HAQ.NEWS

// Jared Folkins

# Latest Podcast

# Description

PingRAT uses ICMP payloads to secretly pass C2 traffic through firewalls, making it undetectable by most AV/EDR solutions. No-Consolation is a Beacon Object File (BOF) that runs unmanaged PEs inline, supporting EXEs and DLLs, without creating new processes or allocating a console. A repository has a list of custom search engines for OSINT, including searches for social media and web services. A document details a proof-of-concept for using Microsoft Windows printers as a C2 channel, exploiting the Internet Printing Protocol. SqliSniper is a Python tool for detecting blind SQL injection in HTTP headers. Andy Gill examines WinSxS and DLL hijacking for initial access and privilege escalation. unch hides messages using invisible Unicode characters.

# Tradecraft

[#] PingRAT uses ICMP payloads to secretly pass C2 traffic through firewalls and is undetectable by most AV/EDR solutions.
Read More @ kitploit.com
[#] "No-Consolation" is a Beacon Object File (BOF) that runs unmanaged PEs inline and retrieves their output without creating new processes or allocating a console, supporting both EXEs and DLLs, with various options for execution and memory management.
Read More @ github.com
[#] This repository contains a curated list of custom search engines useful for open-source intelligence (OSINT) purposes, including searches for social media, web services, and various types of data from Google.
Read More @ github.com
[#] This document explains a proof-of-concept for using Microsoft Windows printers as a command and control (C2) channel by exploiting the Internet Printing Protocol, allowing attackers to maintain persistence and execute commands on a victim's network.
Read More @ github.com
[#] SqliSniper is a Python tool for detecting time-based blind SQL injection vulnerabilities in HTTP headers using multi-threaded scanning and providing alerts through Discord.
Read More @ github.com
[#] Andy Gill's post explores Windows Side-by-Side (WinSxS) and DLL hijacking, demonstrating methods to exploit these for initial access, persistence, privilege escalation, and execution, including a tool for automating the identification and exploitation of vulnerable DLLs.
Read More @ zsec.uk
[#] unch is a tool that hides messages within plaintext using invisible Unicode characters, enabling secure encoding and decoding of messages.
Read More @ github.com

# News

[#] Pro-Russia hackers launched DDoS attacks on Kosovo government websites in response to Kosovo’s support for Ukraine, causing temporary disruptions.
Read More @ securityaffairs.com
[#] A 16-year-old OpenSSL vulnerability from Debian still affects DKIM keys, compromising email security in 2024, with significant findings presented at miniDebConf Berlin.
Read More @ secvuln.info

# F.A.Q

Problem

Many websites are using AI/ML to create clickbait which actually doesn't have any valuable content.

Value

I use AI to de-clickbait the clickbait by allowing AI to read my news for me. Then it creates a meaningful tldr; regarding the articles of interest which helps discern what I should read. It is saving me a ton of time.

Why

FWIW HAQ.NEWS really started out as my personal news feed, enriched by Ai, and converted into something quick and easy to read. But then I started getting requests for features like rss, Gracie got involved, and with the super-power of Ai things have taken on a life of their own.

Sharing

I currently post daily infosec news to x, linkedin, mastodon and rss.

I also post daily infosec podcasts and interviews to apple podcasts and spotify.

Ads

This isn't an Ad.

current friend of haq 2024-05-13

I want to encourage people and projects that impress me, by posting a banner linking their work, as it's my desire to help others. I do not take or make any money.

Thanks,
Jared Folkins