2024-03-01 // Today, BestEDROfTheMarket is a lab for bypassing Endpoint Detection and Response systems, offering dynamic analysis tools. Vulnerabilities in Plixer Scrutinizer allow unauthorized access, highlighted on Atredis Partners’ GitHub. The Mail-in-the-Middle tool poses spear-phishing risks by intercepting emails. A C# PDF-exploit builder targets Foxit Reader and Adobe Acrobat vulnerabilities. A Python and Go script, URL Regex Match Counter, analyzes URL content. Apache Solr’s RCE vulnerability is demonstrated with a POC. Shelter, a Rust-based security tool, obfuscates payloads. Plate Recognizer offers ALPR solutions for vehicle management. ZeroPointSecurity/PInvoke supports projects with P/Invoke signatures. EnumSSN aids in syscall scripting by identifying System Service Numbers. [more...]

2024-02-29 // The Peaky-XD/webshell repository is a hub for webshell scripts in various languages including PHP and ASP, open to contributions under the MIT License. BALIMO LENA and PETLIBRO IoT Pet Feeders have been found to have security issues allowing for firmware extraction and unauthorized control, risking pet overfeeding through UART interface exploitation. The CanaryTokenScanner Python script aids in detecting Canary Tokens in documents and zip files to enhance cyber defense. A guide to removing Android.Waps adware from the Kirikiroid2 app using tools such as Apktool is detailed. An online tool enables the creation of fake Telegram chats for entertainment. Zeoob offers tools for simulating social media content for educational purposes. A categorized list of Telegram bots is provided for PII research and SOINT applications, emphasizing good OPSEC practices. Risks associated with unauthorized Terraform provider deployment due to exposed state files are discussed, with mitigation advice such as enabling state locking. RetinaFace, a Python library, offers features for facial detection and recognition, installable via ‘pip’ or ‘conda’. Bouncer is a bookmarklet for extracting user IDs from social media profiles. The Tosint OSINT tool extracts data from Telegram bots. jsleak is a tool for finding secrets in JavaScript files. Security measures for Nginx servers and strategies from the "BypassAV" GitHub repository for evading anti-virus and EDR systems are shared. Recommendations for enhanced system security include patch management and user education. Advanced cybersecurity techniques to attack Microsoft 365 and the open-source bpftop tool from Netflix for viewing eBPF program statistics are also mentioned. [more...]

2024-02-28 // Today, GuardioLabs offers tools for domain security and DNS improvement, while Reeder uses ChatGPT for document analysis. The “WhatsApp-Spam” repository provides educational scripts for spamming awareness. Phone lookup tools are crucial for fraud prevention and KYC compliance. Tips for phone scam protection include using instincts and research tools. The r1cksec repository and Google’s Magika address cybersecurity and file detection. CVE-MAKER aids in CVE searches. Recent cybersecurity incidents include vulnerabilities in Torrentpier and Jenkins, DLL injection threats, and the rise of Lumma Stealer malware, emphasizing the need for safe software practices and advanced security measures. [more...]

2024-02-27 // Today, InfoHound is an OSINT tool for passive reconnaissance on web domains, collecting data such as emails, subdomains, and files. It includes features like LLM-powered role descriptions and service account and data breach checks, with support for custom modules and export options for analysis. CVE-2024-1709 represents a vulnerability in 3CX phone systems permitting remote code execution, remediable by vendor-provided security patches. The Docker Bench for Security is a script performing CIS Docker Benchmark checks to ensure Docker container deployment best practices. A blog post outlines solution steps for the Strings challenge from Mobile Hacking Labs using techniques like static analysis and memory scanning. Advanced CyberChef techniques are explained in an article for extracting malware loader configurations, employing regular expressions and AES decryption. Another article explores kernel mode keylogging in Windows using gafAsyncKeyState, describing dynamic structure location and keystroke reading. Nidhogg is a rootkit for Windows 10 and 11 with capabilities like credential dumping, possibly tripping PatchGuard. A cybersecurity enthusiast shares experiences with a Docker SSH honeypot to monitor attack patterns. Two ebooks, The Windows Process Journey and The Linux Process Journey, delve into process mechanisms in Windows and Linux, while The macOS Process Journey covers macOS processes. "TrueBad0ur/ssh-honeypot" on GitHub is a tool mimicking an SSH server for attack data collection. The libreasy repository offers an HTML template for book details, excluding actual PDF hosting. "dockur/windows" on GitHub facilitates running Windows in Docker with varied features and user guidance. Lastly, Hackvertor is a Burp Suite extension for data conversion, available through the BApp store for integration with Burp Suite. [more...]

2024-02-26 // Today, a method is revealed to extract PEAP credentials from Windows networks by decrypting the DPAPI blob. An exploitation tool for Jenkins servers is now available to scan for CVE-2024-23897 vulnerabilities. Nathan Baggs demonstrates how to use dotPeek to reverse-engineer game code. The Troll-A utility detects sensitive data in WARC files. An approach is shared for finding an AWS Account ID via a VPC Endpoint and CloudTrail logs. A guide is provided for exploiting a Linux server and gaining control over MySQL for privilege escalation. PE-sieve has been updated for more precise shellcode detection. An AWS cloud was compromised by exploiting IAM permissions. A flaw in the Bricks Builder plugin for WordPress (CVE-2024-25600) allows remote code execution, with Nuclei template and PoC shared for detection and exploitation. Instructions are provided for building a Transformer model in PyTorch. The Ethical Hacking MindMap serves as a learning guide for newcomers. Lastly, a method to save Kali Linux terminal commands to GitHub is outlined to preserve data across VM setups. [more...]