2024-02-25 // The Windows Incident Response blog entry reviews the r77 rootkit, focusing on the vital role of understanding registry keys and values for threat hunting. SwaggerHole, a Python3 script, automates the search for secrets in SwaggerHub APIs using multithreading and JSON output. UAC-BOF-Bonanza is a GitHub repository hosting various UAC bypass methods as BOF exploits for the Havoc C2 framework and Sliver. An article demonstrates exploiting the Visual Studio build process to execute malicious commands, achieving system access and privilege elevation on Windows. Another article outlines implementing process hollowing in Windows, refining traditional code injection methods. A guide explains reverse engineering a FOSCAM camera’s firmware with SPI flash programmer and Ghidra to extract keys. Techniques to analyze and deobfuscate VM Protected and Alcatraz obfuscated binaries are shared. Brett Buerhaus revealed an XSS exploit chain involving DOM clobbering. SpawnWith is a BOF for process spawning and shellcode injection. Minder by Stacklok enhances software supply chain security with various features. HLR lookup services by ООО «СМС-центр» provide information about mobile phone numbers with third-party operator data. FileSearch.link is a service for finding files across upload sites. Various file-sharing and cloud storage websites are mentioned for data exchange research. A PDF with Geolocation Analysis Diagram from the ‘osint’ repository assists in intelligence work. A GitHub repository reveals an open-source LTE sniffer tool for LTE communication eavesdropping, necessitating legal compliance. Geo-Recon is an OSINT tool for IP geolocation and reputation checks with optional NMAP support. IP-Tracer is a command-line tool for tracking IP addresses on Linux and Termux, leveraging ip-api for information retrieval. [more...]

2024-02-24 // Today, RepoReaper is a security tool aimed at discovering exposed .git repositories for auditing. Brutespray, now written in golang, enhances service bruteforce capabilities. Monitoring Google Remote Desktop patterns can identify greyware activities. The advanced phishing tool Evilginx Pro grows alongside a community working on ethical phishing, with new updates addressing various vulnerabilities. Blacklight is a privacy tool that uncovers tracking technologies on websites, suggesting privacy-focused solutions. The comparison of anti-cheat and EDR bypasses distinguishes between gaming advantages and security evasion, with a nod towards ethical use. The “Hunting for Persistence in Linux” blog series explores defensive and offensive tactics regarding unauthorized access on Linux. Additional guides focus on Linux system persistence via account manipulation and systemd, with auditd, sysmon, and osquery for detection. An instructional post guides beginners in building C2 implants in C++, while Hetty presents an open-source HTTP toolkit with MITM features. Lastly, a cost-effective deep learning rig is constructed using second-hand hardware, overcoming technical challenges. [more...]

2024-02-23 // The LOTL repository offers a fileless, persistent reverse shell for Windows leveraging JScript and PowerShell. FlyingPhish/Nmap-Analysis is a tool for parsing Nmap XML output with GPT-powered analysis. BotD and Fingerprint Pro Bot Detection provide libraries for detecting automation tools and sophisticated bots, respectively. OpenCelliD is a community-driven cellular network database for location and coverage insights. A service tracks Vkontakte activity to uncover synchronous behavior among friends. The web-based D0x-K1t-v2 facilitates OSINT and reconnaissance. Week 13 of Web Hacking highlights an XSS vulnerability exploitation for creating a JavaScript keylogger. Techniques for bypassing Windows Defender using C# and PowerShell are explained. Android devices can automate a Rubber Ducky script for altering DNS via Tasker, while google_lure.py targets Google Docs open redirects for phishing. ScreenConnect-AuthBypass.py showcases an authentication bypass in ConnectWise SecureConnect. Horizon3.ai’s NodeZero includes a new Phishing Impact test. The DevOps Roadmap for 2024 lays out required skills for aspiring DevOps engineers. Application crash analysis involves various tools like WinDbg and procdump. TruffleHog now detects AWS canary tokens without triggering them. [more...]

2024-02-22 // Today in tradescraft, Sahil Ahamad outlines a web application security reconnaissance strategy, focusing on finding data storage and other assets. Shriyans Sudhi introduces a method for generating subdomain wordlists for cybersecurity analysis. Daniel Grzelak highlights AWS metadata enumeration techniques and security practices. Asbawy presents a strategy for identifying and exploiting a critical RCE vulnerability. Techniques for discovering and exploiting GraphQL and SQL injection vulnerabilities are detailed. SQLMap tamper scripts are explained as methods to bypass web application firewalls. An article describes using httpx and dig for subdomain takeover scenarios. A video explains the creation of shellcode for educational purposes. A Python script for exploiting a vulnerability in ConnectWise ScreenConnect is shared. Lastly, github-secrets reveals hidden or removed GitHub commits, uncovering potentially sensitive data. [more...]

2024-02-21 // Today, GMER is an anti-rootkit for Windows, specializing in detecting kernel mode rootkits and securing I/O operations, detailed on LinkedIn. A Proof-Of-Concept for CVE-2023-22098 reveals a vulnerability in VirtualBox 7.0.10, with mitigation steps on GitHub. FormThief, another GitHub project, collects spoofed login applications for Windows, aiding in credential capture during tests. Honeypage, a Go language application, creates customizable honeypots to identify malicious web activity, in pre-alpha development on GitHub. Lastly, an article from Asset-Intertech introduces WinDbg and Intel Direct Connect Interface for debugging Windows Secure Kernel on AAEON UP Xtreme i11 boards, focusing on capturing execution details without symbols. [more...]