2024-02-27 // Today, InfoHound is an OSINT tool for passive reconnaissance on web domains, collecting data such as emails, subdomains, and files. It includes features like LLM-powered role descriptions and service account and data breach checks, with support for custom modules and export options for analysis. CVE-2024-1709 represents a vulnerability in 3CX phone systems permitting remote code execution, remediable by vendor-provided security patches. The Docker Bench for Security is a script performing CIS Docker Benchmark checks to ensure Docker container deployment best practices. A blog post outlines solution steps for the Strings challenge from Mobile Hacking Labs using techniques like static analysis and memory scanning. Advanced CyberChef techniques are explained in an article for extracting malware loader configurations, employing regular expressions and AES decryption. Another article explores kernel mode keylogging in Windows using gafAsyncKeyState, describing dynamic structure location and keystroke reading. Nidhogg is a rootkit for Windows 10 and 11 with capabilities like credential dumping, possibly tripping PatchGuard. A cybersecurity enthusiast shares experiences with a Docker SSH honeypot to monitor attack patterns. Two ebooks, The Windows Process Journey and The Linux Process Journey, delve into process mechanisms in Windows and Linux, while The macOS Process Journey covers macOS processes. "TrueBad0ur/ssh-honeypot" on GitHub is a tool mimicking an SSH server for attack data collection. The libreasy repository offers an HTML template for book details, excluding actual PDF hosting. "dockur/windows" on GitHub facilitates running Windows in Docker with varied features and user guidance. Lastly, Hackvertor is a Burp Suite extension for data conversion, available through the BApp store for integration with Burp Suite. [more...]

2024-02-26 // Today, a method is revealed to extract PEAP credentials from Windows networks by decrypting the DPAPI blob. An exploitation tool for Jenkins servers is now available to scan for CVE-2024-23897 vulnerabilities. Nathan Baggs demonstrates how to use dotPeek to reverse-engineer game code. The Troll-A utility detects sensitive data in WARC files. An approach is shared for finding an AWS Account ID via a VPC Endpoint and CloudTrail logs. A guide is provided for exploiting a Linux server and gaining control over MySQL for privilege escalation. PE-sieve has been updated for more precise shellcode detection. An AWS cloud was compromised by exploiting IAM permissions. A flaw in the Bricks Builder plugin for WordPress (CVE-2024-25600) allows remote code execution, with Nuclei template and PoC shared for detection and exploitation. Instructions are provided for building a Transformer model in PyTorch. The Ethical Hacking MindMap serves as a learning guide for newcomers. Lastly, a method to save Kali Linux terminal commands to GitHub is outlined to preserve data across VM setups. [more...]

2024-02-25 // The Windows Incident Response blog entry reviews the r77 rootkit, focusing on the vital role of understanding registry keys and values for threat hunting. SwaggerHole, a Python3 script, automates the search for secrets in SwaggerHub APIs using multithreading and JSON output. UAC-BOF-Bonanza is a GitHub repository hosting various UAC bypass methods as BOF exploits for the Havoc C2 framework and Sliver. An article demonstrates exploiting the Visual Studio build process to execute malicious commands, achieving system access and privilege elevation on Windows. Another article outlines implementing process hollowing in Windows, refining traditional code injection methods. A guide explains reverse engineering a FOSCAM camera’s firmware with SPI flash programmer and Ghidra to extract keys. Techniques to analyze and deobfuscate VM Protected and Alcatraz obfuscated binaries are shared. Brett Buerhaus revealed an XSS exploit chain involving DOM clobbering. SpawnWith is a BOF for process spawning and shellcode injection. Minder by Stacklok enhances software supply chain security with various features. HLR lookup services by ООО «СМС-центр» provide information about mobile phone numbers with third-party operator data. FileSearch.link is a service for finding files across upload sites. Various file-sharing and cloud storage websites are mentioned for data exchange research. A PDF with Geolocation Analysis Diagram from the ‘osint’ repository assists in intelligence work. A GitHub repository reveals an open-source LTE sniffer tool for LTE communication eavesdropping, necessitating legal compliance. Geo-Recon is an OSINT tool for IP geolocation and reputation checks with optional NMAP support. IP-Tracer is a command-line tool for tracking IP addresses on Linux and Termux, leveraging ip-api for information retrieval. [more...]

2024-02-24 // Today, RepoReaper is a security tool aimed at discovering exposed .git repositories for auditing. Brutespray, now written in golang, enhances service bruteforce capabilities. Monitoring Google Remote Desktop patterns can identify greyware activities. The advanced phishing tool Evilginx Pro grows alongside a community working on ethical phishing, with new updates addressing various vulnerabilities. Blacklight is a privacy tool that uncovers tracking technologies on websites, suggesting privacy-focused solutions. The comparison of anti-cheat and EDR bypasses distinguishes between gaming advantages and security evasion, with a nod towards ethical use. The “Hunting for Persistence in Linux” blog series explores defensive and offensive tactics regarding unauthorized access on Linux. Additional guides focus on Linux system persistence via account manipulation and systemd, with auditd, sysmon, and osquery for detection. An instructional post guides beginners in building C2 implants in C++, while Hetty presents an open-source HTTP toolkit with MITM features. Lastly, a cost-effective deep learning rig is constructed using second-hand hardware, overcoming technical challenges. [more...]

2024-02-23 // The LOTL repository offers a fileless, persistent reverse shell for Windows leveraging JScript and PowerShell. FlyingPhish/Nmap-Analysis is a tool for parsing Nmap XML output with GPT-powered analysis. BotD and Fingerprint Pro Bot Detection provide libraries for detecting automation tools and sophisticated bots, respectively. OpenCelliD is a community-driven cellular network database for location and coverage insights. A service tracks Vkontakte activity to uncover synchronous behavior among friends. The web-based D0x-K1t-v2 facilitates OSINT and reconnaissance. Week 13 of Web Hacking highlights an XSS vulnerability exploitation for creating a JavaScript keylogger. Techniques for bypassing Windows Defender using C# and PowerShell are explained. Android devices can automate a Rubber Ducky script for altering DNS via Tasker, while google_lure.py targets Google Docs open redirects for phishing. ScreenConnect-AuthBypass.py showcases an authentication bypass in ConnectWise SecureConnect. Horizon3.ai’s NodeZero includes a new Phishing Impact test. The DevOps Roadmap for 2024 lays out required skills for aspiring DevOps engineers. Application crash analysis involves various tools like WinDbg and procdump. TruffleHog now detects AWS canary tokens without triggering them. [more...]