' true identity and following a police interview, Keirans confessed to the identity theft.
[#]
Security expert RyotaK reveals successful DOMPurify bypass methods using XML processing instructions and CDATA sections; DOMPurify team responds with patches to close security vulnerabilities.
[#]
China is deploying generative AI to create divisive content on U.S. domestic issues and to influence foreign elections, with notable efforts seen during the U.S. presidential election and Taiwanese presidential election, as detailed in a Microsoft Threat Analysis Center report.
[#]
A critical security flaw in Fortra's Robot Schedule Enterprise Agent for Windows, identified as CVE-2024-0259, enables low-privileged users to execute code with administrative rights, and users should promptly upgrade to the patched version 3.04 to mitigate the risk.
[#]
Researchers have unravelled a sophisticated email phishing campaign using SVG file attachments to distribute multi-stage malware including Venom RAT, Remcos RAT, and crypto wallet stealers, bypassing traditional security using tools like BatCloak and ScrubCrypt.
[#]
Change Healthcare suffered a data breach in February by an ALPHV/BlackCat affiliate, leading to a $22 million ransom, which was then stolen by the ransomware group in an exit scam, and now RansomHub claims to have the same 4TB of stolen data and is threatening to sell it unless a ransom is paid.
[#]
A massive collection of data breaches from various websites has been consolidated into the Have I Been Pwned (HIBP) database, and is now accessible programmatically via the HIBP API or through the RSS feed, providing individuals and organizations with actionable security information.
[#]
Greylock McKinnon Associates experienced a data breach on May 30, 2023, affecting 341,650 individuals' personal and Medicare information from a U.S. Department of Justice civil litigation matter, and is offering two years of free identity theft protection services.
[#]
Home Depot reported a breach where a service vendor exposed 10,000 employees' details, highlighting the need for improved third-party risk management and cyber defenses.
[#]
Crowdfense, a company specializing in acquiring zero-day exploits, has expanded its budget to $30 million USD to include research on enterprise software, WiFi/Baseband, and messengers, offering up to $9 million for successful submissions of sophisticated zero-day exploits targeting various products including iPhones and Android devices.
[#]
Home Depot's workforce information was unintentionally leaked by a third-party SaaS provider during system testing and subsequently posted online, highlighting the necessity for robust data handling and security measures among vendors.
[#]
US insurance companies are using outdated and potentially inaccurately analyzed drone imagery to justify denying homeowners' insurance claims, while the use of artificial intelligence in this process raises additional concerns about privacy and accuracy.
[#]
A newly identified Vietnamese cybercrime group named CoralRaider is stealing financial and social media data in Asia through a multilayered attack using legitimate services and custom malware, while also mistakenly compromising their own systems, revealing operational details.
[#]
Microsoft's April 2024 Patch Tuesday has released fixes for 150 security issues, including 67 remote code execution vulnerabilities, while Targus disclosed a cyberattack that disrupted their operations after unauthorized file server access.
[#]
PolitiFact provides a comprehensive guide that helps discern factual news from fake by categorizing websites known for parody, imposting real news sources, or distributing outright false stories, with the ultimate goal of enhancing reader awareness and media literacy.
[#]
The Osintomático Conference 2024 is scheduled for May 17-18 in Madrid, offering two-day event tickets and various specialized bootcamp sessions from May 13-16 on topics like web investigation, digital identity creation, social engineering, and open-source blockchain scam investigations.
[#]
Microsoft Flight Simulator 2020's integration of Bing Maps and machine learning renders a detailed world, but inaccuracies limit its use for geolocation tasks in open-source investigations.
[#]
A web service called 12ft.io is now available for iOS, allowing users to remove visual distractions such as popups, banners, and ads from webpages by disabling JavaScript.
[#]
Google is updating the Phone app on Pixel devices with a 'Lookup' feature to identify unknown callers and an improved in-call UI for emergency numbers.
[#]
Microsoft researchers have unveiled "Crescendo," a multi-turn strategy that undermines language model restrictions by gradually guiding conversations to produce prohibited content, though countermeasures are in development to address such vulnerabilities.
[#]
Researchers have discovered a way to bypass language model safety measures by using large numbers of fake dialogues within a prompt, prompting AI developers to implement new prompt-based strategies to reduce attack effectiveness.
